Erayaha AI Privacy Policy

Introduction

This Privacy Policy explains how Erayaha handles your information.

1. Information We Collect

We collect different types of information, including:

• Account Information: When you register for our services, we collect your name, email address, and organization details.
• Document Data: We process the documents you upload or analyze through our platform.
• Usage Information: We collect information about how you interact with our services, including features used and time spent on the platform.
• Device Information: We collect information about your device, including IP address, browser type, and operating system.

2. How We Use Your Information

We use your information for the following purposes:

• To provide and improve our services
• To personalize your experience
• To communicate with you about our services
• To ensure the security of our platform
• To comply with legal obligations

3. Your Document Data and AI Processing

Erayaha AI uses artificial intelligence to analyze your documents. Here's how we handle your document data:

• SaaS Deployment: If you use our cloud-based solution, your documents are securely processed on our servers. We implement robust security measures to protect your data.
• On-Premise Deployment: If you choose our on-premise solution, your documents never leave your infrastructure. All processing happens locally within your environment.
• Training Our AI Models: By default, we do not use your documents to train our AI models. If we wish to do so in the future, we will seek your explicit consent.
• Retention: We retain your document data only as long as necessary to provide our services or as required by law.

4. Data Sharing and Disclosure

We may share your information with:

• Service Providers: We work with third-party service providers who help us operate our business and deliver our services.
• Legal Requirements: We may disclose your information if required by law or in response to valid requests from public authorities.
• Business Transfers: If Erayaha is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share your information with third parties when we have your consent to do so.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services when you register and use our platform (GDPR Article 6(1)(b))
• Consent: Where you have given explicit consent for specific processing activities, such as marketing communications (GDPR Article 6(1)(a))
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and network security (GDPR Article 6(1)(f))
• Legal Obligations: Processing required to comply with legal and regulatory requirements (GDPR Article 6(1)(c))

6. Data Protection Officer (DPO)

We have designated a Data Protection Officer to oversee our data protection practices and ensure compliance with GDPR and other data protection laws.

You can contact our DPO for any questions or concerns regarding data protection at: privacy@erayaha.ai

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Information: Retained for the duration of your account plus 90 days after account closure
• Document Data: Retained according to your subscription plan settings or until you request deletion
• Usage Data: Retained for up to 24 months for analytics and service improvement
• Legal Compliance Data: Retained as required by applicable law (typically 6-7 years for financial records)

After the retention period expires, we securely delete or anonymize your personal data.

8. Subprocessors and Third-Party Services

We work with the following subprocessor who may process your data on our behalf:

• Vercel Inc. - Web hosting, infrastructure, and deployment platform (EU: Dublin & Frankfurt) - Privacy Policy

All subprocessors are contractually required to comply with GDPR and implement appropriate security measures. We maintain a current list of subprocessors and will notify enterprise customers of any changes.

Enterprise Sandbox Deployment: For enterprise customers who require complete data sovereignty, we offer a sandbox deployment option where the entire application runs on your own cloud infrastructure. In this configuration, no data is processed by third-party subprocessors, ensuring complete control over your data.

9. Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of your personal data and information about how we process it
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Article 18): Request limitation of processing of your personal data
• Right to Data Portability (Article 20): Receive your personal data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@erayaha.ai. We will respond to your request within 30 days as required by GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security
• Incident response and breach notification procedures

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all subprocessors
• Adequacy decisions where applicable
• Additional security measures for transfers to third countries

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child, please contact us immediately at privacy@erayaha.ai.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email (if you have provided one) or through a prominent notice on our website at least 30 days before the changes take effect. We will also update the "Last Updated" date at the bottom of this page.