Aibrary Privacy Policy

1. Scope of This Policy

This policy outlines the processing of personal information provided or collected through our sites, applications, products, or services. In some cases, additional data privacy notices may be provided for specific products, practices, or regions.

If you access our services through third-party sites or platforms, those platforms may independently collect and process your data. We recommend reviewing their privacy policies carefully, as their practices are outside our control, and your choices on their platforms do not affect our management of your data collected through Aibrary.

We recognize our responsibility to all recipients of our products and services, including website visitors, registered users, and administrators acting on behalf of customers, to collect, manage, process, and use personal information ("Personal Data") in compliance with the laws and regulations of the countries in which we operate.

The term "applicable data protection law" refers to any relevant data protection regulations in your location, such as the GDPR for those in the EU/EEA. References to the "GDPR" include the European General Data Protection Regulation as well as the corresponding UK GDPR, which implements the European GDPR into national law.

2. Information Collected or Processed

2.1 Categories of Personal Data

Aibrary may collect or process the following categories of Personal Data to ensure security, enhance our services, and provide them to our customers:

• Identifiers: Includes real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
• Customer Records Information: Includes details such as name, credit card number, debit card number, or other payment-related information, as well as subscription purchase details.
• Internet or Other Electronic Network Activity: Encompasses browsing history, search history, and interactions with websites, applications, or advertisements.
• Geolocation Data
• Professional or Employment-Related Information
• Educational Information
• Content Data: Includes any information provided while using our features and products, such as AI inputs, direct messages, and chat messages.
• Audio Recording: If you choose to turn on your microphone during your interaction with the product, your voice may be recorded.
• Inferences: Insights derived from the collected information to assess preferences, characteristics, behaviors, attitudes, abilities, and aptitudes.

2.2 Sources and Purposes

Personal Data may be collected or processed from various sources, including information directly provided by you, online tracking technologies, automatic data collection tools, social media platforms, business partners, and service providers.

The purposes of collecting or processing this data include delivering products and services, analyzing user behavior for testing and product development, communication, program administration, security and fraud prevention, compliance with legal obligations, core business operations, employment and job application processes, marketing and promotions (including targeted advertising), analytics, and personalization.

3. How We Disclose Information

3.1 Recipients of Personal Data

To provide our services effectively and operate efficiently, we work with various external companies to whom we may disclose your Personal Data. These recipients include:

• Hosting Providers: We engage certified service providers to host our website, services, and IT systems, as we do not operate our own servers.
• IT and SaaS Providers: Various service providers assist us in delivering our services.
• Advertising and Marketing Service Providers: To enhance our offerings and attract new customers, we work with advertising and marketing firms.
• Affiliated Companies: As a global company with teams in multiple countries, we may transfer Personal Data to subsidiaries and other entities within our corporate group.
• Public Authorities: We may transfer Personal Data to comply with legal obligations or respond to court orders and official requests.
• Payment Providers: To process payments, we share Personal Data with payment processors and banks acting as data controllers and/or processors.
• Other Recipients: We may also disclose Personal Data to organizations such as postal and delivery services, financial institutions, tax consultants, auditors, tax authorities, and service providers responsible for data destruction.

We carefully select service providers and business partners based on their technical and organizational safeguards to ensure the protection of Personal Data. We take all reasonable measures, such as implementing appropriate data processing agreements, to safeguard your information.

Additionally, we may disclose Personal Data to service providers and third parties when required to comply with laws and regulations, respond to legal demands, exercise or defend legal rights, investigate and prevent fraudulent or illegal activities, address potential security threats, or enforce our terms and conditions. Personal Data may also be shared when necessary for business financing, insurance, or the sale of assets. Anonymized or aggregated data may be disclosed at our discretion in compliance with applicable laws.

If you post information or content on public online forums or social media platforms, such as our social media accounts, that information becomes publicly accessible. We do not have control over its further use by third parties.

3.2 Data Transfer Safeguards

We aim to provide transparency regarding our privacy practices and principles in a clear and understandable manner. We are committed to handling your personal information with care and respect. If you have any questions or concerns about how your information is used, we encourage you to contact us.

4. How Long We Store Your Personal Data

Unless stated otherwise, we retain Personal Data only for as long as necessary to fulfill the purpose of processing or to meet contractual and legal obligations. Statutory retention requirements, particularly those related to commercial or tax laws, may mandate specific storage durations. From the end of the calendar year in which the data was collected, we retain Personal Data in accounting records for ten years and Personal Data in commercial correspondence and contracts for six years. Additionally, data related to consent records, complaints, and claims are kept for the duration of statutory limitation periods. Personal Data collected for advertising purposes will be deleted upon objection to its processing.

5. Our Commitment to Protecting Children's Information

Our services are not designed for children, and we do not knowingly collect information from them through our sites, products, or services. By using our services, you confirm that you have reached the legal age of majority in your jurisdiction or that your legal representatives have provided consent if applicable.

If you believe that a child has provided us with personal information, please notify us. If we discover that we have collected information from a minor without the necessary legal consent, we will take immediate steps to delete the data and terminate the associated account.

6. Cookies and Other Technologies

We use cookies and similar technologies to enhance user experience on our website and services. Cookies are unique identifiers transferred to your browser or device, allowing us to recognize users and track interactions with our services, including page visits and feature usage.

You may adjust your browser or device settings to restrict or block cookies; however, doing so may limit access to certain features. We recommend keeping cookies enabled to ensure the best possible experience.

7. Our Global Data Transfer Practices

As a globally operating company, we store and process Personal Data in various locations worldwide. This may involve transferring Personal Data to countries that do not provide the same level of data protection as those governed by the GDPR. Such transfers are permissible if the European Commission or the UK government has determined that the destination country ensures an adequate level of data protection.

If no such adequacy decision exists, Personal Data will only be transferred if appropriate safeguards, as outlined in Article 46 of the GDPR, are in place or if one of the conditions specified in Article 49 of the GDPR is met. In the absence of an adequacy decision, we rely on the EU Standard Contractual Clauses (EU SCCs) or the Standard Data Protection Clauses approved by the UK's supervisory authority (UK SCCs) to ensure the lawful and secure transfer of Personal Data. Copies of these safeguards can be provided upon request.

In exceptional cases where no adequacy decision or safeguards exist, Personal Data may be transferred based on explicit consent, in compliance with the legal requirements under Article 49(1)(a) of the GDPR.

8. Our Group-Wide Data Transfer Practices

Ouraca Inc. operates within a group of companies collaborating to enhance service delivery. As part of this cooperation, we may transfer Personal Data to other companies within our corporate group or grant them access to such data. When such transfers are made for administrative purposes, they are based on legitimate business and economic interests (Article 6(1)(f) GDPR). Transfers may also occur when necessary to fulfill contractual obligations (Article 6(1)(b) GDPR), when consent has been provided (Article 6(1)(a) GDPR), or when other legal bases apply.

To ensure compliance with applicable regulations and maintain the security of Personal Data, all internal data transfers within our corporate group are conducted under Internal Data Transfer Agreements (IGTA).

9. Your Privacy Rights

9.1 Available Rights

If you reside in certain states or countries, you have the right to exercise data protection rights under applicable laws. These rights include:

• Right to Information and Access: The right to be informed about how your Personal Data is processed and to access the data we hold about you.
• Right to Rectification: The right to request corrections to inaccurate or incomplete Personal Data.
• Right to Deletion: The right to request the deletion of your Personal Data.
• Right to Restriction of Processing: The right to request limitations on how your Personal Data is processed.
• Right to Data Portability: The right to receive a copy of your Personal Data in a structured, commonly used, and machine-readable format and transfer it to another data controller.
• Right to Withdraw Consent: If you have provided consent for data processing, you may withdraw it at any time. Withdrawal does not affect the legality of data processing carried out before consent was revoked.
• Right to Opt-Out: The right to opt out of certain types of processing, including targeted advertising, the sale of Personal Data, and profiling under applicable data protection laws.

9.2 Exercise of Rights

If your Personal Data is processed based on legitimate interest—such as for direct marketing or profiling related to marketing—you have the right to object at any time. If you object to marketing-related processing, we will immediately stop processing your data for that purpose. For other objections, we will carefully review your request and cease processing unless we have compelling legal grounds that override your request or require the data for legal claims.

Exercising your privacy rights will not result in any discrimination against you.

To exercise your rights, you can contact us. When we receive a request, we may verify your identity by reviewing the information we have collected, such as login details, email address, mailing address, or transaction records. If an authorized agent submits a request on your behalf, we may require proof of authorization, including signed permission. In some cases, we may also request direct confirmation from you.

There may be circumstances where we cannot fulfill your request due to legal or regulatory obligations. If this occurs, we will provide an explanation and respect your right to appeal where applicable. Any Personal Data processed for the purpose of handling privacy rights requests will be used solely to fulfill the request, maintain records of compliance, and monitor data protection practices.

9.3 Appeals and Limitations

10. Your Controls and Choices Regarding Marketing Messages

We may use the email address provided during registration for our products, webinars, or services to send information about similar products or services. You have the right to opt out at any time.

You can manage your marketing communication preferences by contacting us. Please note that opting out will not affect administrative emails related to your account, transactions, or policy updates. Additionally, the legality of data processing conducted before your opt-out request will remain unaffected.

11. How to Contact Us

For any questions regarding how we process your information, you can contact:

Ouraca Inc.

Registered in Delaware

Email: privacy@aibrary.ai