Privacy Policy

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This includes: • **Account Information**: Name, email address, organization name, and password • **Payment Information**: Billing address and payment method details (processed by Stripe) • **Usage Data**: Information about how you use our platform, including analyses run and features accessed • **AI Model Data**: Information about AI systems you register for compliance monitoring • **Communication Data**: Messages and feedback you send to us

We use the information we collect to: • Provide, maintain, and improve our services • Process transactions and send related information • Send you technical notices, updates, and support messages • Respond to your comments, questions, and requests • Monitor and analyze trends, usage, and activities • Detect, investigate, and prevent fraudulent transactions and abuse • Comply with legal obligations and protect our rights

We implement appropriate technical and organizational measures to protect your personal data: • **Encryption**: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) • **Access Control**: Role-based access controls limit data access to authorized personnel • **Infrastructure**: Data is hosted on secure cloud infrastructure with SOC 2 certification • **Backups**: Regular encrypted backups with geographic redundancy • **Monitoring**: 24/7 security monitoring and intrusion detection Your data is stored in data centers located in the European Union, ensuring GDPR compliance.

We do not sell your personal data. We may share your information in the following circumstances: • **Service Providers**: With vendors who assist in providing our services (e.g., payment processing, hosting) • **Legal Requirements**: When required by law or to respond to legal process • **Protection of Rights**: To protect the rights, property, and safety of AI-Guard Lite, our users, or the public • **Business Transfers**: In connection with a merger, acquisition, or sale of assets • **With Your Consent**: When you have given us permission to share your data

If you are located in the European Economic Area, you have the following rights: • **Access**: Request a copy of the personal data we hold about you • **Rectification**: Request correction of inaccurate or incomplete data • **Erasure**: Request deletion of your personal data ("right to be forgotten") • **Restriction**: Request limitation of processing of your personal data • **Portability**: Receive your data in a structured, machine-readable format • **Objection**: Object to processing based on legitimate interests • **Automated Decisions**: Not be subject to solely automated decision-making To exercise these rights, contact us at [email protected].

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy: • **Account Data**: Retained until you delete your account, plus 30 days for backup removal • **Usage Analytics**: Aggregated and anonymized after 24 months • **Payment Records**: Retained for 7 years as required by tax regulations • **Audit Logs**: Retained for 3 years for compliance purposes • **Support Communications**: Retained for 2 years after resolution

We use cookies and similar technologies to: • Keep you logged in to your account • Remember your preferences and settings • Analyze how our services are used • Improve performance and user experience You can control cookies through your browser settings. Note that disabling certain cookies may affect functionality. We use the following types of cookies: • **Essential**: Required for basic functionality • **Analytics**: Help us understand usage patterns • **Preferences**: Remember your settings

Our service integrates with third-party services that have their own privacy policies: • **Supabase**: Authentication and database services • **Stripe**: Payment processing • **OpenAI/Anthropic**: AI model testing (only when you initiate tests) We recommend reviewing the privacy policies of these services. When you connect your AI models for testing, data is processed according to the respective provider's policies.

AI-Guard Lite is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data outside the EEA, we ensure appropriate safeguards are in place: • Standard Contractual Clauses approved by the European Commission • Adequacy decisions where applicable • Binding Corporate Rules for internal transfers

We may update this Privacy Policy from time to time. We will notify you of any material changes by: • Posting the new policy on this page • Updating the "Last Updated" date • Sending you an email notification for significant changes Your continued use of our services after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us: **Data Protection Officer** Lumina Global Technologies Inc. Email: [email protected] For GDPR-related inquiries: Email: [email protected]