Our Commitment to Privacy
At AI VOBIS, we are committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use NaxFlow.
1. Information We Collect
1.1 Information You Provide
We collect information that you voluntarily provide to us, including:
- Account Information: Name, email address, company name, phone number, job title
- Payment Information: Billing address, payment card information (processed by our payment processor)
- Communications: Messages, inquiries, and feedback you send to us
- Customer Data: Data you upload, process, or transmit through the Service
1.2 Automatically Collected Information
When you use our Service, we automatically collect:
- Usage Data: Pages viewed, features used, time spent, click patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, error logs, API calls, system events
- Cookies and Similar Technologies: Session data, preferences, analytics
1.3 Information from Third Parties
We may receive information about you from:
- Authentication providers (e.g., single sign-on services)
- Payment processors
- Analytics and monitoring services
- Marketing and advertising partners
2. How We Use Your Information
2.1 Service Provision and Operations
- Provide, maintain, and improve the Service
- Process transactions and send transaction notifications
- Respond to your inquiries and provide customer support
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues and security threats
2.2 Communications
- Send you service-related announcements and updates
- Provide marketing communications (with your consent)
- Send administrative information, such as changes to terms or policies
- Respond to your requests and inquiries
2.3 Analytics and Improvement
- Understand how users interact with the Service
- Develop new features and functionality
- Conduct research and analysis
- Improve user experience and interface design
2.4 Legal and Compliance
- Comply with legal obligations and regulatory requirements
- Enforce our Terms of Service and other policies
- Protect our rights, privacy, safety, or property
- Respond to legal requests and prevent fraud
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data based on:
| Legal Basis | Purpose |
|---|---|
| Contract Performance | To provide the Service and fulfill our contractual obligations |
| Legitimate Interests | To improve the Service, ensure security, and conduct analytics |
| Consent | For marketing communications and certain cookies |
| Legal Obligation | To comply with applicable laws and regulations |
4. Information Sharing and Disclosure
4.1 We Do Not Sell Your Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4.2 Service Providers
We share information with third-party service providers who perform services on our behalf:
- Cloud infrastructure providers (hosting and storage)
- Payment processors
- Analytics and monitoring services
- Customer support tools
- Email and communication platforms
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
4.3 Business Transfers
If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4.4 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Legal processes (subpoenas, court orders)
- Government or regulatory requests
- Protection of our rights or others' rights
- Prevention of fraud or security threats
4.5 Aggregate Data
We may share anonymized, aggregated, or de-identified information that cannot reasonably be used to identify you.
5. Data Security
5.1 Security Measures
We implement comprehensive security measures to protect your information:
- Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
- Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA)
- Network Security: Firewalls, intrusion detection/prevention systems
- Monitoring: 24/7 security monitoring and incident response
- Audits: Regular security audits and penetration testing
- Compliance: SOC 2 Type II, HIPAA, GDPR compliance
SOC 2 Type II readiness: We maintain controls aligned to SOC 2 Type II requirements and are prepared for independent attestation. For current readiness details, contact security@aivobis.com.
5.2 Security Incidents
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.
5.3 Your Responsibility
You are responsible for:
- Maintaining the confidentiality of your account credentials
- Using strong, unique passwords
- Enabling multi-factor authentication when available
- Notifying us immediately of any unauthorized access
6. Data Retention
6.1 Retention Periods
We retain your information for as long as necessary to fulfill the purposes outlined in this policy:
- Account Data: Duration of your account plus retention period for backups and compliance
- Customer Data: As specified in your agreement or until you request deletion
- Usage and Log Data: Typically 12-24 months for security and analytics
- Financial Records: As required by law (typically 7 years)
6.2 Deletion Requests
Upon your request, we will delete or anonymize your personal information, subject to legal and contractual retention requirements.
7. Your Privacy Rights
7.1 General Rights
You have the right to:
- Access: Request a copy of your personal information
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Receive your data in a portable format
- Objection: Object to certain processing of your information
- Restriction: Request restriction of processing
7.2 GDPR Rights (EEA Residents)
If you are in the EEA, you have additional rights under GDPR:
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
- Right to automated decision-making and profiling protections
7.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under CCPA:
- Right to know what personal information is collected, used, and shared
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell your information)
- Right to non-discrimination for exercising your rights
7.4 Exercising Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@aivobis.com
- Subject line: "Privacy Rights Request"
We will respond to your request within 30 days (or as required by applicable law).
8. Cookies and Tracking Technologies
8.1 Types of Cookies
We use the following types of cookies:
- Essential Cookies: Required for the Service to function (e.g., authentication, security)
- Analytics Cookies: Help us understand how users interact with the Service
- Preference Cookies: Remember your settings and preferences
- Marketing Cookies: Track your activity for advertising purposes (with consent)
8.2 Managing Cookies
You can control cookies through:
- Browser settings (most browsers allow you to refuse or delete cookies)
- Our cookie consent banner
- Opt-out tools provided by third-party analytics providers
Note: Disabling essential cookies may affect the functionality of the Service.
8.3 Third-Party Analytics
We use third-party analytics services, including:
- Microsoft Clarity for user behavior analytics
- Other analytics tools for performance monitoring
9. International Data Transfers
9.1 Data Transfer Mechanisms
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for transfers to countries with adequate data protection
- Other legally recognized transfer mechanisms
9.2 Data Localization
Where required by law, we can store and process data within specific geographic regions.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it promptly. If you believe we have collected information from a child, contact us at privacy@aivobis.com.
11. Healthcare Data (HIPAA)
11.1 Protected Health Information (PHI)
If you use the Service to process PHI, you must execute a Business Associate Agreement (BAA) with us. Without a BAA, you must not upload or process PHI through the Service.
11.2 HIPAA Compliance
For customers with a BAA, we implement HIPAA-compliant safeguards:
- Administrative, physical, and technical safeguards
- Encryption and access controls
- Audit logging and monitoring
- Breach notification procedures
- Business Associate subcontracts with vendors
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification to your registered email address
- Displaying a notice within the Service
The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
13. Contact Us
Privacy Inquiries
AI VOBIS | NaxFlow
Data Protection Officer
Email: privacy@aivobis.com
General Inquiries: naxflow@aivobis.com
Security Incidents: security@aivobis.com
For GDPR-related requests, you may also contact your local data protection authority.
14. Additional Information for Specific Jurisdictions
14.1 European Economic Area (EEA)
Our Data Protection Officer oversees GDPR compliance. EEA residents can contact our DPO at privacy@aivobis.com or lodge a complaint with their local supervisory authority.
14.2 California
California residents have specific rights under CCPA. We do not sell personal information and have not sold personal information in the preceding 12 months.
14.3 Other Jurisdictions
If you are located in a jurisdiction with specific privacy laws (e.g., Brazil's LGPD, Canada's PIPEDA), you may have additional rights. Contact us for more information.
Questions or Concerns?
If you have any questions about this Privacy Policy or our privacy practices, please contact us at privacy@aivobis.com. We're here to help and will respond to your inquiry promptly.
© 2025 AI VOBIS | NaxFlow. All rights reserved.