Privacy Policy

Introduction

Your Personal AI ("we," "us," or "our") is a Norway-based company focused on delivering cutting-edge AI-driven products and services while maintaining the highest standards in data protection and privacy. We strictly adhere to the Norwegian implementation of the EU General Data Protection Regulation (GDPR) and other relevant data protection and privacy regulations.

This Privacy Policy provides a thorough explanation of:

• Who we are and how to contact us
• What personal data we collect and why
• Our legal bases for processing personal data
• How and where we store your personal data
• How we safeguard your personal data
• Your rights and how to exercise them
• Our policies regarding cookies, automated decision-making, and third-party sharing
• Mobile app-specific practices
• How we update and communicate changes to this Privacy Policy

We have designed this document to be as transparent, granular, and clear as possible, reflecting best practices for responsible AI and data privacy. If you have questions or concerns, please contact:

Scope of this Policy

This Privacy Policy applies to any personal data we collect or process in relation to:

• Our Website and Online Platforms: wp.yourpersonalai.net and any associated domains or subdomains.
• Mobile or Desktop Applications: Any official applications or software provided under the Your Personal AI brand.
• Communications: Email, telephone, live chat, or other forms of direct interaction with our customer support, sales, or marketing teams.
• Third-Party Integrations and Services: When third-party platforms, apps, or websites link to or refer to our Privacy Policy and you choose to interact with them.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you disagree with any part of it, please discontinue use of our services.

Definitions

To avoid ambiguity, here are some key terms we use:

• Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, email address, IP address).
• Processing: Any operation performed on personal data (e.g., collection, storage, retrieval, disclosure).
• Data Controller: The entity that determines the purposes and means of processing personal data (Your Personal AI in this context).
• Data Processor: A third party that processes personal data on behalf of the Data Controller under a contractual agreement (e.g., cloud hosting providers).
• Data Subject: The individual to whom personal data relates (you, the user).

What Personal Data We Collect

We aim to collect only the data necessary to fulfill the purposes described in this Privacy Policy (data minimization principle).

Information You Provide Directly

• Contact Details: Such as your name, email address, postal address, or phone number when you create an account, subscribe to a newsletter, or contact us for support.
• Account Credentials: Usernames, passwords, and other security details necessary to access specific features of our services.
• User-Generated Content: Any personal data you submit during customer support interactions, forum posts, or feedback surveys.
• Payment Information (If Applicable): In some cases, we may collect billing information, though payment card details are typically handled by secure third-party payment processors.

Automatically Collected Information

We use first-party and third-party cookies, device identifiers, and similar technologies to automatically collect:

• Technical Data: IP address, browser type, browser language, operating system, device identifiers, mobile network information, and system configurations.
• Usage Data: Web pages visited, links clicked, time spent on each page, and navigation paths through our site or apps.
• Log Data: Server logs capturing details about your sessions, error reports, and performance diagnostics.

Information from Third Parties

• Analytics Providers: We may receive anonymized or aggregated data regarding user engagement and demographics from analytics tools.
• Advertising Networks: With your consent, we might receive IDs or demographic segments for better ad targeting or frequency capping.
• Social Media Platforms: If you link your account or sign in through a third-party service, we may receive information such as your profile details or contact lists (subject to your privacy settings on those platforms).

Children's Data

We do not knowingly collect personal data from individuals under the age of 16 (or applicable lower age threshold in certain jurisdictions). If you believe we may have inadvertently processed such data, please contact us immediately so that we can delete it.

Legal Bases for Processing Personal Data

In accordance with GDPR (Articles 6 and 9), we only process your personal data when we have a valid legal basis. These include:

Consent (Article 6(1)(a))

We rely on consent when you proactively agree to specific processing activities, such as receiving newsletters or participating in optional promotional events. You can withdraw consent at any time by emailing us or updating your account settings.

Contractual Necessity (Article 6(1)(b))

When you use our platform or services, we may process your personal data to fulfill our contractual obligations (e.g., providing access to features that require authentication).

Legitimate Interests (Article 6(1)(f))

We may process data to pursue our legitimate interests, such as improving service performance, enhancing security, preventing fraud, or performing limited direct marketing, provided these interests do not override your fundamental rights and freedoms.

Legal Obligations (Article 6(1)(c))

In certain circumstances, we must process or retain specific personal data to comply with legal, regulatory, or tax requirements (e.g., accounting data).

Special Categories of Data (Article 9)

We generally do not collect special categories of data (e.g., health information, political opinions). If we ever need to process such data, we will do so under strict compliance with relevant GDPR provisions and only with explicit consent or other lawful grounds.

How We Use Your Personal Data

Our primary objective in collecting and processing personal data is to deliver and improve our AI-driven products and services responsibly. Specifically, we may use your data for:

Service Provision and Enhancement

• Operating our platform, delivering core features, and maintaining a seamless user experience.
• Personalizing content, recommendations, or user interfaces based on your preferences.

Customer Support and Communication

• Responding to inquiries, troubleshooting technical issues, and providing updates on service availability.
• Sending important account-related notifications (e.g., password resets, security alerts).

Marketing and Promotional Activities

• Sending newsletters, product updates, or event invitations when you have provided your consent.
• Offering personalized advertisements or product recommendations, subject to your opt-in for such activities.

Analytics, Research, and Development

• Evaluating user interactions to improve usability, optimize performance, and refine our AI models.
• Aggregating data to identify trends, measure effectiveness of new features, and make data-driven decisions.

Compliance and Risk Management

• Meeting legal, regulatory, or contractual obligations (e.g., maintaining tax records, responding to governmental requests).
• Detecting, investigating, and mitigating fraudulent or illegal activities that could harm users or our systems.

Data Retention and Deletion

We abide by the storage limitation principle (Article 5(1)(e) GDPR). Personal data is stored only for as long as needed to fulfill the purposes outlined above or to comply with applicable legal obligations. Retention periods vary by data category:

• Marketing Data: Held until you withdraw your consent or up to 2 years from your last interaction (newsletter opens, link clicks, or website visits), whichever occurs first.
• Contractual Data: Preserved for the length of the contract plus 5 years, allowing us to comply with legal or auditing requirements.
• Accounting and Tax Data: Stored for up to 7 years per applicable financial regulations.
• Support and Inquiries: Maintained for 1 year post-resolution unless legally required otherwise.

Backup and Archival: We securely store backups for disaster recovery purposes, with retention schedules that match or exceed the intervals noted above. Once these intervals expire, data is deleted, anonymized, or otherwise rendered irretrievable.

Data Security Measures

We implement a multi-layered security approach that aligns with GDPR Article 32, ensuring the integrity and confidentiality of personal data:

Encryption:

• In Transit: We use strong encryption protocols (e.g., TLS 1.2 or higher) to protect data transmitted between your device and our servers.
• At Rest: Personal data in our databases is encrypted using industry-standard algorithms (e.g., AES-256).

Access Controls:

• Role-based permissions ensure only authorized personnel with a legitimate need can access personal data.
• All access is logged and regularly audited.

Network Security:

• Firewall protection, intrusion detection systems (IDS), and intrusion prevention systems (IPS) guard our infrastructure.
• Frequent security updates and patch management help protect against known vulnerabilities.

Incident Response & Breach Notification:

• We maintain robust incident response procedures to identify, contain, and remediate security threats.
• In the event of a data breach that presents a risk to your rights and freedoms, we will promptly notify you and the relevant supervisory authority in accordance with Articles 33 and 34 of the GDPR.

Regular Assessments:

• Periodic security testing (e.g., penetration tests, vulnerability scans) and audits ensure continuous improvement and adherence to recognized cybersecurity practices.

Privacy by Design and Default

In alignment with GDPR Article 25, we embed privacy considerations into the design and development of our products and services. This means:

• Data Minimization: We only collect personal data that is strictly necessary for a given purpose.
• Default Settings: Our default product settings are configured to favor data protection.
• Continuous Monitoring: We regularly review internal processes to validate that data is handled in the most privacy-centric manner possible.

Automated Decision-Making and Profiling

No Significant Automated Decisions:

We do not engage in automated decision-making processes that produce legal or similarly substantial effects on individuals without explicit user consent.

AI Model Training and Profiling:

• Any personal data used in AI model training is carefully sanitized and/or anonymized to prevent identification of data subjects.
• We only utilize aggregated datasets for algorithmic optimization to avoid storing personal data in the final model outputs.

Future Changes:

Should we ever introduce new features involving automated decisions or higher-level profiling, we will provide explicit notice, obtain any required consents, and ensure you have the right to object or request human intervention.

International Data Transfers

Servers Within the EU/EEA:

We store all personal data on secure servers located within the European Union (EU) and/or the European Economic Area (EEA).

Exceptional Transfers:

If, in rare circumstances, we need to transfer data outside the EEA, we will do so only under recognized mechanisms (e.g., Standard Contractual Clauses, adequacy decisions, or Binding Corporate Rules) that ensure an equivalent level of data protection.

Notification and Consent:

We will inform you if such international transfers become necessary and, where required by law, obtain your explicit consent.

Third-Party Processors and Sub-Processors

IT and Infrastructure Services:

We use specialized EU-based providers for hosting, data storage, and infrastructure management. These providers act as Data Processors under strict contractual agreements that reflect GDPR requirements.

Marketing and Advertising Partners:

• We may share limited data with advertising networks to tailor or measure the effectiveness of ads, but only with your explicit opt-in.
• Whenever possible, pseudonymization or anonymization techniques are applied to minimize data exposure.

Analytics Providers:

• Tools like Google Analytics or similar platforms help us understand user behavior.
• Data shared is typically anonymized or aggregated, ensuring your identity remains protected.

Due Diligence and Contracts:

Before engaging any third-party processor, we perform a thorough privacy and security assessment. We require each processor to sign a Data Processing Agreement (DPA) that addresses GDPR obligations, data security measures, breach notifications, and confidentiality clauses.

Cookies and Tracking Technologies

We use various categories of cookies and tracking technologies to enhance your experience, analyze traffic, and personalize content:

Essential Cookies:

Required for core functionality, such as logging in securely or maintaining session states.

Analytics Cookies:

• Gather data on how visitors interact with our site.
• Help us identify areas for improvement and measure new feature performance.

Preference Cookies:

Store your preferences (e.g., language settings), allowing us to customize the site to your needs.

Marketing Cookies:

• Used with your explicit consent to display relevant ads or measure advertising effectiveness.
• Typically set by third-party ad networks or social media platforms.

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may impact site functionality or performance. For further details, see our standalone Cookie Policy.

Mobile App-Specific Privacy Provisions

This section explains how Your Personal AI collects and processes data specifically through our mobile applications, including compliance with Google Play Store and Apple App Store policies.

Voice Recording Data

We collect and process voice recordings when you use our mobile application's recording features. Recordings are collected only when you actively initiate the recording function. They are used for AI training and quality assessment, stored locally before upload, and are encrypted in transit (TLS 1.2+) and at rest (AES-256). Voice recordings are retained for a specified period and anonymized after processing. You can request deletion of your recordings through the app settings or by contacting our DPO.

Mobile App Permissions

Our app requires certain permissions to function properly. This includes:

• Microphone Access: Essential for recording your voice during active sessions.
• Storage Access: To save recordings locally before uploading and enable offline functionality.
• Network Access: To upload recordings, download projects, and synchronize data.
• Background Processing: To complete uploads even if the app is minimized.

Device-Specific Data Collection

When you use our mobile application, we may collect device-specific information including:

• Device model, operating system version, and unique identifiers.
• Screen resolution and orientation for UI optimization.
• Available storage and battery level for managing recording capabilities.
• App performance metrics and usage analytics.

Offline Functionality

Our mobile app includes offline capabilities:

• Offline Recording: Recordings can be created without an internet connection and stored locally.
• Data Synchronization: Pending uploads are processed automatically when connectivity is restored.
• Local Data Management: You can manage, play back, and delete local recordings before they are uploaded.

Google Play Data Safety Section

In compliance with Google Play requirements, we summarize our data practices:

• Audio (voice recordings): Collected for app functionality and AI training; not shared with third parties.
• Personal info: Collected for account management; not shared.
• App activity: Collected to improve app performance; may be shared optionally.
• Device ID: Collected for security and fraud prevention; not shared.

All data is encrypted in transit and at rest, and you can request deletion of your data.

Apple App Store Requirements

In compliance with Apple’s App Store Guidelines, we disclose our privacy practices:

• App Tracking Transparency (ATT): We do not track users across third-party apps or websites unless explicitly permitted.
• Data Types Collected: Includes voice recordings, device identifiers, and usage analytics, but excludes health or fitness data.
• User Control & Data Deletion: Users can request deletion of their data or manage recordings in-app.
• No Unauthorized Sharing: We do not sell personal information or share sensitive data with advertisers.

Your Rights Under GDPR

In accordance with GDPR (Articles 12–22), you have the following rights regarding your personal data. To exercise these rights, please email our Data Protection Officer at dpo@wp.yourpersonalai.net.

Right of Access (Article 15):

• Obtain confirmation as to whether or not we are processing your personal data.
• Request a copy of the personal data undergoing processing.

Right to Rectification (Article 16):

• Request the correction or update of inaccurate or incomplete data.

Right to Erasure (Article 17):

• Also known as the "Right to be Forgotten."
• Request deletion of your personal data under certain conditions (e.g., no longer necessary for the purpose collected, or unlawful processing).

Right to Restrict Processing (Article 18):

• Ask us to limit the processing of your personal data if you contest its accuracy or the lawfulness of the processing, or if you object to processing based on legitimate interests pending verification.

Right to Data Portability (Article 20):

• Receive personal data concerning you in a structured, commonly used, machine-readable format.
• Request direct transmission to another controller, where technically feasible.

Right to Object (Article 21):

• Object to processing based on legitimate interests, including direct marketing.
• We will cease processing unless we demonstrate compelling legitimate grounds that override your rights and interests.

Right to Withdraw Consent (Article 7(3)):

• If processing is based on your consent, you may withdraw this consent at any time without affecting the lawfulness of processing before withdrawal.

Right Not to Be Subject to Automated Individual Decision-Making (Article 22):

• If you are subject to a decision based solely on automated processing that significantly affects you, you may request human intervention.

How to Exercise Your Rights

Contact Our DPO: If you wish to exercise any of the rights described above, please email dpo@wp.yourpersonalai.net with the subject line "GDPR Rights Request." Provide sufficient detail to identify yourself (e.g., your account email, relevant timestamps) and clarify the nature of your request.

We will acknowledge your request promptly, typically within a few business days, and will respond substantively no later than one month from receipt. If additional time is required—due to the complexity or number of requests—we may extend the response period by up to two further months. In such cases, we will inform you of the extension and the reasons for it within one month of your initial request.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the CCPA/CPRA, including:

• Right to Know: Request details about the personal information we collect, its sources, and sharing purposes.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate information.
• Right to Opt-Out: Opt out of the sale or sharing of your personal information for targeted advertising.
• Right to Limit Use of Sensitive Information: Restrict the use of sensitive personal information, including biometric data.

To exercise these rights, please contact us at dpo@wp.yourpersonalai.net.

Data Protection Officer (DPO) and Supervisory Authority

Data Protection Officer (DPO):

We have appointed a DPO who is responsible for overseeing our data protection strategy and GDPR compliance.

You can reach the DPO at dpo@wp.yourpersonalai.net or via mail at:

Supervisory Authority:

If you believe we have infringed upon your rights under the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your residence, place of work, or where the alleged infringement took place.

In Norway, you may contact Datatilsynet (Norwegian Data Protection Authority) at:

Changes to This Privacy Policy

We regularly review and update this Privacy Policy to maintain alignment with evolving regulations, industry standards, and new organizational processes. When we make substantial changes, we will:

• Post an updated version on this page with a new "Last Updated" date.
• Notify users via email or in-service alerts if the changes significantly affect your rights or the ways we handle your data.

Continued use of our services after these updates becomes effective indicates your acknowledgment of the revised policy.

Contact Us

If you have additional questions or concerns about our privacy practices, would like more information, or wish to exercise any of your rights, please reach out: