Privacy Policy

The data controller responsible for your personal data is LLMDriven, a Delaware LLC.

We collect information to provide and improve our services:

• Account Information: Email address, name, and profile details you provide during registration.
• Usage Data: Features you use, actions you take, and how you interact with Semantiz.
• Technical Data: IP address, browser type, device information, and session data.
• Payment Data: Billing information processed securely by our payment provider (Stripe). We do not store your full card details.

Your information is used to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send service-related communications (updates, security alerts)
• Respond to your requests and provide customer support
• Monitor and analyze usage patterns to improve user experience
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations

We only send marketing communications with your explicit consent, and you can unsubscribe at any time.

Under GDPR, we process your data based on:

• Contract Performance: Processing necessary to provide our services to you.
• Legitimate Interests: Improving our services, security, and fraud prevention.
• Consent: Marketing communications and optional analytics (you can withdraw anytime).
• Legal Obligations: Compliance with applicable laws and regulations.

Under the General Data Protection Regulation, you have the right to:

• Access: Request a copy of your personal data (Article 15).
• Rectification: Correct inaccurate or incomplete data (Article 16).
• Erasure: Request deletion of your data ("right to be forgotten") (Article 17).
• Data Portability: Receive your data in a structured, machine-readable format (Article 20).
• Restrict Processing: Limit how we use your data (Article 18).
• Object: Object to processing based on legitimate interests (Article 21).
• Withdraw Consent: Revoke consent for consent-based processing at any time.

To exercise your rights, visit our Data Rights Portal or contact our DPO at [email protected].

We implement industry-leading security measures to protect your data. Our infrastructure is SOC 2 Type II certified, demonstrating our commitment to security, availability, and confidentiality.

• Encryption at Rest: AES-256 field-level encryption for sensitive data.
• Encryption in Transit: TLS 1.3 for all data transfers.
• Audit Logging: Comprehensive logging of all access and modifications with 7-year retention.
• Data Classification: Automatic PII detection and classification system.
• Access Controls: Role-based access with multi-factor authentication.

We retain your data only as long as necessary:

• Active Account Data: Retained while your account is active.
• Deleted Accounts: Personal data removed within 30 days of deletion request.
• Audit Logs: Retained for 7 years (compliance requirement).
• Billing Records: Retained for 7 years (legal requirement).
• Backups: Purged within 30 days after data deletion.

We use cookies to enhance your experience:

• Essential Cookies: Required for authentication, security, and basic functionality. Cannot be disabled.
• Analytics Cookies: Help us understand how you use our service. Opt-in only.
• Marketing Cookies: Used for targeted advertising if enabled. Opt-in only.

You can manage your cookie preferences at any time through your account settings.

We work with trusted third parties to provide our services:

• Stripe: Payment processing (PCI DSS compliant).
• Authentication Provider: Secure login and session management.
• Cloud Infrastructure: Data hosting with enterprise-grade security.
• Analytics: Anonymized usage analytics (when consented).

All third parties are bound by Data Processing Agreements and must comply with GDPR requirements.

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all processors
• Encryption of data in transit and at rest

Semantiz is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification for material changes
• Displaying a notice in the application

Your continued use of Semantiz after changes indicates acceptance of the updated policy.

For privacy-related questions or to exercise your data rights:

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.