Last Updated: October 17, 2024
Our services require us to collect various types of information from you. Understanding what we collect and how we use it is essential for maintaining transparency in our relationship with you.
When you use our services, we collect personal information that can identify you. This includes your full name, email address, phone number, and postal address. If you create an account with us, we also store your account credentials and any profile information you choose to provide. As you interact with our services, we automatically collect device identifiers, IP addresses, and maintain a history of how you use our platform.
To process payments and maintain our business relationship, we collect and store financial information. This includes your credit card or payment account details, billing address, and a complete record of your transaction history with us. We also retain any payment preferences you set to make future transactions more convenient.
Our systems automatically gather technical information about how you access and use our services. This includes details about your web browser type and version, the operating system you're using, specific device information, and various types of log data. If you grant permission through your device settings, we may also collect location data to enhance our services.
We utilize the information we collect in several specific ways, each designed to improve your experience and maintain our services.
The primary use of your data is to provide you with our services. This includes maintaining your account, processing your transactions, verifying your identity when you log in, and managing your relationship with us. We also use this information to respond to your requests and provide customer support when you need assistance.
We analyze how users interact with our platform to make it better. This involves studying usage patterns, identifying and fixing technical issues, developing new features, and improving existing ones. Your data helps us understand what works well and what needs improvement in our services.
To provide you with the most relevant experience, we use your data to personalize our services. This includes customizing the content you see, sending you tailored marketing communications (where you've consented to receive them), and remembering your preferences so you don't have to set them each time you visit.
While we primarily use your data internally, there are specific circumstances under which we share your information with third parties.
We work with trusted third-party service providers who help us operate our business. These include payment processors who handle transactions, cloud hosting providers who store our data, analytics services that help us understand user behavior, customer support tools that help us assist you, and marketing platforms that help us communicate with you. Each of these providers is contractually obligated to protect your data and can only use it for specified purposes.
We may be required to share your information to comply with legal obligations. This includes responding to court orders, subpoenas, or other legal processes. We may also share information if we believe it's necessary to protect our legal rights, enforce our terms of service, prevent fraud, or ensure the safety of our users.
If our company undergoes a business transition, such as a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.
We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction.
Our infrastructure employs multiple layers of security controls. We use end-to-end encryption to protect data in transit and at rest. All connections to our services are secured using industry-standard SSL/TLS encryption. We maintain robust firewalls and intrusion detection systems that continuously monitor for and block suspicious activities. Our systems undergo regular updates and patches to address any known security vulnerabilities.
Beyond technical measures, we maintain strict organizational controls to protect your data. We implement role-based access controls, ensuring employees can only access the data they need to perform their jobs. All our staff undergoes regular privacy and security training to understand their responsibilities in protecting your information. We maintain a comprehensive security incident response plan and conduct regular security audits to identify and address potential risks. Our data minimization practices ensure we only collect and retain information that's necessary for our services.
We believe in empowering our users with control over their personal information. You have several specific rights regarding your data, which we are committed to honoring.
You have the right to know what personal information we hold about you. Upon request, we will provide you with a comprehensive report of your data in our systems. This report includes details about how we've used your information and which third parties have accessed it. We will respond to your access request within 30 days.
You maintain control over your personal information. You can correct any inaccurate information in your profile at any time. If you need to update your contact details, preferences, or any other personal information, you can do so through your account settings or by contacting our support team. You also have the right to export your data in a machine-readable format, allowing you to transfer it to other services.
You have the right to request the deletion of your personal information from our systems. When you make a deletion request, we will remove your data within 30 days, except for information we are legally required to retain. We'll also notify any service providers who have accessed your data to delete their copies.
We maintain clear policies about how long we keep your information and when we delete it.
While your account is active, we retain your information to provide our services and maintain your account history. If you close your account, we initiate our deletion process, removing your personal information from our active systems within 90 days. Our backup systems retain data for up to 180 days to ensure we can recover from catastrophic system failures. Certain information may be retained longer if required by law or necessary for legitimate business purposes.
Some information may be retained beyond our standard retention periods. For example, we keep records necessary to prevent fraud, enforce our terms of service, or comply with legal obligations. If you've been involved in a dispute or legal proceeding related to our services, we may retain relevant information until the matter is resolved.
We use cookies and similar tracking technologies to enhance your experience on our platform. Understanding how these technologies work helps you make informed choices about their use.
Essential cookies are necessary for our website to function properly. They enable basic features like page navigation and access to secure areas of the website. Functional cookies remember your preferences and personalize your experience. Performance cookies help us understand how visitors interact with our website by collecting anonymous information. Marketing cookies track your browsing habits to deliver targeted advertising, but we only use these with your explicit consent.
You have full control over how cookies are used when you visit our site. Through our cookie preference center, you can choose which types of cookies to accept or reject. You can also manage cookies through your browser settings, including blocking or deleting them. We honor "Do Not Track" signals from your browser. If you choose to disable non-essential cookies, some features of our service may not function properly, but you will still be able to use essential features.
As a global service, we may transfer your information across international borders to provide our services effectively.
When we transfer data internationally, we ensure appropriate safeguards are in place. We use Standard Contractual Clauses approved by the European Commission for transfers from the European Economic Area. Where applicable, we rely on adequacy decisions made by competent authorities. For transfers to the United States, we work with providers certified under the Privacy Shield framework where relevant.
Your information may be stored and processed in the United States, the European Economic Area, or other countries where we or our service providers maintain facilities. Different countries have different data protection standards, but we ensure your information receives an adequate level of protection regardless of location.
We take additional precautions to protect children's privacy and comply with laws regarding the collection of information from young users.
Our services are not intended for children under the age of 13 (or higher in certain jurisdictions). We do not knowingly collect personal information from children. If we discover that we have inadvertently gathered personal information from a child under the applicable age limit, we will promptly delete this information. Parents or guardians who believe we may have collected information from a child should contact us immediately.
We regularly review and update our privacy policy to reflect changes in our practices and services.
When we make significant changes to this policy, we follow a careful update process. We review proposed changes with our legal team to ensure continued compliance with applicable laws. We document all changes and maintain a change log for transparency. Before implementing major changes, we provide advance notice to allow you to review the updates and make informed decisions about continuing to use our services.
We use multiple channels to inform you about privacy policy updates. You'll see a prominent notice on our website when changes are pending. We'll send an email to the address associated with your account describing significant changes. For major updates that affect your rights or how we use your data, we may use in-app notifications or pop-up alerts to ensure you're aware of the changes.
We welcome your questions and feedback about our privacy practices.
Our dedicated privacy team is available to address your concerns. You can reach our privacy team at privacy@a2labs.ai for specific privacy-related questions. For general support inquiries, contact support@a2labs.ai. Our Data Protection Officer can be reached at dpo@a2labs.ai for matters requiring special attention.
Our privacy practices comply with major privacy regulations worldwide, including the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. We maintain certifications for SOC 2 Type II, and PCI DSS for payment processing. Our compliance team regularly reviews and updates our practices to maintain alignment with evolving regulatory requirements.
Different jurisdictions provide their residents with specific privacy rights, which we honor accordingly.
If you're a California resident, you have specific rights under the CCPA and CPRA. You can request access to your personal information, ask us to delete your data, and opt out of the sale of your personal information. We will not discriminate against you for exercising these rights. You can designate an authorized agent to make requests on your behalf.
Residents of the European Economic Area have additional rights under the GDPR. You can object to our processing of your data, restrict how we use your information, and lodge complaints with supervisory authorities.
By using our services, you agree that any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the breach, termination, enforcement, interpretation, or validity thereof, shall be resolved by binding arbitration rather than in courts of general jurisdiction.
Initial Resolution Attempt: Before initiating arbitration, we encourage users to contact us directly to attempt to resolve any disputes informally.
Arbitration Rules:
Arbitration will be conducted by JAMS under its Comprehensive Arbitration Rules
The arbitration will be conducted by a single arbitrator
The arbitration will be conducted in [City, State]
The arbitration will be conducted in English
Costs:
We will reimburse filing fees for claims totaling less than $10,000 unless the arbitrator determines the claims are frivolous
We will not seek attorneys' fees and costs in arbitration unless the arbitrator determines the claims are frivolous
By agreeing to arbitration, you waive your right to:
Participate in a class action lawsuit
Participate in a class-wide arbitration
Have disputes resolved by a jury
Join or consolidate claims with claims of other persons
The following exceptions apply to this arbitration agreement:
Small claims court cases
Intellectual property disputes
Emergency injunctive relief
Government enforcement actions
We take the security of your data seriously and have implemented comprehensive procedures to address potential security incidents.
In the event of a security incident, our team follows a detailed response plan. We first work to detect and assess the nature and scope of the incident. Once we understand the impact, we take immediate steps to contain and remediate the issue. We document each step of our response process and use this information to strengthen our security measures.
If we discover a security incident that affects your personal information, we will notify you without undue delay. This notification will include:
A description of what occurred
The types of information involved
Steps we're taking to protect your data
Recommended actions you should take
Resources and support we're providing to affected users
We also report security incidents to relevant regulatory authorities as required by applicable laws and regulations.
To ensure clarity in our privacy policy, we want to define key terms that may be unfamiliar:
"Personal Information" refers to any information that can identify you as an individual
"Processing" means any operation performed on your data, including collection, storage, use, or deletion
"Service Providers" are third-party companies we work with to provide our services
"Cookies" are small text files stored on your device that help us remember your preferences
This privacy policy is informed by and complies with several laws and standards:
The General Data Protection Regulation (GDPR) in the European Union
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Industry best practices for data protection and privacy
Our internal policies and procedures for data handling