PRIVACY POLICY

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• names
• email addresses
• usernames
• passwords

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/privacy.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect basic location data based on your IP address for security purposes and service functionality. This helps us maintain the security of your account and provide region-specific services where necessary.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information:

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
• Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
• Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In what situations and with which parties do we share personal information?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

We may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
• Legal Requirements. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

5. WHICH THIRD-PARTY SERVICES DO WE USE?

Third-Party Service Providers

In Short: We use specific third-party services to power key features of our platform, each carefully selected with your privacy and security in mind.

To provide you with a secure and efficient service, we partner with several trusted third-party providers. Each of these partnerships is essential to delivering specific features of our platform, and we carefully control what information is shared with each service.

Payment Processing

For payment processing, we rely on Stripe, a leading secure payment provider. When you make a payment, your transaction is handled directly by Stripe's secure infrastructure. We never store your complete payment information on our servers. Instead, Stripe manages all sensitive payment data in accordance with the highest security standards. You can review Stripe's privacy practices at https://stripe.com/privacy.

Authentication

We use Google's Firebase Authentication service to securely manage user accounts and login processes. This service handles all authentication flows, including Google Sign-In integration. When you sign in, Firebase Authentication and Google Sign-In work together to provide secure access while sharing only essential profile information with us:

• Your name
• Email address
• Profile picture

Firebase Authentication provides enterprise-grade security for user accounts while maintaining your privacy. You can review the privacy policies at:

• Firebase: https://firebase.google.com/support/privacy
• Google Sign-In: https://policies.google.com/privacy

Analytics

We use Google Analytics to understand how our services are used and to improve your experience. This service helps us:

• Analyze how users interact with our platform
• Identify and fix technical issues
• Improve our services based on user behavior

Google Analytics collects standard internet log information and visitor behavior patterns. This data is processed in a way that does not identify individual users. You can learn more about Google Analytics' data practices by visiting their privacy policy.

AI Services

Our document analysis and chat features are powered by three leading AI providers: OpenAI, Anthropic, and Google. OpenAI's technology enables us to process your documents effectively through their text-embedding-3-large model, which creates searchable versions of your documents. They also provide the GPT 4o, o1-mini, and o3-mini models for some of our chat interactions.

Anthropic's Claude Sonnet models enhance our chat capabilities, helping provide accurate and contextual responses to your queries. Google's Gemini Flash model is used for some of our chat interactions. All services operate under strict data protection standards:

• Data is processed only as needed for providing our services
• Processing occurs in real-time with no permanent storage of your queries
• All interactions are protected by enterprise-grade security measures

You can review the privacy policies of these services at:

• OpenAI: https://openai.com/privacy
• Anthropic: https://www.anthropic.com/privacy
• Google: https://policies.google.com/privacy

We maintain strict oversight of all third-party services, ensuring they comply with applicable data protection regulations. Our agreements with these providers include strong data protection clauses, and we regularly review their security practices to ensure they meet our high standards for data privacy and security.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Cookies and Session Data

In Short: We use Google Analytics cookies for website visitors with their consent, and essential cookies for logged-in users. You can control your cookie preferences through our cookie banner.

Cookie Usage Before Login

For visitors who are not logged in, we use Google Analytics to understand how our website is used and to improve our services. When you first visit our website, you'll see a cookie banner that allows you to:

• Accept analytics cookies to help us improve our service
• Reject analytics cookies and still use our website
• Learn more about our cookie usage through this policy

Your choice is stored in your browser's local storage and respected across visits. You can change your preference at any time by clearing your browser's data.

Google Analytics

If you accept analytics cookies, we use Google Analytics to:

• Understand how visitors interact with our website
• Track which features are most useful to users
• Identify areas where we can improve
• Measure the effectiveness of our website

Google Analytics sets cookies that collect anonymous information about:

• Pages visited
• Time spent on the site
• Browser type and device information
• Approximate location (country/city level)

Cookie Usage After Login

When you create an account and log in, we use essential cookies that are necessary for our service to function. By creating an account, you consent to these essential cookies, which include:

• access_token: Our authentication cookie that keeps you securely logged in
• Firebase Authentication: Cookies required for secure authentication
• Stripe: Cookies necessary for payment processing

Your Control Over Cookies

You have several options to control cookies:

• Analytics Cookies: Use our cookie banner to accept or reject Google Analytics
• Browser Settings: Configure your browser to block or alert you about cookies
• Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on
• Essential Cookies: These are required for logged-in functionality and cannot be disabled while using our service

Please note that while you can reject analytics cookies and still browse our website, essential cookies are required if you want to use our service with an account. These essential cookies are only set after you create an account and log in.

7. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

Artificial Intelligence Integration

In Short: We use AI technology to process your documents and enable intelligent interactions with your content. This includes document analysis, text embedding creation, and AI-powered chat responses.

How We Use AI in Our Services

Our service utilizes artificial intelligence in two main ways:

1. Document Processing and Vectorization

• We use OpenAI's text-embedding-3-large model to create vector embeddings of your documents
• These embeddings allow for efficient semantic search and retrieval of relevant information
• The embeddings are stored securely in our vector database (ChromaDB)

2. Interactive Chat Functionality

• When you interact with your documents through chat:
  • Our system searches the vector database for relevant content
  • Retrieved content is used as context for generating responses
  • AI models process your questions along with the retrieved context to provide accurate answers

AI Models We Use

We currently utilize the following AI models:

• OpenAI's text-embedding-3-large for document vectorization
• Anthropic's Claude 3.5 Sonnet for chat interactions
• Anthropic's Claude 3.7 Sonnet for chat interactions
• OpenAI's GPT 4o for chat interactions
• OpenAI's o1-mini for chat interactions
• OpenAI's o3-mini for chat interactions
• Google's Gemini 2.0 Flash for chat interactions

Note: The specific AI models we use may evolve over time as technology advances. We may add new models or discontinue the use of others to provide you with the best possible service.

Data Processing and Privacy

When using our AI features:

• Your documents are processed securely to create vector embeddings
• Chat interactions are processed in real-time
• We limit the amount of context sent to AI models to what is necessary for accurate responses
• All AI processing is done in compliance with our security and privacy standards

8. HOW DO WE HANDLE AND SECURE YOUR DOCUMENTS?

How we handle your documents

In Short: Your documents are processed securely, converted into searchable format, and then immediately deleted from our servers. Only the necessary data for document analysis is retained in a secure, isolated database.

Document Processing Workflow

When you upload a document to our service, we follow a strict security protocol:

• Initial Upload: Documents are uploaded to our secure servers, which are protected by multiple security measures including:
  • Advanced intrusion prevention systems
  • Strict access controls
  • Secure NGINX configuration
  • Root login restrictions
• Processing: Documents are temporarily stored in a secure location while being processed and analyzed
• Data Extraction: The document's content is converted into a searchable format and stored in our secure vector database (ChromaDB)
• Immediate Deletion: After processing, the original document is permanently deleted from our servers

Data Storage Security

The extracted document data is stored in ChromaDB, which:

• Runs in an isolated Docker container
• Is not accessible from the internet
• Can only be accessed by our secure API service
• Is hosted on servers within the European Union

Document Deletion

When you delete a document from your dashboard:

• All associated data is immediately removed from our vector database
• No copies or backups of the document are retained
• The deletion is permanent and irreversible

This process ensures that your documents are handled securely throughout their lifecycle in our system, and that no document data remains after deletion.

9. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

Social logins

In Short: If you choose to register or log in to our Services using your Google account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your Google account. By choosing this authentication method, you consent to the use of necessary cookies and data processing by both our service and Google's authentication services. The profile information we receive will include your name, email address, and profile picture.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by Google. We recommend that you review Google's privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

10. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information only as long as necessary to provide our services or as required by law. For active accounts, we retain your data until you delete it. For cancelled subscriptions, we retain data for 60 days before permanent deletion.

Active Account Data Retention

Your data's security and privacy are our priority throughout its entire lifecycle in our system. While your account is active and in good standing, we maintain your information to ensure a seamless experience with our services. This includes the vector embeddings of your documents, your chat interactions, and basic account information. You maintain full control over this data and can delete any part of it at any time through your dashboard.

When You Cancel Your Subscription

We understand that circumstances change, and you might need to cancel your subscription. When this happens, we don't immediately delete your data. Instead, we retain it for 60 days after cancellation, giving you time to:

• Export your valuable chat histories and document data
• Reactivate your subscription if you change your mind
• Access your transaction history and account information

After this 60-day grace period, we permanently delete all your data from our systems to protect your privacy.

Account Deletion Process

When you request to delete your account, we take immediate action to protect your privacy. Most of your data is deleted instantly, including all document vector embeddings, chat histories, and personal information. However, we maintain certain basic account records and transaction history for 30 days after deletion. This brief retention period helps us comply with financial regulations and protect against fraudulent activity while still ensuring your privacy.

Legal Requirements and Data Protection

While we strive to delete your data as promptly as possible, certain legal and regulatory requirements may require us to retain specific information for longer periods. This typically applies to:

• Financial transaction records for tax purposes
• Basic account information for legal compliance
• Security-related data for fraud prevention

In these cases, we ensure that the retained data is minimized, secured, and used solely for compliance purposes. When we no longer have a legitimate need to process this information, we either delete or anonymize it completely.

Your Right to Data Export and Transfer

We are committed to providing you access to your data while maintaining security and privacy. Here's what you should know about data export and transfer capabilities:

• Document Export: Since we process documents and only retain their vector embeddings for analysis, we cannot provide exports of the original documents. We recommend keeping copies of your original documents in your own secure storage.
• Chat History and Account Data: To request exports of your chat histories or other account data, please contact us at contact@ai-lime.com. We will process your request and provide the data in a standard format within 30 days.
• Complete Data Export: If you need a complete export of all your personal data that we hold, please email your request to contact@ai-lime.com. We will compile your data and provide it to you in a machine-readable format.
• Data Transfer: For requests to transfer your data to another service provider, please contact us at contact@ai-lime.com. We will work with you to facilitate the transfer where technically feasible.

For all data-related requests, we will verify your identity before processing to ensure the security of your information. Please note that some requests may take up to 30 days to process, and we may need additional information from you to fulfill your request securely.

11. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

12. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at contact@ai-lime.com.

13. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and California, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA, UK, Switzerland, and California), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent

If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your user account.
• Contact us using the contact information provided.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies

Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

14. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

15. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

United States residents' specific privacy rights

If you are a resident of the United States, you have the right to access personal information we collect from you, change that information, or delete it. If you would like to exercise this right, please contact us.

16. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us at contact@ai-lime.com.