PRIVACY POLICY

OpenAnalyst Inc. (“OpenAnalyst”, “we”, “our” or “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard your information when you access or use our website, mobile application, platform, and all related services (collectively, the “Services”).

This Privacy Policy is incorporated by reference into our Terms of Service. By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and the Terms.

1. Information We Collect

We collect various types of information from and about users of our Services, including information by which you may be personally identified (“Personal Information”).

1.1 Information You Provide to Us

We collect Personal Information that you voluntarily provide to us when you register for an Account, subscribe to our Services, make a purchase, upload data, contact support, participate in surveys, connect third-party services, or communicate with us.

The types of Personal Information we may collect include:

• Account Information: Name, email address, username, password, phone number, job title, company name, and profile information
• Payment Information: Credit card number, billing address, and other payment details (processed securely by our third-party payment processors)
• User Generated Content: Data files, spreadsheets, databases, text, images, and any other content you upload or input into the Services
• Communication Data: Messages, inquiries, feedback, and correspondence with our support team
• Third-Party Integration Data: Information from connected accounts such as Google, Facebook, LinkedIn, or other third-party services you authorize us to access

1.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain information about your device and usage patterns, including:

• Device Information: IP address, device type, operating system, browser type and version, device identifiers, and mobile network information
• Usage Information: Pages visited, features used, time spent on pages, links clicked, search queries, date and time of access
• Location Information: General geographic location based on IP address
• Log Data: Server logs, error reports, system activity, performance metrics, and diagnostic information
• Interaction Data: Information about how you interact with the AI Functions, including prompts, queries, inputs, and outputs

1.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. Types of cookies we use:

• Essential Cookies: Required for the Services to function properly
• Performance Cookies: Help us improve performance and user experience
• Functionality Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand user behavior and measure effectiveness
• Advertising Cookies: Deliver relevant advertisements and measure campaign effectiveness

1.4 Analytics Services

We use third-party analytics services, such as Google Analytics, to collect and analyze information about how users interact with the Services.

1.5 Information from Third-Party Sources

We may receive information about you from third-party sources, such as connected services, business partners, publicly available sources, and marketing partners.

2. How We Use Your Information

2.1 To Provide and Improve the Services

• Create and manage your Account
• Authenticate your identity and provide secure access
• Process payments and manage billing
• Deliver AI-powered analytics, visualizations, and reports
• Provide customer support
• Personalize your experience
• Develop, test, and improve our Services and AI Functions
• Monitor and analyze usage patterns and trends

2.2 To Communicate with You

Send service-related notifications, respond to inquiries, provide technical support, and send marketing communications (with your consent where required).

2.3 For Business Operations and Analytics

Conduct data analysis and research, monitor performance and security, detect and prevent fraud, debug technical issues, and create aggregated anonymized data.

2.4 For Legal and Compliance Purposes

Comply with applicable laws, enforce our Terms of Service, protect our rights and safety, respond to lawful requests, and investigate illegal activities.

2.5 AI Functions and Model Improvement

2.6 Legal Basis for Processing (EEA/UK Users)

If you are located in the EEA or UK, we process your Personal Information based on: Consent, Contractual Necessity, Legal Obligation, and Legitimate Interests.

3. How We Share Your Information

We do not sell, rent, or trade your Personal Information to third parties for their marketing purposes. We may share your information with:

3.1 Service Providers and Business Partners

Trusted third-party service providers including cloud hosting providers, payment processors (e.g., Stripe, PayPal), AI service providers (e.g., OpenAI, Anthropic, Google), analytics services, customer support platforms, and marketing partners.

3.2 Legal Requirements and Protection of Rights

We may disclose your information if required by law or to comply with legal obligations, enforce our Terms, protect our rights, or detect and prevent fraud.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, we may transfer your information with prior notice.

3.4 With Your Consent

We may share your information when you provide explicit consent or direct us to do so.

3.5 Aggregated or De-Identified Information

We may share aggregated, anonymized information that cannot reasonably identify you for research, analytics, or business purposes.

4. Data Security

We implement technical, administrative, and physical safeguards to protect your information, including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access controls and multi-factor authentication
• Monitoring: Continuous security monitoring and intrusion detection
• Vulnerability Management: Regular security assessments and penetration testing
• Employee Training: Regular security awareness training
• Backup and Recovery: Encrypted backups with disaster recovery procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. If you believe your Account has been compromised, please contact us immediately.

4.1 Security Incident Response

In the event of a security incident, we will promptly investigate, notify affected users and authorities as required by law, and implement measures to prevent future incidents.

5. Data Retention

• Account and Profile Data: Retained while active and up to 24 months after closure
• User Generated Content: Retained while active and deleted within 24 months of closure
• Billing and Transaction Records: Retained for 7 years for legal compliance
• Service and Security Logs: Retained for up to 12 months
• Backup Data: Encrypted backups retained on a rolling basis (up to 35 days)
• Marketing Communications Data: Suppression records retained indefinitely; profile data deleted within 30 days of unsubscribe

6. Your Privacy Rights and Choices

6.1 General Privacy Rights

• Right to Access: Request access to the Personal Information we hold about you
• Right to Rectification: Request correction of inaccurate information
• Right to Deletion: Request deletion of your Personal Information
• Right to Data Portability: Receive your information in a machine-readable format
• Right to Object: Object to processing for certain purposes
• Right to Restriction: Request restriction of processing
• Right to Withdraw Consent: Withdraw consent at any time

6.2 Managing Your Preferences

You can manage your privacy preferences through Account Settings, email unsubscribe links, browser cookie settings, and by revoking third-party access through your Account.

6.3 California Privacy Rights (CCPA/CPRA)

California residents have the Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale/Sharing, and Right to Non-Discrimination. We do not sell your Personal Information.

6.4 European Economic Area (EEA) and UK Rights (GDPR)

EEA and UK users have rights under the GDPR including access, rectification, erasure, data portability, objection, restriction, withdrawal of consent, and the right to lodge a complaint with a supervisory authority.

6.5 How to Submit Privacy Requests

You may submit privacy requests via email to info@openanalyst.com. We will acknowledge receipt within 2 business days and respond within 30 days.

7. International Data Transfers

OpenAnalyst is headquartered in the United States. Your information may be transferred to and processed in countries outside your country of residence. For EEA, UK, and Swiss users, we implement appropriate safeguards including Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), and adequacy decisions.

8. Third-Party Services and Links

The Services may contain links to third-party websites or services not owned by OpenAnalyst. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.

9. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Information from children under 18. If we become aware that we have collected such information, we will take steps to delete it as quickly as possible.

10. Contact Information

11. Do Not Track Signals

Currently, there is no uniform standard for recognizing and responding to DNT signals. The Services do not currently respond to DNT signals.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated Policy, sending email notification, or displaying a prominent notice. Your continued use of the Services constitutes acceptance of the updated Policy.

13. Additional Information for Specific Jurisdictions

13.1 Nevada Residents

We do not sell your Personal Information as defined under Nevada law.

13.2 Australia Residents

You have rights under the Australian Privacy Act 1988 including access, correction, and complaint rights.

13.3 Brazil Residents

You have rights under the Lei Geral de Proteção de Dados (LGPD) including access, correction, deletion, and portability rights.

14. Response Times and Grievance Redressal

We are committed to responding to your privacy requests in a timely manner:

• Acknowledgment: Within 2 business days
• Response: Within 30 days
• Extensions: Up to 90 days total with written notice