Eucera AI (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your personal information when you interact with our services, including our website, SaaS platform, and AI-powered tools like Eucera Copilot.
By using Eucera AI’s services, you agree to the terms of this Privacy Policy.
1. Information We Collect #
We may collect the following types of information:
Information You Provide Directly:
- Account Information: When you sign up for our services, we collect your name, email address, company details, and other relevant information.
- Communications: Any information you provide when contacting us for support or feedback.
Information We Collect Automatically:
- Usage Data: We collect information about your interactions with our platform, including session replays, clicks, page transitions, and product usage.
- Device Information: Information about the device you use, such as browser type, operating system, and IP address.
Information from Third Parties:
- Integrations: If you connect Eucera AI to third-party platforms (e.g., CRM, analytics tools), we may collect relevant data to enhance our services.
2. How We Use Your Information #
We use your personal information to:
- Provide and Improve Services: Enhance our platform’s user experience, optimize features, and ensure smooth functionality through tools like session replay and product analytics.
- Personalize Your Experience: Customize onboarding and user engagement through tools like Eucera Copilot based on your behavior and preferences.
- Support and Communications: Respond to your inquiries and provide product-related updates.
- Security and Compliance: Maintain platform security and comply with legal obligations.
3. How We Share Your Information #
We do not sell your personal information. However, we may share your data in the following circumstances:
- Service Providers: We may share information with third-party service providers who assist with data storage, processing, or other operational needs.
- Legal Requirements: We may disclose your information to comply with legal obligations or protect the rights, property, or safety of Eucera AI or others.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.
4. Data Retention #
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, or resolve disputes.
Retention Periods for Different Data Types
- User Account Data: Retained for the duration of your use of Eucera’s services. Once your account is closed, data will be securely deleted or anonymized within 90 days, unless otherwise required by legal obligations.
- Usage Data: Includes information about your interactions with Eucera’s platform, such as feature usage, onboarding quizzes, session replays, and product engagement metrics. This data is retained for the duration of your use of Eucera’s services to provide personalized experiences, improve platform functionality, and support service optimization. Once your account is closed, usage data is securely deleted or anonymized within 90 days.
- Backup Data: Retained for up to 30 days in secure backups, after which it is deleted or overwritten as part of routine maintenance.
Secure Data Deletion
When data is no longer needed for the purposes for which it was collected or required by law, it is securely deleted using industry-standard methods to ensure it cannot be recovered. This includes:
- Secure overwriting for electronic data.
- Secure destruction for physical records, if applicable.
5. Your Rights and Choices #
Depending on your location, you may have the following rights regarding your personal information:
- Access: You can request access to the personal data we hold about you.
- Correction: You can request corrections to any inaccuracies in your data.
- Deletion: You may request the deletion of your personal information, subject to legal requirements.
- Opt-Out: You can opt out of certain data processing activities, such as marketing communications.
- Right to Restriction of Processing: You can request a temporary halt to the processing of your data in specific circumstances, such as when the accuracy of the data is contested or while a deletion request is being evaluated.
- Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format, and, where technically feasible, request that we transfer it directly to another controller.
- Right to Object: You can object to the processing of your personal data when it is based on legitimate interests or if it is used for direct marketing purposes.
To exercise any of these rights, please contact us at [email protected] We will respond to your request in accordance with applicable laws and within the required timeframes.
5.1 Your Choices #
You have control over the data you provide. While you may decline to share certain personal information when requested, please be aware that withholding data necessary for specific services may limit your ability to use some features or functionality of our platform.
For more details about data collection practices specific to certain services, refer to the relevant sections in this Privacy Policy. Additionally, customers must review and agree to our Data Processing Agreement (DPA) before signing up for the Eucera platform.
6. Where We Store and Process Personal Data #
Eucera operates on Google Cloud Platform (GCP), utilizing its secure and reliable infrastructure located in the United States. GCP provides a robust and scalable environment that enables us to deliver our services efficiently while maintaining strong data protection measures. You can learn more about GCP at cloud.google.com.
Data Storage and Processing
Currently, all personal data collected by Eucera is stored and processed exclusively in GCP data centers located in the United States. By centralizing data within the US, we ensure operational efficiency and compliance with applicable laws governing data storage and processing in this region.
Compliance and Security
Eucera leverages GCP’s advanced compliance programs and certifications to ensure that your personal data is stored and processed securely. GCP is independently validated against a range of international and industry-specific standards, including:
• ISO/IEC 27001: Information Security Management
• ISO/IEC 27018: Protection of Personally Identifiable Information
• SOC 1, SOC 2, and SOC 3: Service Organization Controls
• GDPR Compliance: Ensuring compliance with the General Data Protection Regulation where applicable.
International Transfers
For users located outside the United States, the transfer of personal data to the US is managed in accordance with applicable laws and safeguards. While Eucera currently uses GCP data centers exclusively in the US, we are committed to implementing measures such as encryption, pseudonymization, and compliance with data transfer frameworks to protect your data.
For questions about how your data is stored, processed, or transferred, please contact us at [email protected]
7. Security #
We take reasonable measures to protect your personal information from unauthorized access, loss, or misuse. These measures include implementing industry-standard encryption, access controls, and regular security audits to safeguard your data.
However, no method of transmission over the Internet or electronic storage is entirely secure. In the unlikely event of a data breach, we have a detailed Data Breach Procedure in place to address such incidents swiftly and effectively, ensuring transparency and mitigation of potential risks to affected parties.
For more information on how we handle security and data breaches, visit our Data Breach Procedure.
8. International Transfers and the EU-US Data Privacy Framework #
With the implementation of the EU-US Data Privacy Framework as of July 10, 2023, Eucera ensures that personal data transfers between the European Union (EU) and the United States (US) are conducted in compliance with this framework. This means personal data transfers can now be performed without the need for additional Supplementary Measures, provided the framework’s provisions are met.
Eucera adheres to the requirements of the EU-US Data Privacy Framework to safeguard your data during cross-border transfers. This includes implementing measures that align with the framework’s principles of accountability, transparency, and data protection.
Processing Activities with Eucera and Sub-Processors
Processing activities conducted by Eucera and its sub-processors remain unchanged; however, we have updated the tools and legal frameworks we rely on for international data transfers. Eucera has decided to maintain Supplementary Measures (such as encryption and pseudonymization) to ensure continued data protection. Additionally, we rely on the EU-US Data Privacy Framework (DPF) as an added layer of security for transfers of personal data between the EU and the US.
Sub-Processors Participating in the Data Privacy Framework
The following Eucera sub-processors are currently active participants in the EU-US Data Privacy Framework, and we will continue to review and update this list as necessary to ensure full compliance:
Transfers to Sub-Processors Not in the DPF
For US-based entities not listed in the Data Privacy Framework List, transfers cannot rely solely on the Adequacy Decision provided by the DPF. In such cases, Eucera ensures that these transfers are supported by appropriate safeguards, as required under Article 46 of the GDPR. These safeguards include:
- Standard Data Protection Clauses (SCCs)
- Binding Corporate Rules (BCRs)
- Additional technical and organizational measures, such as encryption and contractual obligations, to protect data subjects’ rights
The European Data Protection Board (EDPB) notes that the safeguards put in place by the US Government, including national security redress mechanisms, apply to all data transferred to the US, regardless of the transfer tool used. This ensures that all personal data handled by Eucera is protected with enforceable rights and effective legal remedies for data subjects.
Continuous Monitoring and Compliance
Eucera is committed to ensuring that all sub-processors comply with the necessary data protection standards. We actively monitor the Data Privacy Framework List and conduct regular reviews of our sub-processors to ensure alignment with evolving regulatory requirements. For more information on how Eucera ensures compliance with the EU-US Data Privacy Framework and manages international data transfers, contact us at [email protected]
9. Automated Decision-Making and Profiling #
Eucera utilizes AI-powered tools, such as Eucera Copilot, to enhance user experiences and streamline platform functionality. In certain cases, automated decision-making and profiling may be employed as part of our services.
What Automated Decision-Making and Profiling Entail #
Automated decision-making involves decisions made by AI systems without human intervention. Profiling involves analyzing personal data to evaluate certain aspects of a user, such as preferences, behavior, or usage patterns. Examples of automated processes in Eucera’s platform include:
•Personalized Recommendations: Tailoring feature suggestions and onboarding experiences based on your interactions with the platform.
•Usage Analytics: Analyzing how users engage with features to optimize product offerings and enhance platform efficiency.
•Subscription Management: Automating notifications or recommendations related to account usage, feature limits, or subscription upgrades.
User Rights Regarding Automated Decision-Making and Profiling
As per the General Data Protection Regulation (GDPR), users have specific rights concerning automated decision-making and profiling that significantly affect them:
•Right to Object: You can object to processing based solely on automated decision-making if it produces legal effects or similarly significant outcomes.
•Right to Explanation: You can request information about the logic involved in the automated processing and how it impacts you.
Eucera ensures that any automated processes are designed with fairness, transparency, and privacy in mind. Decisions made through automated tools are subject to regular review and oversight to ensure compliance with GDPR and other applicable regulations.
10. Use of Cookies and Tracking Technologies #
Eucera uses cookies to enhance your experience on our platform and ensure its smooth functionality. Cookies are small text files stored on your device that help us identify and remember your preferences.
Types of Cookies
1. Essential Cookies: Necessary for the operation of the platform, such as enabling secure logins and maintaining session integrity. These cookies are always active.
2. Analytics Cookies: Cookies used to support session emulation and analyze user interactions. Eucera uses the _eucid cookie to track session activity and user engagement. This cookie is set with a max age of approximately 13 months and remains on your device unless manually removed by the user.
Consent for EU Users
For users in the European Union, we comply with the ePrivacy Directive and GDPR, which require consent for the use of non-essential cookies. Since Eucera’s analytics cookies are integral to platform functionality, they are categorized as essential under GDPR and do not require explicit consent.
Managing Cookies
While cookies like _eucid are essential for platform functionality, you can manage your cookie preferences through your browser settings to block or view stored cookies. Please note that disabling cookies may impact the usability of certain features on our platform.
Children’s Privacy #
Eucera AI is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us to request deletion.
Changes to This Privacy Policy #
We may update this Privacy Policy from time to time. Changes will be posted on this page with the updated effective date. We encourage you to review this policy periodically.
Contact Us #
If you have any questions about this Privacy Policy or our data practices, please contact us at: [email protected]
Eucera Inc.
