This Supplemental Notice for Individuals Located in the EU, UK, or Switzerland (“EU Notice”) applies to individuals and Authorized Users (“you”) located in the European Union (“EU”), the United Kingdom (“UK”), or Switzerland. This EU Notice supplements the information contained in the Privacy Notice.
1. Data Controller and DPO.
A data controller is the entity who determines the purposes and means of the processing of your Personal Data.
- Sigma Computing Inc. is the data controller for Personal Data collected from you in the manner described in Section 1.1 (Applicability) and Section 2 (Personal Data We Collect) of the Privacy Notice. If you have any questions about our privacy practices please contact Sigma’s Data Protection Officer (“DPO”) by
- Emailing privacy@sigmacomputing.com or
- Writing to us at Sigma Computing, Inc., 116 New Montgomery St. Suite 700, San Francisco CA 94105.
- The Customer whose Instance you join, access, and/or use (as an Authorized User) is the data controller for all Customer Data. Sigma processes such Customer Data as a processor on behalf the Customer and in accordance with the Customer’s instructions. Customers enter into a data processing agreement (or equivalent) with Sigma that contains standard contractual clauses, for transfers between us and the Customer. Please reach out to the Customer, if you have any questions or concerns regarding the collection, use, and processing of Customer Data.
2. Legal Basis for Processing.
Our legal basis for collecting and using your Personal Data will depend on the Personal Data we collect and the context in which we collect such Personal Data. In most cases, our processing of your Personal Data will be justified by one or more of the following bases:
- As necessary for the performance of a contract with you or to take steps at your request to enter a contract, such as to allow you to join a Customer Instance and use our Services, and to receive support from us;
- As necessary for compliance with a legal obligation to which Sigma is subject, such as to comply with our applicable legal, tax, and accounting requirements;
- As necessary for the legitimate interests pursued by the Sigma. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you, including your interests or fundamental rights and freedoms which require protection of Personal Data (unless we have your consent or are otherwise required or permitted to by law to process your Personal Data). Our legitimate interests include:
- Providing our Sites and Services to you, including the maintenance, operation, personalization, customization, and/or other improvement of our Sites and Services;
- Providing you with support and otherwise communicating with you, including to respond to your questions or inquiries, send you notifications and alerts about the Sites and Services, and enable and operate our AI Chatbots;
- Marketing, promoting, and advertising our Services, including developing and sending you emails and text messages about our Sites and Services, showing you ads (including on third-party platforms and websites) and measuring engagement and generating analytics regarding our advertisements and marketing campaigns;
- Maintaining legal and regulatory compliance, including investigating and preventing unauthorized or illegal activity, complying with lawful requests from government authorities, and enforcing our legal rights and obligations;
- Ensuring security and integrity of our Sites, Services, premises, systems, applications, and networks, including by monitoring and verifying access to our Sites and Services, and investigating and addressing security incidents and other malicious, deceptive, fraudulent, or illegal actions
- Research and development, including conducting surveys, research, benchmarking, and analysis on our Sites, Services, and business activities, developing and providing training, collecting feedback, and improving our Sites, Services, and business activities
- In limited circumstances, we will rely on your consent for processing of your Personal Data. For example, when to send you marketing communications from us and/or to process your Personal Data using non-essential cookies or similar technologies. Where we rely on your consent, we will make this clear at the relevant time to you. Whenever such consent is granted, you may withdraw your consent at any time.
3. Special Categories of Data.
We do not knowingly collect and process any Special Categories of Personal Data through our Sites or Services from you. In the event we begin collecting Special Category Personal Data from you, we will provide you with additional notice or confirm your consent at collection.
4. Your Rights.
Individuals located in the EU, UK, and Switzerland have the right to make certain requests with respect to their Personal Data. Please see Section 5 (Your Rights) and Section 6 (Your Choices and Controls) of the Privacy Notice for a description of those rights and how you may exercise them. In addition to rights stated in Section 5 of the Privacy Notice, your privacy rights include:
- Right to data portability: Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that Personal Data is processed by automatic means, you may ask us to provide you with the Personal Data which you have provided to Sigma, in a structured, commonly used and machine-readable format, and also to have your Personal Data transferred to another party where this is technically feasible.
- Right to Object: When we process your Personal Data based on legitimate interests, you may object to this processing. If you object, we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds under applicable law (e.g., your data is necessary for us to establish, exercise, or defend our legal rights).
- Right to Restriction: You may ask us to restrict our processing of your Personal Data where (a) you contest the accuracy of the Personal Data until we have taken sufficient steps to correct or verify its accuracy; (b) the processing is unlawful but you do not want us to erase your Personal Data; (c) we no longer need the Personal Data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or (d) where you have objected to processing justified on legitimate interest grounds pending verification as to whether Sigma has compelling legitimate grounds to continue processing. Where Personal Data is subjected to restriction in this way, we will only process it with your consent or for the establishment, exercise or defense of legal claims.
- Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or has similarly significantly affects on you. We may refuse to honor your opt-out request if the decision (a) is necessary for entering into, or performance of, a contract between the you and Sigma; (b) is authorized by UK or European Union (or EU Member State) laws to which Sigma is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (c) is based on your explicit consent. Sigma implements suitable measures to safeguard your rights, freedoms and legitimate interests, and provides you with the right to obtain human intervention and to contest the automated decision.
- Right to complain to a supervisory authority: You may lodge a complaint with your applicable supervisory authority if you consider that the processing of your Personal Data infringes applicable data protection laws. A list of supervisory authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
- Right to control your digital legacy: Residents of France may issue directives concerning the disposition of their Personal Data after their death, in the conditions set forth in Art. 85 of the Law on Computing Technologies and Freedoms (January 6, 1978).
Last Updated: February 11, 2026
