Palazzo, Inc. — Effective Date: February 26, 2026 | Version: v1.0
Palazzo, Inc. (“Palazzo,” “we,” “our,” or “us”) is a Delaware corporation committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information when you visit palazzo.ai, use our AI-powered marketing platform, or otherwise interact with our services (collectively, the “Services”). It also describes your rights and choices regarding your information depending on where you are located.
This Policy applies globally. Where local laws impose additional requirements, we describe those requirements in jurisdiction-specific sections below. By using our Services, you acknowledge that you have read and understood this Policy.
We collect information you voluntarily provide, including when you register for an account, request a demo, subscribe to communications, complete forms, purchase a subscription, or contact support. This may include your name, business email address, company name, job title, phone number, billing and payment information, and any other details you choose to share.
When you access our Services, we automatically collect technical and behavioral data, including:
We may receive information about you from third-party sources, including marketing data providers and lead enrichment services, social media platforms (e.g., LinkedIn, Meta) when you engage with our advertising or connect your accounts, CRM and marketing automation integration partners, and analytics and advertising technology vendors.
As an AI-powered platform, Palazzo generates inferred attributes and derived insights from the data you provide or that we collect. This includes audience segments, persona scores, purchase intent signals, content performance predictions, and lookalike profile characteristics. These inferences are used to power platform features and improve our AI models. Inferred data is not sold to third parties.
You may upload or connect first-party data about your own customers, prospects, or contacts to use with our platform features (“Customer Data”). Palazzo processes Customer Data on your behalf as a data processor. You remain the data controller for Customer Data and are responsible for ensuring you have lawful basis and appropriate consents to share that data with us. Processing of Customer Data is governed by our Data Processing Agreement (DPA), available upon request.
Palazzo does not use Customer Data to train generalized AI models for the benefit of other customers except in aggregated or de-identified form. Your Customer Data is never used to improve outputs for other customers in a form that could identify your business or your customers.
Palazzo does not knowingly collect sensitive categories of personal data such as health or medical information, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, or data concerning sexual orientation, unless you explicitly provide such information and we have disclosed and obtained appropriate consent for its processing.
We use the following categories of cookies and similar tracking technologies:
You may control cookies through our cookie consent banner (presented on first visit), your browser settings, or opt-out tools provided by third parties such as the NAI opt-out tool and the DAA's YourAdChoices. Note that disabling non-essential cookies may affect platform functionality.
Some browsers offer a Do Not Track (DNT) signal. We currently do not alter our data collection or use practices in response to DNT signals. However, we do honor Global Privacy Control (GPC) signals as an opt-out of the sale or sharing of personal information for California residents, as required under CCPA/CPRA.
Third-party advertising and analytics partners may independently set cookies on your device when you visit our website. We do not control these third-party cookies. Please refer to the privacy policies of those third parties for more information.
We use collected information for the following purposes and legal bases (where applicable):
Palazzo's platform enables automated processing of personal data to generate audience segments, content recommendations, campaign optimizations, and targeting decisions. Where these automated processes produce outputs that may significantly affect individuals, we rely on customer instructions and their lawful basis as data controllers. As a platform user, you are responsible for ensuring your use of automated features complies with applicable laws, including GDPR Article 22.
Individuals whose data has been used in automated profiling may have the right to obtain human review of significant decisions, object to automated processing, or request an explanation of the logic involved. If you are an end-user of a Palazzo customer's campaign, please contact that customer directly. If you are a Palazzo platform user with questions about our own automated processing, contact us at legal@palazzo.ai.
We do not sell your personal information. We may share your information in the following circumstances:
We share data with vetted third-party vendors (subprocessors) who process data on our behalf, including cloud infrastructure providers (e.g., AWS, GCP), payment processors, analytics and observability platforms, customer support software, and email delivery services. All subprocessors are bound by data processing agreements and may not use data for their own independent purposes.
A current list of our subprocessors is available upon request by contacting legal@palazzo.ai. We will provide advance notice of material changes to our subprocessors where required under applicable data protection law, including providing enterprise customers with the opportunity to object to new subprocessors before their engagement.
If you connect Palazzo with third-party platforms such as Salesforce, HubSpot, Meta Ads, Google Ads, LinkedIn Marketing Solutions, or TikTok for Business, we share data as directed by you to enable those integrations. Your use of connected platforms is subject to their respective privacy policies and terms.
We may disclose information if required by law, regulation, subpoena, or court order, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Palazzo, our users, or the public.
In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice via email or website posting before your data becomes subject to a materially different privacy policy.
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, benchmarking, industry analysis, or product improvement purposes.
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, subject to the following general guidelines:
Aggregated, de-identified data may be retained indefinitely. You may request deletion of your personal information at any time, subject to our legal retention obligations.
We implement technical and organizational security measures appropriate to the risk, including TLS/SSL encryption for all data in transit, AES-256 encryption for data at rest, role-based access controls and least-privilege principles, multi-factor authentication for all internal systems, regular third-party security audits and penetration testing, and SOC 2 Type II-aligned operational practices.
Customers using organization accounts may configure role-based access controls within their account to manage user permissions and data visibility across their teams. Enterprise customers should contact us to discuss available access management configurations.
In the event of a personal data breach, we will notify affected users and relevant supervisory authorities as required by applicable law. Under GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. Under applicable US state laws, we will provide notification within legally required timeframes. Notices will be provided via email to your registered address and/or prominent notice on our website.
Regardless of your location, you may request access to, correction of, or deletion of your personal information by contacting us at legal@palazzo.ai. We will respond within 30 days. We may need to verify your identity before processing your request.
California residents have the right to know what personal information is collected, used, disclosed, or sold; request deletion of personal information; request correction of inaccurate personal information; opt out of the sale or sharing of personal information for cross-context behavioral advertising (we do not sell data; you may opt out of sharing via our cookie banner or by honoring GPC signals); limit the use of sensitive personal information (not currently collected); and be free from discrimination for exercising these rights. To submit a verifiable consumer request, contact us at legal@palazzo.ai. We will respond within 45 days, with an extension of up to 45 additional days where reasonably necessary.
If you are located in the EU, EEA, or United Kingdom, you have the right to access your personal data; rectify inaccurate data; request erasure; restrict or object to processing; request data portability; and object to automated decision-making or profiling. Our legal bases for processing include contractual necessity, legitimate interests, consent, and legal obligation. Where we rely on legitimate interests, you may object at any time. To exercise your rights or contact our Data Protection Officer, email legal@palazzo.ai. You have the right to lodge a complaint with your national data protection authority.
Canadian residents, including those in Quebec subject to Law 25, have the right to access and correct personal information, withdraw consent to certain processing activities, request deletion where we no longer have a legitimate purpose for retention, and be informed of automated decision-making that produces significant effects. Quebec residents also have the right to data portability and to be informed of the use of personal information in profiling. Contact us at legal@palazzo.ai.
If you are located in Brazil, the LGPD grants you the right to confirm the existence of processing, access your data, correct inaccurate data, request anonymization or deletion, request data portability, receive information about sharing partners, and revoke consent. Our legal bases under LGPD include consent, legitimate interest, contractual obligation, and legal compliance. Contact our DPO at legal@palazzo.ai.
If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the right to access and correct personal information and to complain to the Office of the Australian Information Commissioner (OAIC). We will respond to requests within 30 days.
If you are located in India, the Digital Personal Data Protection Act 2023 grants you rights as a Data Principal, including the right to access information about processing, correct and update personal data, request erasure, and nominate a representative. We process personal data of Indian residents based on consent or legitimate uses as defined under the DPDP Act. Contact us at legal@palazzo.ai.
If you are located in the People's Republic of China, the Personal Information Protection Law (PIPL) grants you rights including the right to know about and decide on processing, restrict or refuse processing, access, copy, transfer, correct, and delete your personal information, and request an explanation of automated decision-making rules. We comply with PIPL requirements including standard contracts and security assessments for cross-border transfers. Contact us at legal@palazzo.ai.
Palazzo is headquartered in the United States. When you access our Services from outside the US, your personal information may be transferred to and processed in the United States or other jurisdictions. We use the following safeguards:
You may request a copy of applicable transfer mechanisms by contacting legal@palazzo.ai.
Our Services are intended for business users and are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a minor without appropriate consent, we will delete it promptly. Contact us at legal@palazzo.ai if you believe we have inadvertently collected information from a minor.
Our Services may contain links to or integrations with third-party websites, applications, and services. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review their privacy policies before engaging with them.
We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' advance notice by posting the updated policy with a revised effective date and, where required by law, sending email notification to your registered address. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Palazzo, Inc.
Attn: Privacy & Data Protection Team
Email: legal@palazzo.ai
Website: palazzo.ai
For EU/UK matters, you may also contact our designated EU Representative or UK Representative. Details are available upon request at legal@palazzo.ai.