IDOX.AI PRIVACY POLICYMay.9.2024
Your right to privacy and control over your personal information is very important to everyone at iDox.ai. To ensure that you understand how iDox.ai collects and uses personal data, please note the information below.
This Privacy Policy governs how iDox.ai uses personal data when you visit our website, and when you access and use any of iDox.ai products and services (desktop applications, cloud services, and mobile applications), including but not limited to the iDox.ai Sensitive Data Discovery, the iDox.ai Redact, the iDox.ai Compare and the iDox.ai Compliance Report. You are responsible for checking this policy from time to time as the list of products and services, along with the policy as a whole, may change from time to time.
1. Responsible body
Responsible body for the collection, processing, and use of your personal data on this website is
iDox.ai
39355 California Street
Suite 302
Fremont, CA 94538
USA
Email: [email protected]
For any questions about privacy in connection with our products and services or the use of our website, you can always contact our data protection officer.
39355 California Street
Suite 302
Fremont, CA 94538
USA
Email: [email protected]
2. General collection, processing and use of personal data in the context of the use of the website
When you visit our website, and/or use our products or services, the following information may be collected (i) when you send us such information, or (ii) depending on the activity, without your active participation, and will be stored until automated deletion:
- Your computer’s IP address;
- The date and time of access;
- The website from which the access takes place (i.e. referrer URL);
- The browser and operating system of your computer as well as the name of your access provider.
- Time spent on each website page;
- Your pattern of use;
- Any feedback you send us;
- Any other information to provide identification that helps us provide the service and comply with the law.
- Ensuring a smooth connection to the website;
- Ensuring a great user experience of our website;
- Evaluation of system security and stability;
- For further administrative purposes.
- First and last name;
- Company;
- Email;
- Telephone;
- Number of licenses required;
- Or other information, depending on the nature of your inquiry.
- For sales and marketing purposes to follow up on your request and to provide additional information or to answer questions.
- For responding to inquiries and to otherwise correspond with you;
- For managing our relationship with you;
- For communicating with you;
- For supplying you the purchased software service;
- For keeping proper records of transactions with you;
- For meeting legal obligations.
3. Third-Party data processing in the context of contract execution
- Your name;
- Your email address.
- Payment information, such as your bank account or credit card information (if applicable).
Your personal data will only be passed on to third-parties or otherwise transmitted if this is necessary for the purpose of contract execution or billing or if you have previously consented. For example, in the context of order processing, the service providers used here (such as PayPal or banks) the necessary data to handle the order and order process. The data transmitted in this way may only be used by our service providers to fulfill their task. Any other use of the information is not permitted.We need your email address so that we can confirm the order and communicate with you. Furthermore, you will receive the order confirmation and invoice via your email address. The legal basis for the data processing described in this section is the fulfillment of our contractual obligations or the implementation of pre-contractual measures.
4. Create an iDox.ai account
If you create an iDox.ai account, we will also use your email address as a login. The creation of an iDox.ai account is not required and optional to download and order products. However, an iDox.ai account allows you to download free trial versions, view your previous online orders, manage your subscriptions, and use iDox.ai cloud service and web applications. The legal basis of the processing is your consent.
You are able to log in to our website using sign-in services such as Facebook Connect, Google Account,Microsoft Account,Linked In Account or a Foxit ID. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form. Services like Facebook Connect give you the option to post information about your activities on this website to your profile page to share with others within your network.
5. Use of iDox.ai cloud service
iDox.ai provides a number of cloud services allows user to upload files for analyzing and review contracts. Files are uploaded and created when you are using these cloud services, other content or usage data can be created as well.
You may choose to give us access to your contacts to make it easy for you to do things like share your file, send messages, and invite others to use the services. If you do, we'll store those contacts on our servers for you to use.
We may share your information, including when you share file in the iDox.ai cloud service that by their nature support sharing with third parties who you choose. Your name, email address, information from your profile and online account (including your photo), and any content you choose to share will be shared with such third parties, and such third parties may communicate with you (such as by posting comments or emailing you) in connection with your use of the collaboration features of the iDox.ai cloud service. For example, third parties who you invite to collaborate with you using the collaboration features of the iDox.ai services may also modify comment the file that you have shared, share such content outside of the iDox.ai Services, and provide other third parties with rights to view the Content you have shared.
All the files you upload to iDox.ai cloud services and data you created using the iDox.ai services are stored on an appropriate server infrastructure for processing. Unless you choose to store the files and data on iDox.ai server for a later usage, all these files your uploaded will be deleted once procession is completed, and the output files will be deleted in one day. We keep the files for the sole purpose of giving you and your designated third parties the access to the files and data for as long as you need them. During that time, we don’t look at the files or mine any data from them. No backups are made of any transitional uploaded files nor their processed output, neither are the contents monitored without the explicit permission of user.
The legal basis of the processing is your consent.
6. Use of Cookies, Pixels, Beacons, and Other Tracking Technologies
Our website may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a user – places on the user’s device to remember information about the user, such as the user’s language preference or login information.
This type of cookie is set by us and is referred to as a “first-party cookies.” iDox.ai uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.
We also incorporate cookies and similar technologies, such as pixels, tags, and web beacons, from outside iDox.ai domain (“third-party cookies”). Third-party cookies gather information to enable our vendors to provide a range of services to us, including targeted advertising and measuring the success of our advertising campaigns.
Below is a detailed list of the categories of first- and third-party cookies we use on our website. You can prevent the collection of data by non-essential performance, functional and marketing cookies by clicking on “Your Privacy Choices” in our website footer and toggling off the related functionality.
Essential Cookies
Essential cookies are necessary for the website to function properly and cannot be switched off in our systems. They are usually only set in response to a site visitor’s request for services, such as a visitor setting their privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the website from working correctly or might prevent the Website from working at all.
Non-Essential Cookies
Non-Essential are not essential to the website functionality but serve some other unique purpose in three subcategories:
- Performance
- Functional
- Marketing
“Performance” cookies: (sometimes referred to as static cookies) collect information about the user's behavior on the website without collecting personal information, for example:
- Pages the user visits.
- Ads the user views.
- Ads or site features that the user clicks.
“Functional” cookies: (sometimes called preference cookies) track and remember the user's preferences and past choices on the website to provide a personalized user experience. For example, functional cookies can collect:
- Usernames
- Passwords
- Regions
“Marketing” cookies: (sometimes called tracking or advertising cookies) can track:
- Content the user views
- Links the user follows
- The user's browser and device information and IP address
Cookie Management
You can control and manage cookies associated with your browser. If you are interested in controlling and managing cookies from your browser including any set by our Website, please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings.
If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies.
- http://www.lavasoftusa.com/products/ad-aware_se_personal.php
- http://www.spybot.info/en/download/index.html
- http://www.webroot.com/consumer/products/spysweeper/
DAA and NAI
Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain self-regulatory programs along with websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.
- To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering found here: https://youradchoices.com/appchoices.
Non-Participant Opt Out Options
- Some of our vendors do not participate in the DAA or NAI self-regulatory programs for online behavioral advertising or have developed their own processes for allowing consumers to opt-out: https://branch.app.link/optout
- Some devices and apps do not have access to web-based browser cookie opt-outs. To learn more about the advertising opt-outs provided by your mobile device's operating system (like iOS and Android) or the device manufacture, click here.
You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:
- Safari
- Microsoft Edge
- Google Chrome
- Mozilla
Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals.
7. Use of web analytics and additional services
Web analytics and the other named services in this section are used for the continuous optimization of our website. The tracking provides a statistically record of the use of our website and to evaluate it for the purpose of optimizing our offer to you. The respective data processing purposes and data categories can be found in the corresponding listed below and tracking tools. Legal basis for the data processing described in the following section is our authorized interest in the needs-based design and continuous optimization of our website. For further details of our legitimate interest, reference is made to the description in the following services.
- For the purpose of the customized design and continuous improvement of our website we use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; in following "Google"). In this context, pseudonymized usage profiles are created and cookies (see Section 5) are used. Information generated by the cookies about your use of this website include: Browser type / version;
- Operating system;
- Referrer URL (the previously visited page);
- IP address of the accessing computer;
- Time of server request;
- Pages visited.
This information is transmitted to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data in the order. The data accumulated in this context is transmitted by Google for evaluation to a server in the USA and stored there. In the event that personal data is transferred to the USA, Google is subjected to the EU-US Privacy Shield. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible.
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on( https://tools.google.com/dlpage/gaoptout?hl=en ). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics. An opt-out cookie will be set which will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must reset the opt-out cookie again. For more information about privacy related to Google Analytics, see the Google Analytics Help Center ( https://support.google.com/analytics/answer/6004245?hl=en ).
b. Stripe
iDox.ai uses online payment management services from Stripe (Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA). The service allows iDox.ai to record process monthly and annual subscription purchases for iDox.ai products and stores the necessary billing information provided by the customers to successfully process each transaction. Your data is hosted by Stripe in the United States. The data processing by Stripe takes place partly on servers in the USA. In the event that personal data is transferred to the USA, Stripe is subjected to the EU-US Privacy Shield. The use of an external payment service provider is based on our legitimate interest to you with offering Stripe as an additional payment option. For more information about Stripe, visit https://stripe.com/us/privacy.
c. Mailgun Technologies, Inc.
Some iDox.ai cloud services use Mailgun email services from Mailgun Technologies, Inc. (“Mailgun”) to send emails on behalf of iDox.ai and to deliver the service and account management notice to You. Mailgun collects information that your browser sends whenever you fill in a sign up or contact form on their website or send Foxit an email. This data may include Your personal information (i.e., Your name, company name, email address) and your non-personal information. For further information regarding Mailgun, visit their privacy policy https://www.mailgun.com/privacy-policy.
d.Third Party Cloud Storage Services
We may provide third party cloud storage services in our products and services for your convenience at your choice, such as Google Drive, Microsoft OneDrive, Dropbox, or others to you. You acknowledge and understand that the data collection of such cloud storage services shall be governed by the privacy policy provided by such third parties.
e. iDox.ai Dashboard
For the purpose of improving product quality and features, we may process how you use some of our products and services (“Usage Data”) with our internal system iDox.ai Dashboard. You have the option to share the following data about how you use and interact iDox.ai products and services:
- iDox.ai product information, such as product name, version, language;
- Information about your documents, such as number of pages, and unique document identifiers, (but not the content in your documents);
- Document usage information such as how many times you open a document; and
- How you interact with iDox.ai products and services, including the features you use and the options you select.
You can choose not to share Usage Data by setting your preferences on your products or services page.
f. Azure Open AI
Some iDox.ai cloud services use Azure Open AI service from Microsoft (Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA). The AI Assistant feature is placed in our Services to help you to summarize and rewrite the content you choose. You acknowledge and agree that Microsoft will process the text prompts, queries and responses. For more information about the data processing, visit https://learn.microsoft.com/en-gb/legal/cognitive-services/openai/data-privacy?context=%2Fazure%2Fcognitive-services%2Fopenai%2Fcontext%2Fcontext.
g. Google reCAPTCHA
This website uses Google reCAPTCHA Enterprise to help prevent fraud and spam. reCAPTCHA Enterprise collects hardware and software information, such as device and application data, and sends it to Google for purposes of providing, maintaining, and improving reCAPTCHA Enterprise and for general security purposes. More information can be found in the Privacy Policy from Google at https://policies.google.com/privacy?hl=en-US. Your use of reCAPTCHA Enterprise is subject to Google's Terms of Use and Privacy Policy.
h. Hubspot
iDox.ai uses the services of HubSpot (HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA) to manage online marketing, sales and customer service. HubSpot allows iDox.ai to record and analyze user behavior on our website in order to provide a more personalized user experience and improve our products and services. In addition, HubSpot helps us with customer relationship management, storing necessary contact information to support transaction processing.
Your data is processed by HubSpot on servers in the United States. To the extent personal data is transferred to the United States, HubSpot complies with the EU-US Privacy Shield. Choosing to use external service providers such as HubSpot is based on our legitimate business interests and is designed to provide you with better service options and experience. To learn more about HubSpot's privacy policy, please visit https://www.hubspot.com/legal/privacy-policy.
8. Social media plug-ins
We use Social Plug-ins on our website from Facebook, Google, Microsoft, LinkedIn and Foxit ID to increase iDox.ai’s awareness and promotional purposes. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. The integration of these plug-ins by us is done by means of the so-called two-click method to protect visitors to our website in the best possible way.
a. Facebook Connect
This website uses the "Facebook Connect" service provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). When using Facebook Connect, Facebook profile data and on Facebook public data from your Facebook profile are transmitted to this website. Conversely, data from the website can also be transferred to your Facebook profile. Your transmitted data will be stored and processed by iDox.ai for registration on the iDox.ai Platform. By registering on our website via Facebook Connect, you consent to the transmission of profile data from your Facebook profile to iDox.ai as well as the transmission of data on the use of iDox.ai to Facebook. In the event that personal information is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield. The legal basis is the fulfillment of the contract or the implementation of pre-contractual measures.
For more information about Facebook Connect and Privacy Settings, please refer to the Facebook Privacy Policy and Terms of Use at http://www.facebook.com/policy.php.
b. Google
This website uses a “Google Sign-In” services provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, United States). When using Google Sign-In, iDox.ai will receive data from Google and use it to provide service to you. For example, when you sign up with Google Account, we will receive your name, email address, profile picture and other data you choose to share. Conversely, Google may access certain data from your iDox.ai Account if you give Google your permission. You may disconnect and manage your data sharing permissions from your Google Account by entering into the Google Account Settings.
For more information about Google Sign-In and Privacy Policy, please refer to the Google API Terms of Service and User Data Policy at https://developers.google.com/terms.
c. Microsoft
This website uses a “Microsoft Account” services provided by Microsoft Corporation(One Microsoft Way, Redmond, Washington 98052, USA). If you sign in with your Microsoft Account, iDox.ai will receive the version number assigned to your account (a new version number is assigned each time you change your sign-in data); and information that describes whether your account has been deactivated. If you share your profile data, iDox.ai can display your name or user name and your profile photo (if you have added one to your profile) when you are signed in to iDox.ai. Conversely, Microsoft may access certain data from your iDox.ai Account if you give Microsoft your permission.
For more information about Microsoft Account and Privacy Policy, please refer to the Microsoft Privacy Statement at https://privacy.microsoft.com/en-US/privacystatement.
d. LinkedIn
The website offers the possibility to sign in with "Sign-In with LinkedIn". Sign-In with LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, United States ("LinkedIn"). If you want to use this feature, you will first be redirected to LinkedIn. There you will be asked to log in with your username and password. We do not take note of your registration data. Following this, your LinkedIn account information will be sent to us if you confirm this process with the "Login and allow" button.
A permanent link between your customer account and your Account on LinkedIn does not take place. For more information about Sign In with LinkedIn and Privacy Settings, please refer to the LinkedIn at https://www.linkedin.com/legal/privacy-policy.
e. Twitter
This website uses a plugin of the short message network of Twitter Inc. (Twitter). The Twitter plugin (tweet button) can be recognized by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons). When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter "tweet button" while logged in to your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account. Legal basis is the Contract fulfillment or the Execution of pre-contractual measures. Further information can be found in the privacy policy of Twitter (https://twitter.com/privacy).
f. YouTube
We use the provider YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94943, USA. When you visit the subpages of our website that have a YouTube plugin, they will connect to the YouTube servers and display the plugin. This will tell the YouTube server which of our subpages you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin such as clicking the start button of a video, this information is also assigned to your set account. For more information about data processing and privacy by YouTube (Google), please visit https://policies.google.com/privacy. If the Do-Not-Track feature is activated in the browser, no external YouTube content will be loaded without the consent, only the reference to this option (Play button) will be displayed. You can prevent the collection of data generated by cookies and related to your use of this website as well as the processing of this data by Google by entering into the Google Settings and disabling the "Personalized Advertising on the Web" option. In that case, Google will only display non-individualized advertising. The legal basis is on our legitimate interest in the integration of video and image content. More information can be found in YouTube Privacy policy from Google.
g. Foxit ID
The website offers the possibility to sign in with a Foxit ID. ”Foxit ID” is a service of Foxit. If you want to use this feature, you will first be redirected to Foxit. There you will be asked to log in with your Foxit username and password.
For more information about Foxit ID and Privacy Policy, please refer to the Foxit Privacy Policy at https://www.foxitsoftware.com/company/privacy-policy.html.
9. Server location
An overview of Foxit's group of companies including its subsidiaries can be found at https://www.idox.ai/support/contact. The servers on which user data is collected, stored and used are located in the United States. For customers from the European Economic Area, the UK, or Switzerland, your information will be stored on the servers located in UK. However, at times, your data may be required within our group of companies or to third parties. If you use theiDox.ai, you allow us to transmit, store and process your information in the United States and possibly in other countries. The laws of these countries may differ from the laws of your place of residence. By taking advantage ofiDox.ai, you consent to the transmission of your data to these countries. In the event that personal data is to the other countries or regions from the EU, we rely upon the European Commission’s Standard transferred Contractual Clauses (SCCs) for transfers of online advertising, measurement, and personal data out of the European Economic Area, the UK.
10. Registration
For all website registrations, we use the so-called double opt-in procedure in the European Union only. After registration on the website, we will then send you a notification email asking you to confirm that you wish to receive additional information from iDox.ai by clicking on a link in this email. The link will bring you to a preferences manager where you may choose what type(s) of information you would like to receive.
If you no longer wish to receive information via email from us, you can unsubscribe at any time without incurring any costs other than the transmission costs according to the basic rates. You will find an unsubscribe link in iDox.ai emails, and if you chose to unsubscribe, we will then delete your email address from our mailing list.
11. Affected rights for European Union website visitors via GDPR
- Request information about your personal data processed by us. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of the right to complain, the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
- Demand the correction of incorrect or complete personal data stored with us;
- Demand the deletion of your personal data stored by us, unless we require the data for processing for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of Legal claims;
- Demand the deletion of your personal data stored by us, unless the processing for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of Legal claims is required;
- Demand the restriction of the processing of your personal data. Dispute the accuracy of the data that the processing is unlawful, or whether we continue need the data. You can exercise a defense of your legal claims where you have objected to the data processing in accordance with Art. 21 GDPR;
- Dispute the accuracy of the data or assert that the processing is unlawful, or whether we continue need the data;
- Receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another person responsible;
- Revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent cancellation;
Contact the supervisory authority of your usual place of residence or workplace or our Contact in CA, United States.
You can exercise a defense of your legal claims where you have objected to any data processing in accordance with Art. 21 GDPR.
12. Withdrawal and Rights
You have the right to object to the processing of your personal data provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.
You also have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. By the revocation of the consent, the legality the processing on the basis of the consent until the revocation is not affected.
If you would like to exercise your right to revocation or objection, please send an email to [email protected].
13. Registration Data in the European Union
In accordance with GDPR, European Union website visitors have the opportunity to order our newsletter, register for product downloads, and/or other registrations, in which we regularly inform you about news about our products and promotions.
For these registrations we use the so-called Double Opt-in method. We will only send you e-mail if you confirm by clicking on a link in our notification e-mail that you are the owner of the given e-mail address. If you confirm your e-mail address, we will save your e-mail address and the time of registration until you unsubscribe. The sole purpose of the storage is to send you information via e-mail and to prove your registration. You can unsubscribe from e-mail at any time. A corresponding unsubscribe link can be found in every e-mail. A message to the above or in the specified contact information (e.g. by e-mail or letter) is also sufficient. Legal basis of processing is your consent in accordance with. Art. 6 para. 1 lit of the GDPR.
In our email, we use commercially available technologies that measure the interactions with the e-mail (e.g. opening the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded in the e-mail (so-called pixels). The data is collected exclusively pseudonymized and also not linked with your other personal information. Legal basis for this is our aforementioned legitimate interest. Through our e-mail, we want to share content relevant to our customers and better understand what readers are actually interested in. If you do not want to analyze the usage behavior, you can unsubscribe from e-mails or deactivate graphics in your e-mail program by default. The data for the interaction with our e-mails are stored pseudonym for 30 days and then completely anonymized.
14. Storage time
As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
We may create reasonable technical limits on file size, storage space, processing capacity, and other technical limits. At the end of your license term, we will use commercially reasonable efforts to allow you to transition your Content out of the Services. You should download any Content that you have stored in the Services before your license ends. And we reserve the right to delete your Content.
For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest at this time.
Even after that, we sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from legal obligations. The common deadlines for storing documents in iDox.ai are seven years.
15. Data security
If you have created an iDox.ai account, access to this account is only possible after entering your personal password or by log into an associated 3rd party account using OAuth. You should always keep your access information confidential and close the browser window when you stop communicating with us, especially if you share your computer with others. In addition, we use the popular SSL (Secure Socket Layer) method in connection with the highest encryption level supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead utilize 128-bit v3 technology. Whether a single page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser. We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
16. Additional Rights under the GDPR, CCPA and CPRA
The General Data Protection Regulation of the EU (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights and Enforcement Act (CPRA) places obligations on organizations that collect personal information of California consumers. As a result, we’ve updated our Privacy Policy to include a description of additional rights granted by the GDPR, CCPA and CPRA to provide consumers with required disclosures about the collection of personal information.
16.1 Your GDPR Privacy Rights
For more details about the personal information we have collected, including the categories of data collected, how long we keep the data, the reasons we collect the data, please see Sections 2, 9, 10, and 11, above, along with other relevant sections.
16.2. Your California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the CCPA and CPRA.
For more details about the personal information we have collected, including the categories of sources, please see Section 2, 9, 10 and 11, above, titled “General collection, processing and use of personal data in the context of the use of the website,” along with relevant other sections. We collect this information for the business and commercial purposes described above. We share this information with the categories of third parties described above (as such term is defined in the CCPA) the personal information we collect. We do not sell your personal information; and will not sell your personal information without providing you the ability to opt out. Please note that we do use third-party cookies for our advertising purposes as further described above.
Subject to certain limitations, the CCPA and CPRA provide California consumers the right to: (i) request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information); (ii) to delete their personal information from iDox.ai database, and upon request, to any third party with whom iDox.ai has shared your personal information; (iii) to opt out of any “sales” of their personal information that may be occurring, and to not be discriminated against for exercising these rights; (iv) the right to opt out of any profiling or automated processing of personal information done to evaluate personal aspects of an individual and to make predictions such as performance at work, economic situation, health, preferences, interests, reliability, behavior, location, or movements.
California consumers may make a request pursuant to their rights enumerated in this Privacy Policy by contacting us at
iDox.ai
39355 California Street
Suite 302
Fremont, CA 94538
USA
Email: [email protected]
We will verify your request using the information associated with your account, including your email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
17. Sending of notification messages to mobile phones of iDox.ai users
If you have given your prior written consent in accordance with Art. 6 Section 1 (1) lit. a GDPR, we use your e-mail address and / or your mobile number for sending you notifications. You may revoke your consent at any time by sending an e-mail to our Data Protection Officer at [email protected]
18. Use of Customer Data
iDox.ai is committed to safeguarding your data. Importantly, we do not utilize customer data for training our AI models. This means your information remains confidential and is not employed to develop or refine our artificial intelligence systems.
19. Data Breach Notification
In the unlikely event of a data breach that compromises your personal information, iDox.ai will take prompt action to inform you. We are dedicated to transparency and will provide timely notifications, outlining the nature of the breach, the data affected, and the measures we are implementing to address the situation. Our goal is to keep you fully informed and to mitigate any potential risks arising from such incidents.
These additions align with best practices in data privacy and demonstrate iDox.ai's commitment to protecting customer information. For instance, the Office of the Australian Information Commissioner emphasizes that organizations should not use personal information for AI model training without consent. Additionally, providing clear data breach notifications is a standard requirement under regulations like the GDPR.
By integrating these statements, iDox.ai reinforces its dedication to data privacy and compliance with relevant regulations.
20. Changing, downloading, and printing this Privacy Policy
This Privacy Policy is effective as of the date on which it is made available on the site and is effective as of DEC.13 ,2024. As our site evolves and offers become available, or as a result of changes in government or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be retrieved and printed by you at any time on the URL you are currently viewing.