0%
Arazon

Legal

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This may include:

  • Account Information: Name, email address, company name, job title, and password
  • Payment Information: Billing address, credit card details (processed securely via Stripe)
  • Usage Data: API calls, model interactions, and service usage patterns
  • Technical Data: IP address, browser type, device information, and cookies
  • Customer Content: Data you submit to our AI services for processing

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI services
  • Process transactions and send related information
  • Send technical notices, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage patterns to improve user experience
  • Detect, investigate, and prevent fraudulent or unauthorized activities

3. Data Processing for AI Services

When you use our AI services, your data is processed as follows:

  • Input Processing: Your data is processed in real-time to generate AI outputs
  • No Training on Customer Data: We do not use your data to train our AI models without explicit consent
  • Data Retention: API inputs and outputs are retained for 30 days for service improvement, then automatically deleted
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)

4. Information Sharing

We do not sell your personal information. We may share information with:

  • Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement enterprise-grade security measures including:

  • SOC 2 Type II certified infrastructure
  • End-to-end encryption for all data transmissions
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Incident response procedures and breach notification protocols

6. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

Our legal basis for processing includes: contract performance, legitimate interests, legal obligations, and consent where applicable.

7. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, contact us at privacy@arazon.io or call 1-888-555-0199.

8. HIPAA Compliance (Healthcare Customers)

For customers in the healthcare sector processing Protected Health Information (PHI):

  • We offer Business Associate Agreements (BAAs) for enterprise customers
  • PHI is processed in HIPAA-compliant environments with appropriate safeguards
  • Access to PHI is strictly controlled and audited
  • We maintain administrative, physical, and technical safeguards as required by HIPAA

Contact compliance@arazon.io to request a BAA.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Privacy Shield certification where applicable

10. Data Retention

We retain your data for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specific retention periods:

  • Account Data: Duration of account plus 3 years
  • API Logs: 30 days (configurable for enterprise)
  • Payment Records: 7 years (legal requirement)
  • Support Tickets: 2 years after resolution

11. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately.

12. Contact Us

For privacy-related inquiries or to exercise your rights:

We respond to all privacy requests within 30 days.