40T Secure AI ("we", "us", or "our") operates the 40T-Secure AI platform. This Privacy Policy explains how we collect, use, and protect your information.
1. INFORMATION WE COLLECT
We collect information you provide directly:
- Account Information: Name, email address, company name when you create an account
- Payment Information: Billing details processed securely via Stripe
- Scan Data: URLs and cookie data you submit for compliance analysis
- Communications: Messages you send to our support team
We automatically collect:
- Usage Data: Features used, scan frequency, report downloads
- Device Information: Browser type, IP address, operating system
- Cookies: Essential cookies for authentication and preferences
2. HOW WE USE YOUR INFORMATION
We use your information to:
- Provide and maintain the 40T-Secure AI service
- Process your compliance scans and generate reports
- Process payments and manage subscriptions
- Send service-related communications
- Improve our platform and develop new features
- Comply with legal obligations
3. DATA RETENTION
We retain your data as follows:
- Account Data: Until you delete your account
- Scan Reports: 12 months, or until you delete them
- Payment Records: As required by law (typically 7 years)
- Usage Logs: 90 days
4. DATA SHARING
We do not sell your personal information. We may share data with:
- Service Providers: Cloud hosting (AWS/Railway), payment processing (Stripe), analytics
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with merger, acquisition, or sale
5. DATA SECURITY
We implement industry-standard security measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security assessments and penetration testing
- Access controls and audit logging
- SOC 2 Type II compliance (in progress)
6. YOUR RIGHTS
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your data
- Portability: Export your data in a common format
- Opt-out: Unsubscribe from marketing communications
To exercise these rights, contact us at [email protected]
7. INTERNATIONAL TRANSFERS
Your data may be transferred to and processed in the United States. We use Standard Contractual Clauses and other safeguards for international transfers.
8. CHILDREN'S PRIVACY
Our service is not intended for individuals under 18. We do not knowingly collect data from children.
9. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification.
10. CONTACT US
For privacy-related questions: