Effective Date: August, 2025
Caresoft Technologies, Inc., and its affiliated entities operating in North America (NA), the United Kingdom (UK), the European Union (EU), the Middle East, and the Asia-Pacific (APAC) regions (collectively, "Caresoft," "we," "us," or "our"), with its principal place of business at 31770 Enterprise Dr, Livonia, MI 48150, USA, is committed to protecting the privacy and security of your personal data. This Privacy Policy governs the collection, use, storage, and disclosure of personal data in connection with your use of the Iceberg Benchmarking Platform (the "Service"), provided as Data as a Service (DaaS). By accessing or using the Service, you consent to the practices described in this Privacy Policy. This policy applies to the applicable Caresoft entity as specified in your Subscription Agreement, determined by your region.
1. Scope and Application
This Privacy Policy applies to all personal data collected, processed, or stored by Caresoft in connection with the Iceberg Benchmarking Platform, a cloud-based software platform designed for automotive benchmarking, providing proprietary datasets such as vehicle teardown data, 3D scans, point cloud data, material compositions, cost estimations, digital twins, electrical schematics, ergonomic studies, and analytics tools. It applies to Subscribers (individuals or entities with a Subscription Agreement) and Authorized Users (individuals designated by the Subscriber to access the Service). This policy does not apply to data collected through other Caresoft products or services, third-party websites, or offline activities.
2. Personal Data We Collect
We collect the following categories of personal data to provide, operate, and improve the Service:
2.1. Account and Profile Data: Information provided during account creation or use, including names, email addresses, job titles, company names, and contact details of Subscribers and Authorized Users.
2.2. Usage Data: Information about how you interact with the Service, such as IP addresses, browser types, device information, login timestamps, pages viewed, queries executed, and analytics tool usage (e.g., Global System Wide Search and Analytics Module).
2.3. Subscriber Content: Data uploaded or created by you or Authorized Users, such as configurations, annotations, custom dashboards, or reports, which may include personal data if provided by you.
2.4. Communication Data: Information from communications with Caresoft, including support requests, feedback, or inquiries sent to legal@caresoftglobal.com.
2.5. Billing Data: No payment related information is collected.
3. How We Use Personal Data
We use personal data for the following purposes, in compliance with applicable laws:
3.1. Service Delivery: To provide and operate the Service, including user authentication, access management, data visualization, and delivery of proprietary datasets and analytics tools.
3.2. Account Management: To create, maintain, and secure user accounts, verify Authorized Users, and manage subscription tiers and access rights.
3.3. Billing and Payments: To process subscription fees, issue invoices, and manage payment disputes, in accordance with the Subscription Agreement.
3.4. Support and Communication: To respond to inquiries, provide technical support, and communicate updates, notices, or amendments to the Terms and Conditions or this Privacy Policy.
3.5. Analytics and Improvement: To analyze usage patterns, monitor system performance, and enhance the Service’s functionality, security, and user experience, using anonymized or aggregated data where possible.
3.6. Legal Compliance: To comply with applicable laws, regulations, and legal obligations, including data protection laws (e.g., GDPR, CCPA, UK GDPR) and export control regulations (e.g., U.S. EAR, ITAR), across NA, UK, EU, Middle East, and APAC regions.
4. Legal Basis for Processing
4.1. Contractual Necessity: We process personal data to fulfill our obligations under the Subscription Agreement and these Terms, including providing access to the Service and processing payments.
4.2. Legitimate Interests: We process personal data for our legitimate interests, such as improving the Service, ensuring security, and analyzing usage, provided these interests are not overridden by your rights and freedoms.
4.3. Consent: Where required by law (e.g., for certain analytics or communications), we rely on your consent, which you may withdraw at any time by contacting legal@caresoftglobal.com.
4.4. Legal Obligations: We process personal data to comply with legal requirements, such as tax reporting, data protection compliance, or responding to lawful requests from authorities.
5. Data Sharing and Disclosure
We may share personal data as follows:
5.1. Service Providers: With trusted third-party service providers (e.g., cloud hosting, analytics providers) who process data on our behalf under strict data processing agreements, ensuring compliance with applicable laws.
5.2. Caresoft Entities: With Caresoft affiliates in NA, UK, EU, Middle East, and APAC regions for operational purposes, subject to Standard Contractual Clauses or other safeguards for international data transfers.
5.3. Legal Requirements: When required by law, court order, or government authority, or to protect our rights, property, or safety, or that of our users or third parties.
5.4. Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate safeguards to ensure continued protection of personal data.
We do not sell, rent, or share personal data with third parties for marketing purposes.
6. Data Security
We implement industry-standard technical and organizational measures to protect personal data, including:
Encryption: For data at rest and in transit.
Access Controls: Single SignOn using users email credentials, Multi-factor authentication (where available), role-based access, and secure credential management.
Monitoring: Continuous monitoring for unauthorized access, vulnerabilities, or threats.
Incident Response: Protocols to address data breaches, with prompt notification to affected users and authorities as required by law.
You are responsible for maintaining the confidentiality of your account credentials and implementing reasonable security measures to prevent unauthorized access.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Account and billing data are retained for the duration of the Subscription Term and thereafter for tax and audit purposes. Usage data may be retained for up to 3 years for analytics and improvement purposes, unless anonymized. Subscriber Content is retained until the Subscription Agreement terminates, after which it is deleted within 60 days, unless otherwise required by law or agreed in writing.
8. Your Rights
Depending on your jurisdiction (e.g., GDPR for EU/UK, CCPA for California), you may have the following rights regarding your personal data:
Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your data, subject to legal or contractual obligations.
Restriction: Restrict processing in certain circumstances.
Data Portability: Receive your data in a structured, commonly used format.
Objection: Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent: Withdraw consent where processing relies on it.
To exercise these rights, contact legal@caresoftglobal.com with your request, including your identity and account details. We will respond within 30 days (or as required by law). We may deny requests if they are unfounded, excessive, or conflict with legal obligations.
9. International Data Transfers
Personal data may be transferred to and processed in countries where Caresoft operates (NA, UK, EU, Middle East, APAC), including the United States. For transfers from the EU/UK to non-adequate jurisdictions, we use Standard Contractual Clauses, Binding Corporate Rules, or other safeguards to ensure compliance with GDPR, UK GDPR, and other applicable regulations. Contact legal@caresoftglobal.com for details on safeguards.
10. Data Provided “As-Is”
Data provided through the Iceberg Platform, including vehicle teardown datasets, 3D scans, point cloud data, cost estimates, and digital twins, is provided on an “as-is” basis without warranties of accuracy, correctness, completeness, merchantability, or fitness for a particular purpose. You are solely responsible for verifying the suitability of Data for your use.
11. Third-Party Links
The Service may contain links to third-party websites or services, such as payment processors or analytics tools. We are not responsible for the privacy practices or content of these third parties. Review their privacy policies before providing personal data.
12. Children’s Privacy
The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such data, we will delete it promptly.
13. Amendments
We may update this Privacy Policy with written notice via email, or via Iceberg portal. Continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
14. Contact Us
For questions, concerns, or to exercise your rights, contact the applicable Caresoft entity at:
Email: or to your sales contact in Caresoft
Mail: Caresoft Technologies, Inc., 31770 Enterprise Dr, Livonia, MI 48150, USA, or the address of the applicable Caresoft entity specified in your Subscription Agreement.