Legal
Privacy Policy
Effective date: July 10, 2026
Subnet345, LLC (“we”, “us”, “our”) operates subnet345.com and provides the governance substrate for AI agents under the Plexus product. This Privacy Policy tells you what we collect, how we use it, and what choices you have.
We do not sell your personal information. We collect what we need to respond to your inquiries, evaluate design-partner and pilot fit, operate the site, and meet our legal obligations. That is the whole shape.
1. What we collect
What you give us directly:
- Your contact-form submissions at
/contact: your name, email address, organization, role, organization type, project timeline, domains of interest (from a checklist), and message content. - Your notify-at-launch email address, when you sign up through any subscription form on the site to be notified about launch.
- Your design-partner, pilot, or beta-tester inquiry information: role, use case, technical requirements you choose to share.
- Anything you send us by email or other channels you initiate.
What the site collects automatically when you visit:
- Server access logs. Fields include IP address, timestamps, request URLs, HTTP response codes, and user-agent strings.
- No third-party analytics service is enabled at this time. If we enable one, we will update this Privacy Policy and disclose the specific service and the categories of data it collects.
What we do not collect from the public site:
- Payment information. There are no purchases from the site pre-launch.
- Sensitive personal information as defined under CCPA.
- Information from any cookie beyond what is essential to operate the site.
2. How we use it
We use what you give us to:
- Respond to your inquiry.
- Evaluate whether a design-partner, pilot, or beta-tester engagement fits both sides.
- Communicate with you about your engagement or interest.
- Send you the launch notification you signed up for.
- Operate, secure, and improve subnet345.com.
- Meet legal obligations and enforce our Terms of Use.
We do not:
- Sell your personal information.
- Share your personal information with advertising networks.
- Use your information for automated decision-making that produces legal or similarly significant effects on you.
3. Legal bases for processing (EU and UK GDPR)
If you are covered by the EU GDPR or the UK GDPR, we process your personal information under these legal bases:
- Legitimate interests (Article 6(1)(f)): responding to inquiries you initiate, evaluating engagement fit, and operating the site securely.
- Contract performance or pre-contractual steps (Article 6(1)(b)): evaluating and entering a design-partner, pilot, or beta-tester agreement at your request.
- Consent (Article 6(1)(a)): any optional communication you have specifically opted into.
- Legal obligation (Article 6(1)(c)): retaining or disclosing information as law requires.
4. Your rights
Depending on where you live, you have rights over the personal information we hold about you.
If you are in the EU or UK (GDPR / UK GDPR) you have the right to:
- Access a copy of what we hold about you.
- Ask us to correct anything that is inaccurate.
- Ask us to delete it, subject to legal retention obligations.
- Receive it in a structured, machine-readable format (portability).
- Ask us to limit how we use it (restriction).
- Object to processing that we do under legitimate interests.
- Withdraw consent at any time where processing is based on your consent.
- Lodge a complaint with the data-protection authority in your country of residence, place of work, or where the alleged infringement happened.
If you are in California (CCPA / CPRA) you have the right to:
- Know what categories of personal information we collect, where it comes from, why we use it, and who we share it with.
- Request deletion of what we hold, subject to legal retention obligations.
- Request correction of anything inaccurate.
- Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell or share your information in that way, so no action is required.
- Non-discrimination: we will not deny you services, charge different prices, or offer different service levels for exercising your rights.
To exercise a right, contact us at the address in Section 10. We respond within the timelines your applicable law requires: one month for GDPR requests, with a possible two-month extension where the request is complex or numerous (per Article 12(3) GDPR), and 45 days for CCPA requests (extendable by an additional 45 days with notice).
5. How long we keep it
We keep personal information for as long as we need it for the purposes above, or as long as law requires. Baseline periods:
- Contact-form and inquiry information: 24 months from last contact.
- Design-partner, pilot, and beta-tester engagement information: for the duration of the engagement, plus 24 months post-close to support renewal conversations and legal obligations.
- Notify-at-launch email addresses: until you unsubscribe, or 24 months of inactivity, whichever comes first.
- Server access logs: 90 days rolling.
- Analytics data, if any is enabled: 14 months.
You may request earlier deletion at any time. See Section 4.
6. Sub-processors and third parties
We use third-party service providers to run the site and communicate with you. We share personal information with them only to the extent they need it to perform their service on our behalf.
Current sub-processor categories:
- Hosting infrastructure: Hivelocity (dedicated bare-metal servers we manage).
- DNS: Cloudflare.
We do not currently use a third-party analytics provider or a transactional email service. If we add either, we will update this list.
We do not share personal information with third parties for their own marketing purposes.
7. International transfers
If you are in the EU, the UK, or another jurisdiction with data-transfer restrictions, and your personal information is transferred to the United States or another country, we rely on appropriate safeguards under applicable law. That includes Standard Contractual Clauses where required.
If we appoint an Article 27 EU Representative or an Article 27 UK Representative, their contact details will appear here. The two appointments may be separate; if you are located in the United Kingdom, the UK appointment may be a distinct entity from any EU appointment.
8. Cookies
We use only essential cookies necessary to operate the site (for example, session and security cookies). We do not use third-party marketing or tracking cookies at the current pre-launch stage.
Some browsers offer a “Do Not Track” signal. We do not currently respond to Do Not Track signals because there is no common industry standard for how to interpret them.
9. Security posture
We operate subnet345.com and the Plexus substrate to security standards appropriate for governance substrate for AI agents in regulated environments. Our technical and organizational measures include encryption in transit, access controls, and audit logging by construction on the Plexus substrate itself.
We are pre-launch and do not yet hold third-party attestations such as SOC 2. Our compliance-certification program is on trajectory; when attestations are obtained, we will update this Privacy Policy to reflect what is held.
Nothing in this Section 9 is a warranty. We recommend that you take steps to protect your personal information too.
10. Contact us about privacy
To exercise a right, ask a question about this Privacy Policy, or otherwise contact us about privacy:
- Email: privacy@subnet345.com.
We aim to respond within one month of receiving your request, and always within the timelines your applicable law requires. Article 12(3) GDPR permits an extension of up to two additional months in complex or numerous cases; if we need the extension, we will let you know within one month of your request and explain why.
11. Children
Subnet345 is a B2B enterprise service. It is not directed to individuals under 16 and we do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete it.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date at the top and, where required, notify you by email or through the site.
13. Governing law and jurisdiction
This Privacy Policy is governed by the laws of the State of Illinois, without regard to conflict-of-laws principles. Nothing in this clause limits any rights that GDPR, CCPA, or other applicable data-protection law grants you regardless of the governing law of this Policy.