1. Privacy Policy
InnAIc collects only the information necessary to deliver contracted services, respond to inquiries, and operate our website. Data collected includes contact details submitted through forms, account information for authenticated portals, and technical telemetry (IP address, browser, and page interactions) used for analytics and abuse prevention.
We do not sell, rent, or trade personal data. Data is processed under lawful bases including consent, contractual necessity, and legitimate interest. Data subjects may request access, correction, portability, or deletion by writing to privacy@innaic.com.
2. Data Protection & Retention
Personal data is stored in encrypted form at rest (AES-256) and in transit (TLS 1.2+). Access is governed by role-based access control and reviewed quarterly.
Retention periods align with contractual, tax, and regulatory obligations. Non-essential telemetry is aggregated or purged within 90 days. Client production data is returned or securely destroyed within 30 days of contract termination.
3. Information Security
InnAIc operates an information security program aligned to ISO/IEC 27001. Controls include secure SDLC, vulnerability scanning, dependency management, secrets rotation, centralized audit logging, and 24/7 incident monitoring.
All employees complete annual security training. Contractors sign confidentiality agreements before access is granted. Security incidents affecting client data are disclosed within 72 hours of confirmation.
4. Acceptable Use
Users of innAIc services agree not to reverse-engineer, resell, or use services to build competing products; not to attempt to breach security controls; and not to transmit unlawful, infringing, or harmful content. Violations may result in suspension without notice.
5. Intellectual Property
All frameworks, code libraries, models, and documentation authored by innAIc remain the intellectual property of innAIc unless expressly assigned in a signed Statement of Work. Client-owned data and deliverables specified in an SOW are assigned to the client on full payment.
6. Sub-processors & Third Parties
We engage vetted sub-processors for hosting (Microsoft Azure, AWS), analytics, and communications. A current list is available on request. Sub-processors are contractually bound to equivalent data-protection standards.
8. Governing Law & Contact
These policies are governed by the laws of the jurisdiction stated in the applicable Master Services Agreement. For questions, write to legal@innaic.com or privacy@innaic.com.
