```

Privacy Policy

Last updated: January 2, 2025

1. Introduction

Welcome to Enosis Labs, Inc. ('Enosis Labs,' 'we,' 'us,' or 'our') Privacy Policy. This policy explains how we collect, use, disclose, and protect your Personal Information when you use our artificial intelligence services and interact with our platform (the 'Services'). This policy is governed by the laws of the State of Delaware and applicable federal law of the United States. By using our Services, you consent to the practices described in this policy.

Definitions

  • Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This includes, but is not limited to, the categories listed in Section 2.
  • AI-Generated Data: Data created or inferred by our AI models based on User Inputs and interactions with our Services. This may include predictions, classifications, or other insights derived from your data.
  • User Inputs: Data, text, or other content that you provide to our AI models.
  • Anonymization: The process of irreversibly altering data so that it can no longer be used to identify an individual, directly or indirectly.
  • Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Data Controller: The entity that determines the purposes and means of the processing of personal data. For the purposes of this policy, Enosis Labs, Inc. is the Data Controller.
  • Data Processor: An entity that processes personal data on behalf of the Data Controller. This may include our service providers.

2. Information We Collect

2.1 Personal Information

  • Name and Contact Details: Your full name, email address, postal address, and phone number.

  • Account Credentials: Username, password, and other security information used to access your account.

  • Payment Information: Credit card details, billing address, and other information necessary to process payments (processed through a secure third-party payment processor).

  • Usage Data: Information about how you use our Services, including the features you access, the content you view, and the time and duration of your activities.

  • Device Information: Information about the device you use to access our Services, including the device type, operating system, unique device identifiers, and IP address.

  • Communication Logs: Records of your communications with us, including emails, support tickets, and chat logs.

  • Location Data: We do not collect precise geolocation data unless you explicitly consent to it for a specific feature that requires it. If we do collect location data, we will provide a clear notice and obtain your consent before doing so.

2.2 AI-Generated Data

  • User Inputs: The data, text, or other content you submit to our AI models.

  • Interactions with AI Models: Information about how you interact with our AI models, including the types of queries you make and the feedback you provide.

  • Generated Content and Results: The output generated by our AI models based on your User Inputs.

  • Performance Metrics: Data about the performance of our AI models, including accuracy, latency, and error rates.

  • Inferred Data: Our AI models may infer information about you based on your User Inputs and interactions. This may include, for example, inferences about your interests, preferences, or potential needs. These inferences are probabilistic and may not always be accurate. We use these inferences to personalize your experience and improve our Services. We do not use inferred data to make automated decisions with legal or similarly significant effects without your explicit consent.

2.3 Information from Third Parties

  • We may receive information about you from third-party sources, such as social media platforms, if you choose to connect your account to those services. We will only collect information from third parties with your consent or where we have a legitimate interest in doing so, and we will always comply with the privacy policies of those third parties.

3. Use of Your Information

Where we rely on legitimate interests as a legal basis for processing your Personal Information, we have conducted a balancing test to ensure that our interests do not override your rights and freedoms. You can request information about these balancing tests by contacting us at privacy@enosislabs.com.

  • Provide and Improve Our AI Services - Legal Basis: Performance of a contract; Legitimate interests (improving our services)
  • Personalize your experience - Legal Basis: Consent; Legitimate interests (providing a tailored user experience)
  • Process payments and transactions - Legal Basis: Performance of a contract
  • Communicate important updates and service-related information - Legal Basis: Performance of a contract; Legitimate interests (keeping users informed)
  • Send marketing communications (only with your explicit opt-in consent) - Legal Basis: Consent
  • Maintain service security and prevent fraud - Legal Basis: Legitimate interests (protecting our services and users); Legal obligation
  • Analyze and improve our AI models (using anonymized or pseudonymized data where possible) - Legal Basis: Legitimate interests (research and development); Consent (where required for using non-anonymized data)
  • Comply with legal obligations (e.g., responding to lawful requests from authorities) - Legal Basis: Legal obligation
  • Enforce our terms of service and other agreements - Legal Basis: Performance of a contract; Legitimate interests (protecting our rights)

4. Data Storage and Security

  • We use industry-standard encryption protocols (e.g., TLS/SSL) to protect data transmitted between your device and our servers.

  • We store your data in secure data centers with restricted access and robust physical security measures.

  • We implement access controls and authentication mechanisms to ensure that only authorized personnel can access your Personal Information.

  • We conduct regular security audits and vulnerability assessments to identify and address potential security threats.

  • We have data backup and recovery systems in place to protect against data loss.

  • We employ pseudonymization and anonymization techniques where feasible to minimize the risk of re-identification.

  • We maintain a comprehensive information security program that is aligned with industry best practices (e.g., ISO 27001, NIST Cybersecurity Framework).

5. Data Sharing and Third Parties

We may share your Personal Information with the following categories of third parties:

  • Service Providers: We use third-party service providers to assist us in providing our Services, such as cloud storage providers (e.g., AWS, Google Cloud, Azure), payment processors (e.g., Stripe, PayPal), and analytics providers (e.g., Google Analytics). We have data processing agreements in place with these providers that require them to protect your Personal Information and only use it for the purposes we specify.

  • Business Partners: We may share your Personal Information with business partners with your explicit consent. We will clearly identify the partner and the purpose of the sharing at the time we request your consent.

  • Legal Authorities: We may disclose your Personal Information to legal authorities if required by law, such as in response to a subpoena, court order, or other legal process.

  • Corporate Transactions: In the event of a merger, acquisition, sale of assets, or other corporate transaction, your Personal Information may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have regarding your Personal Information.

  • Aggregated or Anonymized Data: We may share aggregated or anonymized data that does not identify you with third parties for research, analytics, or other purposes.

6. AI Training and Model Development

  • We use data, including User Inputs and AI-Generated Data, to train and improve our AI models.

  • We prioritize the use of anonymized or pseudonymized data for AI training whenever possible.

  • Where we use non-anonymized data for AI training, we do so on the basis of our legitimate interests in improving our Services, and we implement appropriate safeguards to protect your privacy.

  • You have the right to object to the processing of your Personal Information for AI training. To exercise this right, please contact us at privacy@enosislabs.com. Please note that objecting to AI training may limit our ability to provide you with certain features or personalize your experience.

  • We retain data used for AI training for as long as necessary to achieve the purposes for which it was collected, or as required by law. We regularly review our data retention practices to ensure that we are not keeping data for longer than necessary.

7. User Rights

Under applicable data protection laws, including the CCPA/CPRA and, where applicable, the GDPR, you have the following rights:

  • Right of Access: You have the right to request access to the Personal Information we hold about you and to receive a copy of that data.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete Personal Information we hold about you.

  • Right to Erasure ('Right to be Forgotten'): You have the right to request that we delete your Personal Information, subject to certain exceptions (e.g., where we need to retain data to comply with legal obligations).

  • Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Information in certain circumstances.

  • Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • Right to Object: You have the right to object to the processing of your Personal Information, including for direct marketing purposes and for AI training (as described in Section 6).

  • Right to Withdraw Consent: Where we rely on consent as the legal basis for processing your Personal Information, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Non-Discrimination (CCPA/CPRA): We will not discriminate against you for exercising your CCPA/CPRA rights.

  • Right to Opt-Out of Sale (CCPA/CPRA): We do not sell your Personal Information as defined under the CCPA/CPRA. However, if we were to do so in the future, we would provide a clear 'Do Not Sell My Personal Information' link and comply with all applicable requirements.

  • To exercise any of these rights, please contact us at privacy@enosislabs.com. We will respond to your request within the timeframes required by law (generally, within 45 days for CCPA/CPRA requests and within one month for GDPR requests). We may need to verify your identity before fulfilling your request.

  • Please note that even after a data deletion request, Enosis Labs will retain basic information (such as a record of the deletion request and limited identifying information) for a maximum period of 90 days. This is to protect the company in case of any legal loopholes or potential liabilities, and to comply with our legal obligations. This retained information will be kept secure and will not be used for any other purpose.

8. International Data Transfers

  • Enosis Labs is based in the United States. If you are accessing our Services from outside the United States, your Personal Information may be transferred to, stored, and processed in the United States.

  • We comply with applicable legal requirements for cross-border data transfers. Where required, we use Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards to ensure that your Personal Information is protected when transferred outside of your jurisdiction.

  • We are committed to ensuring that your Personal Information receives an adequate level of protection, regardless of where it is processed.

9. Children's Privacy

Our Services are not directed to children under the age of 13 (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect Personal Information from children. If you are a parent or guardian and believe that your child has provided us with Personal Information without your consent, please contact us immediately at privacy@enosislabs.com, and we will take steps to delete such information.

9.1 Enhanced Protection Measures

  • We have implemented age verification protocols to prevent unauthorized access by minors.

  • We do not offer accounts or services to individuals we know to be under 13.

  • We do not engage in targeted advertising or profiling of children.

  • We comply with the Children's Online Privacy Protection Act (COPPA) and other applicable child-specific privacy regulations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email or other means. The 'Last updated' date at the top of this policy indicates when it was last revised. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised policy.

11. Compliance with International Privacy Laws

We are committed to complying with applicable privacy laws around the world, including the GDPR (where applicable) and the CCPA/CPRA.

11.1 GDPR Compliance (Where Applicable)

  • We have implemented data protection by design and by default principles (Article 25 of the GDPR).

  • We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

  • We provide enhanced mechanisms for data subject rights, including the right to be forgotten and data portability.

  • For cross-border data transfers to countries outside the EEA that are not deemed to provide an adequate level of protection, we rely on Standard Contractual Clauses (SCCs) and, where appropriate, Binding Corporate Rules (BCRs).

11.2 CCPA/CPRA Compliance

  • We have expanded our definition of Personal Information to include household data, as required by the CCPA/CPRA.

  • We do not sell your Personal Information.

  • We have established verification processes for consumer requests to access, delete, or opt-out of the sale of Personal Information.

  • We are compliant with the CPRA amendments, including the requirements related to sensitive personal information.

11.3 Delaware State Law Compliance

  • We adhere to Delaware's data breach notification law (6 Del. C. § 12B-101 et seq.). In the event of a data breach involving the Personal Information of Delaware residents, we will provide timely notification to affected individuals and to the Delaware Department of Justice as required by law.

  • We comply with the Delaware Online Privacy and Protection Act (DOPPA), to the extent applicable to our Services.

  • We implement reasonable security measures to protect Personal Information, as required by Delaware law.

12. Protection of Minors' Data

We have implemented strict measures to protect the data of minors, in accordance with international guidelines and local laws, including COPPA. We require verifiable parental consent for users under the age of 13 (or the applicable age of digital consent) before collecting or processing their Personal Information. We enforce robust security measures and transparent practices specifically designed for the protection of minors' privacy.

13. Ethical Data Practices

Enosis Labs is committed to ethical data handling practices. We collect, process, and store data in a manner that respects human dignity, protects individual rights, and promotes fairness. We are committed to using technology responsibly and avoiding any use of data that could result in discrimination or harm.

14. Moral Obligations and Transparency

Our privacy practices are founded on a strong sense of moral responsibility. We believe in complete transparency regarding our data practices. We strive to build trust through honest communication and accountability. We will clearly explain what data we collect, why we collect it, and how we use it.

15. Data Protection and Governance

At Enosis Labs, we implement comprehensive data protection measures to safeguard your privacy. Our governance framework ensures that your data is handled with care, in compliance with applicable laws, and with respect for your privacy rights. We regularly review and update our practices to adapt to evolving privacy standards and emerging technologies.

15.1 Data Protection Measures

  • We employ industry-standard encryption to protect your data during transmission and storage.

  • We implement strict access controls, limiting data access to authorized personnel on a need-to-know basis.

  • We regularly conduct security assessments and update our systems to address potential vulnerabilities.

  • We use data minimization principles to collect and retain only the information necessary for providing our services.

15.2 Data Breach Response

  • We maintain a comprehensive data breach response plan that prioritizes user notification and harm mitigation.

  • In the event of a data breach affecting your Personal Information, we will notify you promptly and provide guidance on protective measures.

  • We will provide details about what information was affected, how it happened, and what we're doing to prevent future incidents.

  • We comply with all applicable data breach notification laws, including the requirements under Delaware law (6 Del. C. § 12B-101 et seq.), GDPR, and CCPA/CPRA.

  • We document all incidents to improve our security practices and prevent future breaches.

Contact Information

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at:

Enosis Labs, Inc.

Email: privacy@enosislabs.com

Address: 1111B S Governors Ave STE 26317, Dover, DE 19904

Phone: +1 (302) 440-2854