Data Protection Policy
Aktirak Corporation is committed to protecting your personal data and complying with global data protection regulations, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
1. Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: When you explicitly agree to data processing
- Contract Performance: To provide services you've subscribed to
- Legal Obligation: To comply with applicable laws
- Legitimate Interests: For business operations, fraud prevention, and security
2. Data We Collect
Account Information:
- Name, email address, company name
- Billing information (processed securely by Stripe)
- Account preferences and settings
Usage Data:
- Interaction with AI specialists
- Platform usage metrics
- Technical data (IP address, browser type, device information)
Communications:
- Support requests and correspondence
- Feedback and survey responses
3. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights:
- Right to Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for processing at any time
4. Your Rights Under CCPA
If you are a California resident, you have the right to:
- Know what personal information is collected
- Know if personal information is sold or disclosed
- Opt-out of the sale of personal information (we do NOT sell personal data)
- Access your personal information
- Request deletion of personal information
- Non-discrimination for exercising your rights
5. Data Retention
We retain personal data for as long as necessary to:
- Provide services to active subscribers
- Comply with legal and regulatory requirements
- Resolve disputes and enforce agreements
- Maintain legitimate business records
Specific retention periods:
- Active account data: Duration of subscription plus 30 days
- Billing records: 7 years (legal requirement)
- Support communications: 3 years
- Marketing data: Until you opt-out or request deletion
6. International Data Transfers
Your data may be transferred to and processed in countries outside your residence:
- We use Standard Contractual Clauses (SCCs) for EU data transfers
- Our cloud infrastructure providers are certified under relevant frameworks
- We ensure adequate protection for international transfers
7. Data Security Measures
We implement appropriate technical and organizational measures:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication mechanisms
- Regular security audits and vulnerability assessments
- Employee training on data protection
- Incident response and breach notification procedures
8. Data Breach Notification
In the event of a data breach:
- We will notify affected users within 72 hours of discovery
- Supervisory authorities will be informed as required
- We will provide details about the breach and mitigation steps
9. Children's Privacy
Our services are not directed to individuals under 16 years of age:
- We do not knowingly collect data from children
- If we discover such data, we will delete it promptly
- Parents/guardians can contact us to request deletion
10. Third-Party Processing
We work with trusted third-party processors:
- Stripe (payment processing)
- Cloud hosting providers (infrastructure)
- Email service providers (communications)
- All processors are bound by Data Processing Agreements (DPAs)
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
12. Exercising Your Rights
To exercise your data protection rights:
- Contact our privacy team
- Include your account email and specific request
- We will verify your identity
- Response within 30 days (GDPR) or 45 days (CCPA)
13. Complaints and Supervisory Authority
You have the right to lodge a complaint with a supervisory authority:
- EEA residents: Your local data protection authority
- UK residents: Information Commissioner's Office (ICO)
- We encourage you to contact us first to resolve issues
14. Contact Our Data Protection Officer
For data protection inquiries:
- Contact our Data Protection Officer
- Address: Aktirak Corporation, Data Protection Officer, [Address]