slim.io Inc. ("slim.io," "we," "us," or "our") provides data security infrastructure for cloud, SaaS, and database environments, including automated PII detection, policy enforcement, redaction, and compliance tooling. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our website at slim.io and any related web properties we operate (collectively, the "Site").
This Policy does not govern data that our customers process through the slim.io platform itself. If you are a customer using our infrastructure products, the terms of your customer agreement — including the applicable data processing addendum — govern that processing. This Policy applies only to information we collect directly through our Site and marketing activities.
Given the nature of our business, we apply the same rigor to our own data handling that we build into our products. The commitments in this Policy reflect that standard.
The following terms have specific meanings throughout this Policy:
We collect information you provide directly when you interact with forms on our Site. This includes:
We do not require a phone number to submit any form on our Site. Where a field is marked optional, providing that information is at your discretion.
Our web servers generate access logs when you visit the Site. Each log entry contains: IP address, timestamp, HTTP method and request path, HTTP status code, bytes transferred, browser User-Agent string, and referring URL (if present). These logs are generated at the infrastructure level and are not dependent on cookie consent.
We also derive the following from the data above: browser type and version, operating system, and an approximate geographic location based on IP address (typically at the city or region level). We do not correlate this geographic data with other identifying information to build individual profiles.
We may receive business contact information — name, work email, job title, and company — from referral partners or technology integration partners when you have interacted with their services in a context that references slim.io (for example, clicking through from a partner's integration directory). We do not purchase contact lists from data brokers or list vendors. Any information received from third parties is subject to the same handling standards as information you provide directly.
We use the information described in Section 2 for the following purposes:
We do not use personal information to make automated decisions that produce legal or similarly significant effects without human involvement.
If you are located in the European Union, European Economic Area, or the United Kingdom, we are required under the GDPR (or UK GDPR, as applicable) to identify a legal basis for each purpose for which we process your Personal Data. The table below sets out those bases.
| Processing Purpose | Legal Basis |
|---|---|
| Responding to demo requests, pricing inquiries, and correspondence | Legitimate interests (Article 6(1)(f)) — we have an interest in responding to prospective customers who have affirmatively reached out to us. |
| Scheduling and conducting product demonstrations | Legitimate interests (Article 6(1)(f)); or performance of pre-contractual steps at your request (Article 6(1)(b)) where a trial or agreement is being contemplated. |
| Providing product trials | Performance of a contract or pre-contractual steps (Article 6(1)(b)). |
| Transactional communications related to your inquiry | Legitimate interests (Article 6(1)(f)) — you have initiated the interaction and reasonably expect follow-up. |
| Marketing communications (product updates, announcements, promotions) | Consent (Article 6(1)(a)) — you may withdraw consent at any time by unsubscribing or contacting privacy@slim.io. Withdrawal does not affect the lawfulness of processing prior to withdrawal. |
| Site security, performance monitoring, and fraud prevention | Legitimate interests (Article 6(1)(f)) — we have an interest in maintaining a secure and functional website. |
| Complying with legal obligations | Legal obligation (Article 6(1)(c)). |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms, taking into account the nature of the data involved, the limited intrusiveness of the processing, and your reasonable expectations when interacting with a business website. You may request a copy of our legitimate interests assessment by contacting privacy@slim.io.
We do not sell, rent, or trade your personal information to any third party.
We engage third-party service providers to help operate the Site and conduct our business. These providers act as Processors under written data processing agreements and may process personal information only on our documented instructions. Categories of service providers include:
We require each service provider to implement technical and organizational security measures appropriate to the data they handle and to delete or return personal data upon termination of the engagement.
If slim.io is involved in a merger, acquisition, asset sale, or other corporate reorganization, personal information held by us may be among the assets transferred to the successor entity. In such a case, we will provide notice on this Site before personal data becomes subject to a materially different privacy policy, and — where required by applicable law — we will obtain consent or provide an opportunity to opt out.
We may disclose personal information to government authorities, regulators, or law enforcement in response to a valid subpoena, court order, regulatory demand, or other legal process. Where permitted by applicable law and consistent with our legal obligations, we will notify affected individuals before complying with such a request. We review all legal process requests for facial validity and will challenge requests we believe to be overbroad or legally deficient.
We do not share personal information with advertising networks, data brokers, or any third party for the purpose of targeting advertisements to you on other platforms or websites.
slim.io Inc. is incorporated in the United States, and our primary server infrastructure is located in the United States. If you are accessing the Site from the European Union, European Economic Area, United Kingdom, or any other jurisdiction with legal restrictions on cross-border data transfers, your personal information will be transferred to and processed in the United States, which may not afford the same level of data protection as your home jurisdiction.
For transfers of personal data from the EU or EEA to the United States, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Commission Implementing Decision (EU) 2021/914. Where applicable, we implement the controller-to-processor module of the SCCs in our agreements with sub-processors.
For transfers of personal data from the United Kingdom to the United States, we rely on the UK International Data Transfer Agreement (IDTA) issued by the UK Secretary of State, or the UK Addendum to the EU SCCs, as applicable to the specific transfer.
You may request a copy of the applicable transfer mechanism governing your personal data by contacting privacy@slim.io. We will provide this documentation within a reasonable time, subject to any confidentiality obligations in the underlying agreements.
We retain personal information for no longer than is necessary to fulfill the purposes described in this Policy, subject to our legal obligations. Our standard retention periods are:
When a retention period expires and no legal hold or other obligation requires continued retention, we either securely delete the data (using methods that render it unrecoverable) or irreversibly anonymize it such that it can no longer be attributed to an individual.
If you are located in the European Union, European Economic Area, or United Kingdom, the GDPR (and UK GDPR, as applicable) grants you the following rights with respect to your personal data:
We will respond to verified requests within 30 calendar days of receipt. Where a request is complex or we have received a high volume of requests, we may extend this period by up to an additional 60 days (90 days total), in which case we will notify you of the extension and the reason for it within the initial 30-day period.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
To submit a verifiable consumer request under the CCPA, contact privacy@slim.io with the subject line "CCPA Request". We will respond within 45 calendar days of receipt, with one 45-day extension available where reasonably necessary.
To exercise any of the rights described in this Section, submit a written request to privacy@slim.io. To protect your information and the information of others, we may need to verify your identity before processing a request. Verification typically requires that you submit your request from the email address associated with the data in question, or provide other identifying information sufficient to confirm you are the data subject.
We will not fulfill requests that would require disclosure or deletion of information we are legally required to retain, that would adversely affect the rights and freedoms of other individuals, or that we reasonably cannot verify. Where we decline to act on a request, we will notify you of the reason and any available remedies, including your right to lodge a complaint with a Supervisory Authority.
We implement technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Current measures include:
In the event of a personal data breach that poses a risk to the rights and freedoms of affected individuals, we will notify the relevant Supervisory Authority within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay, in each case where required by applicable law. Notification will include a description of the nature of the breach, the categories and approximate number of data subjects and records affected, likely consequences, and measures taken or proposed.
No method of data transmission or storage is entirely free of risk. If you have reason to believe that your interaction with the Site has been compromised, or if you identify a security vulnerability, contact security@slim.io immediately.
Our Site uses only technically necessary cookies. Specifically, we set a session cookie when you interact with forms on the Site for the purpose of CSRF (cross-site request forgery) protection — a standard security control that verifies form submissions originate from our Site. This cookie does not track your browsing activity across sessions or across other websites, and it is deleted when your browser session ends.
We do not use:
You may configure your browser to refuse all cookies or to notify you when a cookie is being set. Refusing the CSRF session cookie may prevent form submissions from functioning correctly. It will not otherwise impair your ability to access or read the Site.
The Site and slim.io's services are directed to businesses and their employees. We do not knowingly collect personal information from individuals under 18 years of age. If we discover that we have collected personal information from a minor, we will delete that information promptly. If you believe we have inadvertently collected information from a minor, contact privacy@slim.io and include sufficient detail to locate the relevant record.
The Site may contain links to third-party websites and services, including our documentation portal, integration partner directories, and resources hosted on external platforms. This Policy applies only to personal information processed by slim.io through this Site. We are not responsible for the privacy practices of third-party sites and do not control how they collect, use, or protect information. We encourage you to review the privacy policies of any third-party site before providing personal information.
We may update this Policy from time to time to reflect changes in our data practices, the services we offer, or applicable legal requirements. When we make changes, we will update the "Last Updated" date at the top of this page.
Where a change is material — meaning it affects the categories of data we collect, the purposes for which we use it, the parties with whom we share it, or your rights — we will provide additional notice where practicable, which may include sending an email to contacts in our database or posting a notice on the Site. For marketing contacts, where the change would require fresh consent, we will seek that consent before the updated processing begins.
Your continued use of the Site after a policy update becomes effective constitutes acknowledgment of the updated Policy, to the extent permitted by applicable law.
Questions about this Policy or our data handling practices should be directed to:
We will acknowledge receipt of your message within 5 business days and will provide a substantive response within the timeframes specified in Section 8, unless a shorter period is required by applicable law.
We are evaluating whether the scale of our data processing activities triggers an obligation to designate a Data Protection Officer (DPO) under Article 37 GDPR. If we appoint a DPO, their contact information will be published in an updated version of this Policy and made available to relevant Supervisory Authorities.
If you are located in the EU or EEA and believe we have not adequately addressed a concern about your personal data, you have the right to lodge a complaint with your local data protection Supervisory Authority. A list of EU/EEA Supervisory Authorities and their contact information is maintained by the European Data Protection Board at edpb.europa.eu.
If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
We would ask that you contact us at privacy@slim.io before filing a complaint with a Supervisory Authority, so that we have an opportunity to address your concern directly. This is not a precondition to filing a complaint; it is a request.