Privacy Policy

Last updated: August 15, 2025

1. Introduction and Definitions

Welcome to Enosis Labs, Inc. ('Enosis Labs,' 'we,' 'us,' or 'our') Privacy Policy. This policy explains how we collect, use, disclose, and protect your Personal Information when you use our artificial intelligence services and interact with our platform (the 'Services'). This policy is governed by the laws of the State of Delaware and applicable federal laws of the United States. By using our Services, you consent to the practices described in this policy.

Definitions

Personal Information
Information that identifies, relates to, describes, or could reasonably be associated or linked, directly or indirectly, with a particular consumer or household.
AI-Generated Data
Data created or inferred by our AI models based on User Inputs and interactions with our Services.
User Inputs
Data, text, or other content that you provide to our AI models.
Anonymization
The process of irreversibly altering data so that it can no longer be used to identify an individual, directly or indirectly.
Pseudonymization
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without additional information.
Data Controller
The entity that determines the purposes and means of the processing of personal data. For purposes of this policy, Enosis Labs, Inc. is the Data Controller.

2. Information We Collect

2.1 Personal Information

  • Identification and contact data: Full name, email address, postal address, and phone number
  • Account credentials: Username, password, and security information to access your account
  • Payment information: Credit card details and billing address (processed through secure third-party payment processors)
  • Usage data: Information about how you use our Services, including features accessed, content viewed, and time and duration of activities
  • Device information: Device type, operating system, unique device identifiers, and IP address
  • Communication logs: Records of communications with us, including emails, support tickets, and chat logs
  • Note on location data: We do NOT collect precise geolocation data unless you explicitly consent for a specific feature that requires it.

2.2 AI-Generated Data

  • User Inputs: Data, text, or other content you submit to our AI models
  • AI model interactions: Information about how you interact with our AI models
  • Generated content and results: Output generated by our AI models based on your User Inputs
  • Performance metrics: Data about the performance of our AI models
  • Inferred data: Our AI models may infer information about you. These inferences are probabilistic and may not always be accurate. We do NOT use inferred data to make automated decisions with legal or similarly significant effects without your explicit consent

2.3 Third-Party Information

  • We may receive information about you from third-party sources, such as social media platforms, only if you choose to connect your account to those services and with your explicit consent.

3. Legal Bases and Use of Your Information

We process your Personal Information based on the following specific legal bases:

3.1 Legal Bases by Purpose

  • Provide and improve AI services - Legal Basis: Contract performance
  • Personalize your experience - Legal Basis: Consent (only with explicit opt-in)
  • Process payments - Legal Basis: Contract performance
  • Service communications - Legal Basis: Contract performance
  • Marketing - Legal Basis: Consent (only with explicit opt-in)
  • Security and fraud prevention - Legal Basis: Legitimate interest
  • Legal compliance - Legal Basis: Legal obligation
  • Enforce terms - Legal Basis: Contract performance

3.2 Balancing Tests

  • Where we rely on legitimate interests as legal basis, we have conducted documented balancing assessments to ensure our interests do not override your rights and freedoms.
  • These assessments are available upon request by contacting privacy@enosislabs.com.

4. Data Security and Protection

We implement a comprehensive information security program aligned with industry best practices:

4.1 Technical Measures

  • Encryption: Industry-standard encryption protocols (TLS/SSL) for data in transit and at rest
  • Access controls: Multi-factor authentication and role-based access for authorized personnel
  • Security audits: Regular vulnerability assessments and penetration testing
  • Monitoring: Intrusion detection systems and anomalous activity monitoring

4.2 Organizational Measures

  • Training: Regular privacy training program for all employees
  • Impact assessments: Data Protection Impact Assessments (DPIA) for high-risk processing
  • Backup and recovery: Robust data backup systems and disaster recovery
  • Framework compliance: Alignment with ISO 27001, NIST Cybersecurity Framework

5. AI Training and Model Development

5.1 Opt-In Default Model

  • By default, we DO NOT use your content to train our AI models. This is our standard position to respect your privacy and control over your data.

5.2 Voluntary Participation

  • If you wish to contribute to the improvement of our AI models, you may opt to participate through account settings with granular consent options and easy revocation.

5.3 Training Data Safeguards

  • Anonymization: We prioritize the use of anonymized or pseudonymized data
  • Minimization: We only use the minimum data necessary for the specific purpose
  • Limited purpose: Data is used only for specific agreed model training
  • No sale: We never sell or license user data to third parties

6. Data Sharing and Third Parties

We may share your Personal Information with the following categories of third parties:

6.1 Service Providers

  • Cloud infrastructure: AWS, Google Cloud, Azure
  • Payment processors: Stripe, PayPal
  • Analytics: Google Analytics (only with consent)
  • All providers have data processing agreements requiring them to protect your information

6.2 Business Partners

  • We only share data with business partners with your explicit consent and clear identification of the partner and purpose.

6.3 Legal Authorities

  • We may disclose information to legal authorities when required by law, such as in response to a subpoena or court order.

6.4 Corporate Transactions

  • In case of merger, acquisition, or asset sale, your information may be transferred to the acquiring entity with prior notification.

7. Data Retention Policy

7.1 Retention Principles

  • Minimization: We retain data only as long as necessary for stated purposes
  • Regular review: We evaluate and delete data that is no longer necessary
  • Legal compliance: Some data may be retained to comply with legal obligations

7.2 Specific Retention Periods

  • Active account data: While account is active
  • Inactive account data: 3 years after last activity
  • Billing data: 7 years (legal and tax requirements)
  • Communication logs: 2 years
  • Security logs: 1 year
  • AI training data: Until consent withdrawal (if user opted in)

8. User Rights and Controls

Under applicable data protection laws, including CCPA/CPRA and GDPR (where applicable), you have the following rights:

8.1 Fundamental Rights

  • Right of access: Request access to personal information we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete information
  • Right to erasure: Request deletion of your personal information (with certain exceptions)
  • Right to restriction: Request restriction of processing in certain circumstances
  • Right to portability: Receive your data in structured, machine-readable format
  • Right to object: Object to processing, including for direct marketing and AI training

8.2 Exercising Your Rights

  • Contact: privacy@enosislabs.com
  • Response time: 45 days for CCPA/CPRA, 30 days for GDPR
  • Verification: We may need to verify your identity before fulfilling requests

8.3 CCPA/CPRA Specific Rights

  • Non-discrimination: We do not discriminate for exercising CCPA/CPRA rights
  • No sale: We do NOT sell personal information as defined in CCPA/CPRA

9. Children's Privacy

9.1 Age Policy

  • Our Services are NOT directed to children under 13 years old (or the relevant age of digital consent in your jurisdiction). We do NOT knowingly collect Personal Information from children without verifiable parental consent.

9.2 Enhanced Protection Measures

  • Age verification protocols to prevent unauthorized access by minors
  • No profiling or targeted advertising to children
  • COPPA compliance and other child-specific regulations
  • Immediate deletion if we discover we have collected data from minors without consent

10. International Data Transfers

10.1 Data Location

  • Enosis Labs is based in the United States. If you access our Services from outside the United States, your personal information may be transferred, stored, and processed in the United States.

10.2 Transfer Safeguards

  • Standard Contractual Clauses (SCC) approved by the European Commission
  • Transfer assessments to ensure adequate protection
  • Local requirements compliance for cross-border transfers

11. Data Breach Response

11.1 Breach Response Plan

  • Immediate containment of the incident
  • Impact assessment on affected personal information
  • Timely notification to affected users
  • Damage mitigation and protective measures

11.2 Notification Process

  • User notification: Within 72 hours of discovery (per GDPR) or without unreasonable delay (per CCPA)
  • Notification content: What information was affected, how it occurred, what we're doing to prevent future incidents
  • Protection guidance: Steps you can take to protect yourself

12. Contact and Policy Updates

12.1 Contact Information

  • Privacy Team Email: privacy@enosislabs.com
  • Address: 1111B S Governors Ave STE 26317, Dover, DE 19904
  • General support: support@enosislabs.com

12.2 Policy Updates

  • Periodic reviews: We update this policy to reflect changes in services or laws
  • Material changes notification: By email, prominent service notice, and website posting
  • Notice period: 30 days advance notice for material changes
  • Revision date: The 'Last updated' date indicates when it was last revised

12.3 Commitment to Transparency

  • Clear communication about our data practices
  • Accountability in handling your information
  • Continuous improvement of our privacy practices
  • Timely response to your questions and concerns

This Privacy Policy was updated to reflect legal and transparency best practices as of August 2025, including specific considerations for artificial intelligence services, emerging data regulations, and enhanced user rights protection.