Privacy Policy

• Account Information: Name, email address, and credentials provided during registration.
• User Inputs: Content, queries, documents, and data submitted to the Platform.
• AI-Generated Outputs: Results produced by the Platform in response to user inputs.
• Usage Analytics: Interaction data, session duration, feature usage, and error logs.
• Technical & Device Information: IP address, browser type, OS, and device identifiers.
• Payment Information: Billing details processed via trusted third-party payment providers (e.g., Stripe, Razorpay). Eidoz does not store raw card data.

Collected information is used to:

• Operate, maintain, and improve the Eidoz Platform and its features.
• Personalise your experience and provide relevant AI-driven insights.
• Process billing and manage your subscription.
• Send service-related communications, updates, and support responses.
• Monitor for misuse, security threats, and policy violations.
• Comply with legal obligations and enforce these policies.

Eidoz may use anonymised outputs, aggregated usage patterns, and derived statistical insights to improve its AI systems. Eidoz will not directly reuse personally identifiable raw user inputs for AI training purposes without obtaining explicit, informed consent from the User.

Where data is used for system improvement, it is de-identified and aggregated in a manner that prevents re-identification of individual users.

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland, Eidoz processes personal data under the following legal bases:

• Contractual Necessity: Processing required to provide the service you have contracted for.
• Legitimate Interests: Processing necessary for fraud prevention, security, and service improvement, balanced against your rights.
• Consent: For processing activities where we rely on your explicit permission (e.g., marketing communications or optional AI training participation).
• Legal Obligation: Processing required to comply with applicable laws.

GDPR Rights: EEA users have the right to access, rectify, erase, restrict processing of, and port their personal data. You also have the right to object to processing and to withdraw consent at any time without affecting the lawfulness of prior processing.

Data Transfers: Where personal data is transferred outside the EEA, Eidoz ensures appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms recognised under applicable data protection law.

To exercise your GDPR rights, please contact Eidoz through the official support channel. We will respond within 30 days as required by applicable law.

For residents of California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide additional rights:

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, and the purposes for which it is used.
• Right to Delete: You may request deletion of personal information we hold about you, subject to certain legal exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: Eidoz does not sell personal data. If this changes, California residents will be provided a clear opt-out mechanism.
• Right to Non-Discrimination: Eidoz will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, please contact Eidoz through the official support channel. We will respond within 45 days, with one possible 45-day extension where reasonably necessary.

Payments are processed through trusted third-party payment providers, including but not limited to Stripe and Razorpay. These providers are responsible for PCI-DSS compliance in relation to payment card data. Eidoz does not store, transmit, or process raw payment card information directly.

Eidoz does not sell personal data to third parties. We may share data only in the following limited circumstances:

• Service Providers: Trusted operational partners who assist in delivering the Platform (e.g., cloud hosting, analytics, customer support), bound by appropriate data processing agreements.
• Payment Processors: As described in Section 6.
• Legal Requirements: Where required by law, court order, or regulatory authority.
• Business Transfers: In the event of a merger, acquisition, or asset sale, with appropriate notice provided to users.

Eidoz implements industry-standard security practices including encryption in transit and at rest, access controls, and periodic security reviews. However, no system is completely secure, and Eidoz cannot guarantee absolute security of your data.

In the event of a data breach that poses a risk to your rights and freedoms, Eidoz will notify affected users and relevant regulatory authorities in accordance with applicable law.

All users, regardless of location, may:

• Request access to personal information held about them.
• Request correction of inaccurate data.
• Request deletion of their account and associated data (subject to legal retention obligations).
• Withdraw consent where processing is based on consent.

Requests can be submitted via the official Eidoz support channel. We aim to respond within 30 days.

Eidoz uses cookies and similar tracking technologies to improve platform functionality, remember preferences, and analyse usage. You may control cookie preferences through your browser settings or any in-platform consent mechanism provided.

Third-party analytics tools (e.g., Google Analytics or equivalent) may be used, and their use is governed by their respective privacy policies. We encourage you to review those policies.

Eidoz retains personal data for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. When data is no longer required, it is securely deleted or anonymised.

Upon account deletion, we will endeavour to delete or anonymise your personal data within 90 days, except where retention is required by law.

Eidoz is not directed at children under the age of 13, or the minimum legal age in the applicable jurisdiction. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will take steps to delete it promptly.

Eidoz may update this Privacy Policy as its systems, services, or regulatory obligations evolve. Material changes will be communicated with at least 14 days' advance notice via email or in-platform notification. Continued use after the effective date constitutes acceptance of the updated policy.

Eidoz is the data controller for personal data processed through the Platform. For privacy-related questions, requests, or concerns, please contact Eidoz through the official support channel available on the Platform.

If you are an EEA user and believe your data protection rights have not been respected, you have the right to lodge a complaint with your local supervisory authority.