Last Modified Date: November 17th, 2025
This Privacy Policy (“Policy”) explains how Raftelis (“Company,” “we,” or “our”) collects, uses, protects, transfers, and discloses information obtained from individuals (“you” or “End Users”) who use https://www.raftelis.com/ (the “Website”) or use our software-as-a-service platform and related tools (“Services”).
We are committed to protecting your privacy and handling your personal information responsibly. This Policy supports compliance with applicable regulations, including NIST cybersecurity best-practice principles and SEC expectations around data protection, disclosure, and incident response.
We may collect the following categories of information:
A. Information You Provide Directly
This includes your name, company name, business email address, phone number, and account credentials. We also collect information voluntarily submitted through:
B. Automatically Collected Information
We automatically collect usage details when you interact with our website or Services, such as: IP address, browser type, device identifiers, date/time of access, pages visited, and cookie/tracking data.
C. Internet Cookies
Cookies are small files stored on your device. You may disable cookies through your browser settings.
D. Mobile Messaging & Consent
Participation in our mobile messaging programs is voluntary and requires express opt-in consent. Mobile information (originator data and consent) will not be shared with third parties or affiliates for marketing or promotional purposes. You may opt out at any time by replying STOP.
We use collected information to: Provide, maintain, and improve our Services; Authenticate user access; Respond to inquiries; Communicate updates; Manage billing; Ensure compliance with contractual and legal obligations; and protect our systems and prevent fraud.
We maintain administrative, technical, and physical safeguards aligned with NIST standards to protect personal information, including encryption, access control, continuous system monitoring, and employee security awareness training.
We may share information with:
We do not knowingly collect or market information from children under the age of 13.
Our website does not currently respond to “Do Not Track” signals.
Our website may contain links to third-party websites. Raftelis is not responsible for the content or privacy practices of these external sites.
We retain personal information only as long as necessary for operational, contractual, and legal purposes.
You may request access, correction, or deletion of your personal information by contacting ITSupport@raftelis.com. Requests will be fulfilled where legally permissible.
9A. California “Shine the Light” Law
California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact details provided in Section 12.
9B. Additional Rights for California and US State Residents (CCPA/CPRA)
If you are a resident of California or another state with comprehensive privacy laws, you may have additional rights regarding your personal information. These rights are not absolute, and certain exceptions may apply.
Your Rights Include:
Right to Know/Access: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting or sharing it, and the categories of third parties to whom we disclose the information.
Right to Correction: You have the right to request the correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” or “sharing” (disclosure for cross-context behavioral advertising) of your personal information. (Note: We do not currently sell personal information to third parties, but we honor the right to opt-out.)
Right to Limit Use of Sensitive Personal Information: While we state we do not collect sensitive personal information, you have the right to limit the use of such information if it is collected.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your privacy rights.
How to Exercise These Rights:
To exercise any of the rights described in this Section 9B, please submit a verifiable consumer request to us by emailing ITSupport@raftelis.com. We will verify your request and respond in accordance with applicable state law.
Raftelis maintains an Incident Response Plan aligned with NIST SP 800-61 and SEC guidance. In the event of a data incident or breach, we will investigate, mitigate impact, and notify affected individuals and regulatory authorities when required.
We may update this Policy periodically. Material changes will be posted on our website with an updated “Last Modified” date. Continued use of our website or Services after updates constitutes acceptance of the revised Policy.
If you have questions or comments about this notice, you may contact us by post at:
227 W. Trade Street Suite 1400 Charlotte, NC 28202
