Privacy Policy

When drafting the Terms and Conditions (T&C) for a subscription-based design agency, the specific details can vary depending on the nature of the services provided. However, there are several common elements that are typically included

Rational Exponent, Inc. Privacy Policy

Last Updated: July 21, 2025

Introduction

At Rational Exponent, Inc. (“Rational Exponent,” “we,” “us,” or “our”), we take your privacy seriously. Please read this Privacy Policy to learn how we treat your Personal Data. By using or accessing our website, applications, products, or related services (collectively, the “Site” and “Services”) in any manner, you acknowledge that you accept the practices and policies outlined below, and you consent to our collection, use, and sharing of your information as described in this Privacy Policy. Remember that your use of the Rational Exponent Site is at all times subject to our Terms of Use, and your use of Rational Exponent’s Services is at all times subject to our User Terms, each of which incorporates this Privacy Policy. Any capitalized terms used but not defined in this Policy have the meanings assigned to them in the Terms of Use. You may print a copy of this Privacy Policy. If you have a disability, you may access this Privacy Policy in an alternative format by contacting info@rationalexponent.com.

Table of Contents

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Site and Services. “Personal Data” means any information that identifies or relates to a particular individual and includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations.

This Privacy Policy does not cover the practices of companies we do not own or control or people we do not manage.

Personal Data

Categories of Personal Data We Collect

The chart below describes the categories of Personal Data that we collect and have collected over the past 12 months. (Availability of specific data elements depends on which features you use and how you interact with us.)

Category	Examples of Personal Data We Collect	Categories of Third Parties With Whom We Share
Profile or Contact Data	First & last name; email address; phone number; mailing address.	Service Providers; Advertising Partners; Analytics Partners; Business Partners.
Web Analytics	IP address; pages visited; forms accessed or downloaded; referring/exit pages; timestamps; device type; browser; interactions with our Site/Services.	Service Providers; Advertising Partners; Analytics Partners; Business Partners.
Social Network Data	Email; username/handle; public profile info (as permitted by your settings on the relevant platform).	Service Providers; Advertising Partners; Analytics Partners.
Professional or Employment-Related Data	Job title; company; role/function; industry segment.	Service Providers; Advertising Partners; Analytics Partners.
Geolocation Data	Approximate location derived from IP address or similar device/network signals.	Service Providers; Advertising Partners; Analytics Partners.
Inferences Drawn From Other Personal Data	Lead scoring; engagement level; indicative buying stage based on your interactions with our content or Services.	Service Providers; Advertising Partners; Analytics Partners.
Other Identifying Information You Voluntarily Provide	Information included in emails, support tickets, letters, chat messages, survey responses, uploaded files, or free-form form fields.	Service Providers; Advertising Partners; Analytics Partners; Business Partners.

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

You (Direct Interactions).

When you provide information directly (e.g., account registration, form fills, surveys, support requests).
When you use interactive tools, features, or Services.
When you provide information in free-form text boxes, upload files, or respond to questionnaires.
When you send us an email or otherwise contact us.

Your Use of the Site and Services (Automatic Collection).

Through cookies and similar technologies (see Tracking Tools).
Log files, device data, usage analytics.
If your browser or device is location-enabled, we may receive approximate location information.
If you download or install applications or integrations we make available, we may receive information transmitted from your device needed to provide the associated features.

Third Parties.

Vendors / Service Providers: Analytics, customer support, lead generation, data enrichment, and user-profile providers; social media platforms (subject to your settings).
Advertising Partners: Marketing and promotional service partners who help us understand how you interact with our Site, communications, campaigns, or other online properties.

Our Commercial or Business Purposes for Collecting Personal Data

We use Personal Data for the following purposes:

Providing, Customizing & Improving the Site and Services
Processing orders, subscriptions, or other transactions; billing.
Delivering the products, services, or information you request.
Meeting or fulfilling the reason you provided the information.
Providing support and assistance (including technical and customer support).
Improving the Site and Services (testing, research, analytics, product development).
Personalizing content, experiences, and communications based on your preferences or usage.
Fraud prevention, security monitoring, and debugging.
Other business purposes disclosed at collection or permitted by law (e.g., the California Consumer Privacy Act, “CCPA”).
Marketing the Services
Promoting and selling our Services.
Delivering marketing communications consistent with your preferences.
Measuring campaign performance.
Corresponding With You
Responding to your inquiries and correspondence.
Contacting you when necessary or requested.
Sending service, transactional, and administrative messages.
Sending information about Rational Exponent or the Site / Services consistent with your choices.
Meeting Legal Requirements & Enforcing Legal Terms
Complying with applicable laws, regulations, court orders, or legal process.
Preventing, detecting, and investigating security incidents, fraud, or potentially illegal or prohibited activities.
Protecting the rights, property, or safety of you, Rational Exponent, or others.
Enforcing agreements with you.
Responding to claims that content violates third-party rights.
Resolving disputes.

Notice of Future Use Changes

We will not collect additional categories of Personal Data or use previously collected Personal Data for materially different, unrelated, or incompatible purposes without providing you notice (and obtaining consent where required).

We disclose Personal Data to the categories of service providers and other parties described below. Depending on the privacy law that applies to you, some disclosures may be deemed a “sale” or “sharing” of Personal Data. See jurisdiction-specific sections for details.

Service Providers

Help us operate the Site and Services or perform business functions on our behalf. Examples:

Hosting, cloud infrastructure, and storage providers.
Technology, communications, and customer-support platforms.
Payment processors (if applicable).
Analytics and data-enrichment vendors.

Advertising Partners

Assist with marketing, retargeting, campaign measurement, and interest-based advertising.

Analytics Partners

Provide analytics on traffic, referrals, usage patterns, feature adoption, and campaign performance.

Business Partners

Work with us on joint offerings, integrations, co-marketing activities, events, or bundled solutions.

Legal Obligations

We may share Personal Data with third parties as reasonably necessary to satisfy any of the activities described under Meeting Legal Requirements & Enforcing Legal Terms above.

Business Transfers

If we undergo a merger, acquisition, reorganization, financing, bankruptcy, receivership, or sale of all or a portion of our assets, Personal Data may be transferred to a successor or affiliate as part of the transaction. We will use reasonable efforts to notify you before your Personal Data becomes subject to a different privacy policy.

Data That Is Not Personal Data

We may create aggregated, de-identified, or anonymized data from Personal Data we collect (by removing or obfuscating information that directly identifies you). We may use and share such data for lawful business purposes—including analytics, product development, and business intelligence—provided that we will not share it in a form that reasonably identifies you.

Tracking Tools, Advertising, and Opt-Out

We use cookies and similar technologies (collectively, “Cookies”)—including pixel tags, web beacons, clear GIFs, and JavaScript—to recognize your browser or device, learn how and when you visit and use the Site and Services, analyze trends, understand our user base, improve performance, and support our marketing efforts. Cookies are small data files placed on your computer, tablet, phone, or similar device when you access a website or online service.

We may supplement information collected via Cookies with data from third parties that have placed their own Cookies or tracking technologies on your device(s). Because of how we use Cookies, the Site and Services do not currently respond to browser “Do Not Track” signals.

Types of Cookies We Use

Performance / Analytical Cookies

Help us understand how visitors use the Site and Services (pages visited, time on site, navigation patterns, interaction events) and measure the performance of our marketing campaigns so we can improve relevance and user experience. For example, we may use Google Analytics. Google’s collection and use of data via Google Analytics is subject to the Google Analytics Terms of Use and the Google Privacy Policy.

Managing Cookies

You can control Cookie acceptance through your browser settings. Most browsers allow you to:

Block new Cookies;
Receive prompts before accepting Cookies;
Disable existing Cookies; and/or
Delete Cookies already stored on your device.

If you delete or block Cookies, some preferences may need to be reset manually each visit, and certain features of the Site or Services may not function properly.

For more information about Cookies—including how to manage or delete them—visit: http://www.allaboutcookies.org/ If you are in the European Union/UK: https://ico.org.uk/for-the-public/online/cookies/

Google Opt-Out Options

Google advertising opt-out: http://www.google.com/privacy_ads.html Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout/

Data Security and Retention

We employ physical, technical, organizational, and administrative safeguards designed to protect Personal Data against unauthorized access, use, alteration, and disclosure, taking into account the nature of the data and the processing we perform. However, no method of transmission over the Internet or method of electronic storage is fully secure; we cannot guarantee absolute security.

We retain Personal Data for as long as necessary to provide the Services and fulfill the purposes described in this Policy. We may retain certain information for longer if required to:

Comply with legal obligations;
Resolve disputes;
Enforce agreements;
Collect fees owed; or
Otherwise permitted or required by applicable law.

We may also retain data in anonymized or aggregated form where the information no longer reasonably identifies you.

Personal Data of Children

As described in our Terms of Use, we do not knowingly collect or solicit Personal Data from children under 18 years of age. If you are under 18, please do not attempt to register for or use the Site or Services or send us Personal Data.

If we learn that we have collected Personal Data from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided Personal Data to us, please contact info@rationalexponent.com.

California Resident Rights

If you are a California resident, you have the rights described in this section under the California Consumer Privacy Act (CCPA), as amended (including the CPRA), and other applicable California privacy laws. Please see Exercising Your Rights below for instructions.

Service Provider vs. Business Note: In some cases we process Personal Data on behalf of our enterprise customers (e.g., if our Services handle data they upload). When acting as a service provider/processor, we act at the direction of that customer; requests relating to such data should be directed to the customer that originally collected it.

Where this section conflicts with any other part of the Privacy Policy and you are a California resident, the more protective portion controls (to the extent of the conflict).

If you have questions about this section or whether it applies to you, contact info@rationalexponent.com.

Access (Right to Know)

You may request that we disclose the following, covering the 12 months preceding your request (and, where required by law, going beyond 12 months):

Categories of Personal Data collected about you.
Categories of sources from which Personal Data was collected.
Business or commercial purposes for collecting, sharing, or selling Personal Data.
Categories of third parties to whom we disclosed Personal Data.
Specific pieces of Personal Data collected about you (data portability).
If Personal Data was disclosed for a business purpose: categories of Personal Data disclosed and categories of recipients.
If Personal Data was “sold” or “shared” (as defined under California law): categories involved and categories of recipients.

Deletion

You may request that we delete Personal Data we collected from you. Certain exceptions apply (e.g., to complete transactions you requested; detect security incidents; comply with law; enable internal uses aligned with consumer expectations). If an exception applies, we may deny your request (in whole or part) and will explain why.

Exercising Your Rights

To submit a request (or to authorize an agent to act for you), please provide information sufficient for us to verify your identity (e.g., name, company, and business email address, plus additional data if needed) and describe your request with enough detail for us to understand and respond.

We treat each properly submitted request that meets these criteria as a “Valid Request.” We will only use information in a Valid Request to verify and fulfill it. You do not need an account to submit a Valid Request.

Response Time: We aim to respond within 45 days of receipt (or the statutory time, with possible extension where permitted). Fees: We do not charge a fee unless a request is excessive, repetitive, or manifestly unfounded. If a fee is warranted, we will notify you before completing the request.

Submit a Valid Request via:

Email: info@rationalexponent.com
Online form: https://www.rationalexponent.com/contact

Authorized Agents: If you designate an Authorized Agent, you must provide written permission authorizing the agent to act on your behalf. We may require the agent to submit proof of authorization and may request that you verify your own identity directly with us.

We do not sell your Personal Data, and to our knowledge we have not sold Personal Data in the preceding 12 months. We also do not knowingly sell the Personal Data of individuals under 18 years of age.

If in the future our practices change such that “sale” or “sharing” (as defined under California law) would occur, we will update this Policy and provide appropriate mechanisms to opt out (or opt in, where required).

Non-Discrimination

We will not discriminate against you for exercising your rights under the CCPA. We will not deny goods or services, charge different prices, or provide a different level or quality of Services solely because you exercised a privacy right. Where permitted by law, we may offer different tiers of Services or incentives reasonably related to the value of Personal Data you provide.

Other State Law Privacy Rights

California “Shine the Light” (Cal. Civ. Code §§1798.83–1798.84)

California residents may request certain information regarding disclosure of Personal Data to third parties for their direct marketing purposes. To submit such a request, contact info@rationalexponent.com.

Nevada Resident Rights

Nevada residents may opt out of the sale of certain Personal Data to third parties who will license or sell that data. To exercise this right, email info@rationalexponent.com with the subject line: “Nevada Do Not Sell Request.” Please include your name. As noted above, we do not sell Personal Data.

(If you need coverage for Virginia, Colorado, Connecticut, Utah, or other U.S. state privacy laws, let me know and I will extend this section.)

European Union / UK / EEA Data Subject Rights

Scope

If you are a resident of the European Union (“EU”), the United Kingdom (“UK”), Liechtenstein, Norway, or Iceland (collectively, the “European Region”), you may have additional rights under the EU/UK General Data Protection Regulation (“GDPR”) with respect to your Personal Data.

For this section, “Personal Data” and “processing” have the meanings given in the GDPR (broadly: any data that identifies an individual; any operation performed on data). Rational Exponent is the controller of Personal Data processed in connection with the Site and Services (except where we act as a processor to enterprise customers—see note below).

Where this section conflicts with other parts of this Policy, the more protective portion controls (to the extent of the conflict). Questions? Contact info@rationalexponent.com.

Controller vs. Processor Note: When enterprise customers upload or integrate data into our Services, we generally act as a processor (service provider) and process that data at the customer’s direction. In those cases, the customer’s privacy notice governs.

Personal Data We Collect

See Categories of Personal Data We Collect.

How We Use Personal Data / Processing Grounds

See Our Commercial or Business Purposes for Collecting Personal Data. Under GDPR, we rely on one or more of the following lawful bases:

Contractual Necessity – Required to perform under our Terms of Use or other agreement with you. Applies to, for example:
- Contact information (to create/manage your account).
- Employment / professional data where needed for account tiering or enterprise licensing.
- Social / identity data used to authenticate sign-ins.
- IP or device data needed to provide secure access.
Legitimate Interests – Pursued by us or a third party, balanced against your rights. Examples include:
- Providing, customizing, and improving the Site and Services.
- Marketing (where permitted by law and subject to opt-out).
- Corresponding with you.
- Ensuring security, fraud detection, and abuse prevention.
- Meeting legal requirements and enforcing terms.
- Supporting or completing corporate transactions (e.g., mergers).
Consent – Where required (e.g., certain marketing emails in the EU/UK; optional data integrations; cookies beyond strictly necessary categories). When consent is the basis, you will be asked affirmatively, and you may withdraw at any time.
Legal Obligation – Where processing is necessary to comply with law (e.g., tax, regulatory, recordkeeping, lawful requests).
Vital Interests / Public Interest – Rare; used only if necessary to protect you or others, or for tasks in the public interest as permitted by law.

Your EU/UK/EEA Data Subject Rights

Subject to applicable law, you may have the following rights. To exercise them, email info@rationalexponent.com (please indicate “GDPR Request” in the subject line and specify your country of residence).

Access (Right of Access): Request details about the Personal Data we hold and obtain a copy.
Rectification: Request correction of inaccurate or incomplete Personal Data.
Erasure (“Right to be Forgotten”): Ask us to delete some or all Personal Data (subject to legal retention exceptions).
Withdraw Consent: Where processing is based on consent, withdraw it at any time (without affecting prior lawful processing).
Portability: Request a machine-readable copy of Personal Data you provided and/or ask us to transmit it to another controller where technically feasible.
Objection: Object to processing based on legitimate interests (including direct marketing). We will honor marketing objections absolutely; other objections will be assessed under GDPR balancing tests.
Restriction: Request that we limit processing while a dispute (e.g., accuracy, legality) is resolved.
Complaint: You have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU/EEA DPAs is available from the European Data Protection Board; UK residents can contact the Information Commissioner’s Office (ICO).

Changes to this Privacy Policy

We are continually improving our Site and Services and may update this Privacy Policy from time to time. When we make material changes, we will notify you by: (1) posting the updated Policy on our website; (2) sending an email notification if you have provided an email address; and/or (3) using another reasonable method required or permitted by law.

If you have opted out of receiving legal notice emails (or have not provided an email address), posted notices on the Site will still govern your use, and you remain responsible for reviewing them. Your continued use of the Site or Services after an updated Privacy Policy is posted indicates your acceptance of the changes. The version of the Policy in effect at the time Personal Data is collected governs that data’s use.

Contact Information

If you have questions or comments about this Privacy Policy; if you want to exercise a privacy right; or if you wish to lodge a concern about how your Personal Data is handled, please contact us:

Online: https://www.rationalexponent.com/contact
Email: info@rationalexponent.com

If you are contacting us about a specific privacy right (e.g., CCPA, GDPR, Nevada opt-out), please note the applicable law in the subject line to help us route your request efficiently.