top of page

Privacy Policy

Last updated: April 27, 2026

1. Introduction

millionways, Inc. (“millionways,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you access or use our websites, products, APIs, software, and services.


This Privacy Policy applies to:
 

  • Corporate Website at millionways.ai. Marketing pages, contact forms, informational content, and related website features.

  • Simulation Platform at platform.millionways.ai. An AI-powered behavioral intelligence environment where authorized users create digital profiles (“People”) from text, audio, video, transcript, or document inputs and run behavioral simulations (“Scenarios”).

  • Thorsten-4 API at api.millionways.ai. Programmatic access to our proprietary Large Psychology Model for behavioral analysis, available only under a separate written agreement.

  • Behavioral Alpha. Our stock-signal and behavioral market-intelligence product, available either as a feature within the Simulation Platform or as a dedicated API endpoint.

  • Talent and Behavioral Intelligence features. Profile-generation, behavioral-analysis, candidate-evaluation, team-analysis, leadership-assessment, workforce-analysis, and related capabilities.
     

Together, these are referred to as the “Services.”

This Privacy Policy should be read together with our Terms of Service and any applicable enterprise agreement, order form, data-processing agreement, business associate agreement, pilot agreement, or other written agreement with millionways.


2. Our Role

Depending on the context, millionways may act as a business, controller, service provider, processor, or subprocessor.

For most enterprise customers, millionways processes customer-uploaded content and related personal information on behalf of the customer. In those cases, the customer determines what information is uploaded, whose information is processed, the purpose of processing, and the lawful basis for processing. The customer is responsible for providing required notices, obtaining required consents, and complying with applicable privacy, employment, AI, and sector-specific laws.

For information we collect directly through our website, account creation, billing, product analytics, security systems, and customer communications, millionways may act as the business or controller.


3. Information We Collect

We collect information in several ways.


3.1 Information You Provide Directly

We may collect information you provide when you:
 

  • create an account;

  • request a demo;

  • contact us;

  • subscribe to communications;

  • sign an agreement;

  • use the Platform;

  • access an API;

  • upload content;

  • invite team members;

  • submit support requests;

  • participate in a pilot or design-partner program;

  • provide feedback.


This information may include:
 

  • name;

  • email address;

  • company name;

  • job title;

  • phone number;

  • billing information;

  • login credentials;

  • organization membership;

  • user role and permissions;

  • customer-support communications;

  • contract and account information;

  • preferences and settings;

  • feedback and product suggestions.


3.2 Customer Content

When you use the Services, you or your organization may upload, transmit, or submit content for processing. This may include:
 

  • text;

  • transcripts;

  • interview notes;

  • audio files;

  • video files;

  • documents;

  • emails;

  • Slack or messaging exports;

  • meeting recordings;

  • earnings call transcripts;

  • public communications;

  • professional profiles;

  • candidate materials;

  • employee materials;

  • leadership assessments;

  • scenario descriptions;

  • organizational context;

  • company or market information;

  • other materials submitted for behavioral analysis or simulation.


We refer to this information as “Customer Content.”

Customer Content may contain personal information about you, your employees, candidates, executives, customers, prospects, users, counterparties, or other individuals.


3.3 Behavioral Intelligence and Model Outputs

The Services may generate behavioral intelligence, simulations, scores, predictions, summaries, structured profiles, scenario results, recommendations, confidence indicators, or related outputs based on Customer Content and other contextual data.

These outputs may include information related to:
 

  • communication patterns;

  • motivation signals;

  • stress-response patterns;

  • decision-making style;

  • confidence stability;

  • risk orientation;

  • collaboration style;

  • behavioral dynamics;

  • scenario outcomes;

  • predicted interaction patterns;

  • talent or leadership indicators;

  • market-related behavioral signals;

  • other behavioral intelligence generated by the Services.


We refer to these as “Service Outputs.”

Service Outputs are probabilistic indicators and decision-support outputs. They are not clinical assessments, medical diagnoses, employment decisions, investment advice, or final determinations.


3.4 Usage, Device, and Technical Information

We may automatically collect information about how you access and use the Services, including:
 

  • IP address;

  • browser type;

  • device type;

  • operating system;

  • referring URLs;

  • pages viewed;

  • features used;

  • session information;

  • log files;

  • API calls;

  • timestamps;

  • authentication events;

  • error logs;

  • diagnostic data;

  • approximate location derived from IP address;

  • usage patterns;

  • performance data;

  • security and fraud-prevention signals.


3.5 Cookies and Similar Technologies

We may use cookies, pixels, local storage, SDKs, and similar technologies to:
 

  • operate the website and Platform;

  • remember preferences;

  • authenticate users;

  • improve performance;

  • understand usage;

  • measure marketing effectiveness;

  • prevent fraud;

  • support security;

  • improve the Services.
     

You can control cookies through your browser settings. Some features may not function properly if cookies are disabled.


3.6 Information from Third Parties

We may receive information from third parties, including:

  • authentication providers;

  • cloud infrastructure providers;

  • transcription providers;

  • large language model providers;

  • analytics providers;

  • CRM and marketing tools;

  • payment processors;

  • data vendors;

  • integration partners;

  • enterprise customers;

  • public sources;

  • APIs and third-party data sources connected to the Services.


Where customers connect third-party systems to the Services, they are responsible for ensuring they have the right to transmit that information to millionways.


4. How We Use Information

We use information to:
 

  • provide the Services;

  • create and manage accounts;

  • authenticate users;

  • process Customer Content;

  • generate Service Outputs;

  • create and update People profiles;

  • run Scenarios;

  • provide Behavioral Alpha outputs;

  • provide API services;

  • respond to support requests;

  • communicate with users and customers;

  • manage subscriptions, contracts, and billing;

  • monitor usage and enforce limits;

  • secure the Services;

  • detect fraud, abuse, unauthorized access, and misuse;

  • troubleshoot errors and improve reliability;

  • analyze performance and usage trends;

  • improve user experience;

  • develop and improve product functionality;

  • comply with law;

  • enforce our Terms of Service and agreements;

  • protect the rights, safety, and security of millionways, customers, users, third parties, and the public.


5. AI Processing and Model Training

millionways processes Customer Content to provide the Services, including to generate behavioral intelligence, structured outputs, simulations, summaries, predictions, and related analysis.
 

millionways does not use customer-uploaded content to train Thorsten-4 or any other millionways model unless the customer separately and explicitly opts in.
 

millionways may use aggregated, anonymized, or de-identified information for analytics, benchmarking, security, product improvement, and research, provided such information does not identify a customer, user, or individual.
 

Where third-party AI model providers are used to support certain features, Customer Content may be transmitted to those providers solely as necessary to provide the Services and subject to contractual, technical, and organizational safeguards.


6. How We Disclose Information

We may disclose information in the following circumstances.
 

6.1 To Service Providers and Subprocessors

We may disclose information to vendors, service providers, and subprocessors that help us provide, secure, maintain, and improve the Services. These may include:
 

  • cloud hosting providers;

  • database providers;

  • large language model providers;

  • transcription providers;

  • authentication providers;

  • analytics providers;

  • payment processors;

  • support tools;

  • logging and monitoring providers;

  • email and communications providers;

  • security providers;

  • professional advisors.
     

These providers are authorized to process information only as needed to provide services to millionways and are subject to contractual obligations.
 

6.2 To Enterprise Customers and Organization Administrators

If you use the Services through an organization, enterprise customer, employer, client, or other entity, information associated with your account and use of the Services may be accessible to that organization and its administrators.

Organization administrators may be able to:
 

  • invite and remove users;

  • view account information;

  • manage permissions;

  • access organization content;

  • view usage data;

  • access outputs generated within the organization;

  • manage billing and subscription information.
     

6.3 Through Customer-Directed Integrations

If a customer connects the Services to third-party systems, we may disclose information through those integrations at the customer’s direction.
 

6.4 For Legal and Compliance Purposes

We may disclose information if we believe disclosure is reasonably necessary to:
 

  • comply with law;

  • respond to subpoenas, court orders, or legal process;

  • cooperate with regulators or law enforcement;

  • enforce our Terms of Service or agreements;

  • protect our rights, property, or safety;

  • protect customers, users, third parties, or the public;

  • investigate fraud, security incidents, or misuse.
     

6.5 In Business Transactions

We may disclose or transfer information in connection with a merger, acquisition, financing, corporate reorganization, sale of assets, bankruptcy, change of control, or similar transaction.
 

6.6 With Consent

We may disclose information with your consent or at your direction.
 

7. Sensitive Personal Information

The Services may process sensitive personal information if a customer uploads it or if it is contained in Customer Content.

Sensitive personal information may include:
 

  • health information;

  • biometric information;

  • employment information;

  • financial information;

  • precise geolocation;

  • government identifiers;

  • race, ethnicity, religion, or similar protected characteristics;

  • union membership;

  • sexual orientation;

  • disability information;

  • contents of private communications;

  • information about children;

  • other information considered sensitive under applicable law.
     

Customers are responsible for determining whether Customer Content includes sensitive personal information and for ensuring they have all required rights, notices, consents, authorizations, and legal bases to upload and process that information through the Services.
 

millionways does not use sensitive personal information to infer protected characteristics unless expressly directed by a customer and permitted by applicable law and written agreement.
 

8. Hiring, Talent, and Employment-Related Processing

Customers may use the Services to support hiring, candidate evaluation, employee assessment, leadership assessment, succession planning, team composition, or workforce analytics.

In these contexts, the customer is responsible for:
 

  • determining the lawful basis for processing;

  • providing required notices;

  • obtaining required consents;

  • conducting required audits;

  • offering any required opt-out or alternative process;

  • responding to candidate or employee requests;

  • ensuring human review;

  • complying with employment, anti-discrimination, AI, privacy, and labor laws.
     

millionways does not make final employment decisions and does not act as an employer, employment agency, background-check provider, consumer-reporting agency, or final decision-maker unless expressly agreed in writing.
 

The Services are not designed to be used as a consumer report, investigative consumer report, background check, employment screening report, or eligibility determination under the Fair Credit Reporting Act or similar laws unless expressly agreed in writing by millionways.
 

9. Behavioral Alpha and Financial Data

Behavioral Alpha is provided to institutional and contract customers for informational and analytical purposes.

Behavioral Alpha may process public company communications, earnings call transcripts, management communications, market-related contextual data, and other information used to generate behavioral market signals.
 

millionways does not provide investment advice, fiduciary advice, broker-dealer services, or investment management services. Customers are responsible for their own investment decisions, regulatory obligations, and use of Behavioral Alpha outputs.
 

10. Data Retention

We retain information for as long as reasonably necessary to:

  • provide the Services;

  • maintain accounts;

  • fulfill contracts;

  • comply with legal obligations;

  • resolve disputes;

  • enforce agreements;

  • maintain security;

  • support billing, audit, and compliance requirements;

  • preserve business records;

  • improve and operate the Services.
     

Customer Content retention may be governed by the customer’s enterprise agreement, order form, data-processing agreement, business associate agreement, or account settings.

Where legally required or contractually agreed, we will delete, return, or de-identify Customer Content upon request or termination, subject to backup, archival, legal, security, and compliance exceptions.
 

11. Data Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, and disclosure.

These safeguards may include:
 

  • access controls;

  • authentication;

  • encryption where appropriate;

  • logging and monitoring;

  • least-privilege permissions;

  • vendor review;

  • security testing;

  • incident-response procedures;

  • employee confidentiality obligations.
     

No system is completely secure. We cannot guarantee that unauthorized third parties will never defeat our safeguards or access information.
 

12. International Data Transfers

millionways is based in the United States. Information may be processed in the United States and other countries where we, our affiliates, service providers, or subprocessors operate.
 

If information is transferred from outside the United States, we rely on appropriate legal mechanisms where required, such as contractual safeguards, data-processing agreements, standard contractual clauses, or other lawful transfer mechanisms.
 

13. Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information. These may include the right to:

  • access personal information;

  • correct inaccurate information;

  • delete personal information;

  • obtain a copy of personal information;

  • restrict or object to certain processing;

  • withdraw consent where processing is based on consent;

  • opt out of certain sales, sharing, targeted advertising, or profiling where applicable;

  • limit use of sensitive personal information where applicable;

  • appeal a denied request where applicable.
     

To exercise privacy rights, contact us at privacy@millionways.ai.
 

If your information was submitted to the Services by a millionways customer, we may direct your request to that customer or process it according to the customer’s instructions.
 

We may need to verify your identity before fulfilling a request.
 

14. U.S. State Privacy Rights

Residents of certain U.S. states, including California, Colorado, Connecticut, Virginia, Utah, and others, may have additional privacy rights under applicable state privacy laws.

Subject to applicable law, these rights may include:
 

  • the right to know or access categories and specific pieces of personal information;

  • the right to delete personal information;

  • the right to correct inaccurate personal information;

  • the right to portability;

  • the right to opt out of sale, sharing, targeted advertising, or certain profiling;

  • the right to limit use of sensitive personal information;

  • the right to non-discrimination for exercising privacy rights;

  • the right to appeal a denied request.
     

millionways does not sell customer-uploaded content.
 

millionways does not use customer-uploaded content for cross-context behavioral advertising.
 

If we engage in activities that constitute “sale,” “sharing,” “targeted advertising,” or similar terms under applicable law, we will provide required notices and opt-out mechanisms.
 

15. California Privacy Notice

This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies.
 

Categories of Personal Information We May Collect

We may collect the following categories of personal information:

  • identifiers, such as name, email address, IP address, account ID, and company affiliation;

  • commercial information, such as subscription, billing, and transaction information;

  • internet or electronic network activity information, such as usage data, logs, device data, and cookie data;

  • professional or employment-related information, such as job title, company, candidate materials, employee materials, or professional profile information;

  • audio, electronic, visual, or similar information, if uploaded or submitted by a customer;

  • inferences and Service Outputs generated from Customer Content;

  • sensitive personal information, if uploaded by a customer or otherwise provided;

  • other information you provide or that is reasonably necessary to provide the Services.
     

Sources of Personal Information

We collect personal information from:
 

  • you;

  • enterprise customers;

  • organization administrators;

  • uploaded Customer Content;

  • third-party integrations;

  • service providers;

  • public sources;

  • analytics and security tools;

  • business partners.
     

Purposes for Collection and Use

We collect and use personal information for the purposes described in Section 4 of this Privacy Policy.


Disclosure of Personal Information

We may disclose personal information to the categories of recipients described in Section 6 of this Privacy Policy.

 

Sale or Sharing

millionways does not sell customer-uploaded content.
 

millionways does not use customer-uploaded content for cross-context behavioral advertising.
 

If our website uses advertising or analytics technologies that may constitute “sharing” under California law, we will provide required notices and opt-out mechanisms.
 

Sensitive Personal Information

We use sensitive personal information only as reasonably necessary to provide the Services, comply with law, ensure security, or as otherwise permitted by applicable law or authorized by the customer.


Retention

We retain personal information as described in Section 10 of this Privacy Policy.


California Rights

California residents may have the right to request access, deletion, correction, portability, opt-out of sale or sharing, limitation of sensitive personal information, and non-discrimination for exercising privacy rights.

To submit a request, contact privacy@millionways.ai.


16. European, UK, and International Privacy Rights

Where the GDPR, UK GDPR, Swiss data-protection law, or similar international privacy laws apply, individuals may have rights to:
 

  • access personal data;

  • correct inaccurate personal data;

  • delete personal data;

  • restrict processing;

  • object to processing;

  • receive data portability;

  • withdraw consent;

  • lodge a complaint with a supervisory authority.
     

The legal bases for processing may include:
 

  • performance of a contract;

  • legitimate interests;

  • consent;

  • compliance with legal obligations;

  • protection of rights and security;

  • customer instructions where millionways acts as processor.
     

Where millionways processes personal data on behalf of an enterprise customer, the customer is typically the controller and millionways is the processor. Requests relating to customer-controlled data should be directed to the relevant customer unless otherwise required by law.
 

17. Children’s Privacy

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18.
 

Customers may not upload children’s personal information unless they have all required rights, notices, consents, and legal authorization to do so.
 

If you believe we have collected personal information from a child without authorization, contact us at privacy@millionways.ai.
 

18. Cookies and Tracking Choices

You can manage cookies through your browser settings. You may also be able to use platform-level privacy controls or opt-out mechanisms made available on our website.
 

Some cookies are necessary for the Services to function. Disabling them may affect availability or functionality.

Where required by law, we will provide cookie consent tools or opt-out mechanisms.
 

19. Email and Marketing Choices

You may opt out of marketing emails by using the unsubscribe link in our emails or by contacting us.

We may still send transactional, administrative, security, billing, legal, and service-related communications.
 

20. Do Not Track and Global Privacy Controls

Some browsers transmit “Do Not Track” signals. We do not currently respond to all Do Not Track signals because there is no consistent industry standard.
 

Where required by applicable law, we will honor legally recognized opt-out preference signals, such as Global Privacy Control, for applicable browser-based activities.
 

21. Data Processing Agreements

Enterprise customers may request a Data Processing Addendum or similar agreement where required by applicable law.

Where a customer’s use of the Services involves protected health information, regulated financial data, employment-regulated data, or other sector-specific information, additional written terms may be required before such information may be processed.
 

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice by email, through the Services, by posting an updated version on our website, or by another reasonable method.
 

The updated Privacy Policy will become effective when posted or on the effective date stated in the notice.

Your continued use of the Services after the updated Privacy Policy takes effect means you acknowledge the updated Privacy Policy.
 

23. Contact Us

For privacy questions or requests, contact us at:

privacy@millionways.ai


For legal notices, contact: legal@millionways.ai

or by mail at:
 

millionways, Inc.
169 Madison Ave, STE 38202
New York, NY 10016
United States

bottom of page