Privacy Policy

1. Geographic Scope & Applicable Laws

This Privacy Policy complies with the following regulations based on your location:

United States

• FTC Act (Federal Trade Commission)
• CCPA/CPRA (California Consumer Privacy Act/Rights Act)
• State privacy laws (Virginia, Colorado, Connecticut, Utah)

European Union / European Economic Area

• GDPR (General Data Protection Regulation) - Regulation (EU) 2016/679

United Kingdom

• UK GDPR - Data Protection Act 2018

We apply the highest standard of protection globally, ensuring all users benefit from comprehensive privacy rights.

2. Information We Collect

Information You Provide Directly

• Account Registration: Name, email, company name, and contact details
• Contact Forms: Information submitted when contacting us
• Payment Information: Processed securely by our payment providers (Stripe/PayPal)
• Newsletter Subscriptions: Email address and preferences
• AI Solution Quiz: Business challenges, company size, budget, and timeline

Information Collected Automatically

• Cookies and Tracking: See our Cookie Policy for details
• Usage Data: Pages visited, time spent, referral sources
• Technical Information: IP address, browser type, device information
• Location Data: General geographic location from IP address

Information from Third Parties

We do not currently collect personal information from third-party sources. All information is provided directly by you or collected automatically through your use of our services. If this changes in the future, we will update this policy and notify you.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our AI solutions and services
• Process transactions and send related information
• Respond to your comments, questions, and requests
• Send technical notices, updates, security alerts, and support messages
• Communicate with you about products, services, and promotional offers
• Monitor and analyze trends and usage to improve your experience
• Detect, prevent, and address technical issues or fraudulent activity

3.1 Legal Basis for Processing (GDPR Compliance)

Under GDPR and similar privacy laws, we process your personal information based on the following legal bases:

Consent (Article 6(1)(a) GDPR)

• Marketing communications and newsletters
• Optional data collection beyond service requirements
• Non-essential cookies and tracking

Contract Performance (Article 6(1)(b) GDPR)

• Providing our AI solutions and services
• Processing transactions and payments
• Customer support and account management

Legitimate Interest (Article 6(1)(f) GDPR)

• Fraud detection and prevention
• Network and information security
• Business analytics and service improvement
• Direct marketing to existing customers

Legal Obligation (Article 6(1)(c) GDPR)

• Compliance with tax and accounting requirements
• Responding to legal requests and court orders
• Data breach notifications

4. Information Sharing

We do not sell your personal information to third parties. We share information only with:

Service Providers

We work with trusted third-party service providers:

• Google Analytics: Website analytics and traffic analysis
• Formspree: Contact form processing and email delivery
• Stripe/PayPal: Secure payment processing
• AWS (Amazon Web Services): Hosting and cloud infrastructure
• Google Cloud: Cloud services and data storage

Each provider has their own privacy policy and data processing agreement.

Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to comply with legal obligations.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction.

4.1 Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Account Information: Retained while your account is active, plus 7 years after closure
• Transaction Records: 7 years (legal and accounting requirements)
• Marketing Data: Until you unsubscribe or withdraw consent
• Usage Logs: 90 days (for security and analytics)
• Support Tickets: 3 years after resolution
• Cookies: See our Cookie Policy for specific durations

You can request deletion of your data at any time, subject to legal retention requirements.

4.2 Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify you within 72 hours (GDPR requirement)
• We will notify relevant supervisory authorities
• We will provide details about the breach and steps taken
• We will advise you on protective measures to take

5. Your Privacy Rights

GDPR Rights (EU/EEA/UK)

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate data
• Right to Erasure (Article 17): Request deletion ("Right to be Forgotten")
• Right to Restrict Processing (Article 18): Limit how we use your data
• Right to Data Portability (Article 20): Receive your data in machine-readable format
• Right to Object (Article 21): Object to certain processing activities
• Right to Withdraw Consent (Article 7): Withdraw consent at any time
• Right to Lodge a Complaint (Article 77): File complaint with supervisory authority

CCPA/CPRA Rights (California)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale/sharing of personal information
• Right to Correct: Correct inaccurate personal information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: We won't discriminate for exercising your rights

How to Exercise Your Rights

• Email: myainexus@gmail.com
• Response Time: 30 days (GDPR) or 45 days (CCPA)
• Verification: We may need to verify your identity before processing requests

Exercising your rights is free of charge.

5.1 Supervisory Authority & Complaints

If you believe we have not handled your data appropriately, you have the right to lodge a complaint:

European Union / EEA

Complete list of data protection authorities:

https://edpb.europa.eu/about-edpb/board/members_en

United Kingdom

Information Commissioner's Office (ICO)

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113

United States - California

California Privacy Protection Agency (CPPA)

• Website: https://cppa.ca.gov/
• Email: regulations@cppa.ca.gov

Before filing a complaint, please contact us directly at myainexus@gmail.com - we aim to resolve issues within 30 days.

5.2 California Privacy Rights

Sale of Personal Information

We do NOT sell your personal information to third parties.

Sharing for Business Purposes

We may share information with service providers for:

• Website hosting and maintenance
• Payment processing
• Email communications
• Analytics and advertising

Opt-Out

You can opt-out of data sharing by contacting us at myainexus@gmail.com.

"Shine the Light" Law

California residents can request information about personal information disclosed to third parties for direct marketing purposes in the preceding calendar year.

6. Automated Decision-Making and Profiling

We use limited automated processing for:

Lead Scoring

Our CRM system scores leads based on website interactions:

• Logic: Points assigned for pages visited, time on site, form submissions
• Consequences: Affects sales follow-up priority and marketing communications

Your Rights: You can object to this profiling by contacting us.

We do NOT use automated decision-making that produces legal effects or significantly affects you without human intervention.

7. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience on our website. Please see our Cookie Policy for detailed information about the cookies we use, their purposes, and how to manage your preferences.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit and at rest (TLS 1.3)
• Regular security assessments and updates
• Access controls and authentication systems
• Employee training on data protection practices
• Secure hosting on cloud infrastructure

However, no method of transmission over the Internet or method of electronic storage is 100% secure.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own, including the United States.

Data Transfers to the United States

We use US-based services:

• Google Analytics and Google Cloud
• AWS (Amazon Web Services)
• Stripe (payment processing)

Safeguards for International Transfers

• Standard Contractual Clauses (SCCs): Approved by European Commission
• Data Processing Agreements: With all third-party providers
• Encryption: All transfers use TLS 1.3 encryption
• Access Controls: Strict limitations on who can access your data

Risk Notice: The US may not provide the same level of data protection as your home country. However, our safeguards ensure your rights remain protected.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information immediately.

11. Marketing Communications

Email Marketing

• We send marketing emails only with your consent
• Every email includes an unsubscribe link
• Unsubscribe requests processed within 48 hours
• We never share your email with third parties for their marketing

Text/SMS Marketing

• Only with explicit consent
• Reply STOP to unsubscribe instantly
• Standard message and data rates may apply

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Displaying a banner on our website for 30 days
• Email notification if we have your email (for material changes)
• Updating the "Last Updated" date at the bottom of this policy

By continuing to use our services after changes are posted, you acknowledge and agree to the updated Privacy Policy.

13. Data Protection Officer

Name: Parker Fawcett

Role: Founder & CEO / Data Protection Officer

Email: myainexus@gmail.com

Response Time: Within 48 hours

Note: As a small business with limited processing activities, our Founder/CEO serves as Data Protection Officer in accordance with applicable data protection laws.