PRIVACY POLICY

Privacy Policy for Alhambra AI

Effective Date:

1.0 Introduction and Scope

1.1 Who We Are

This Privacy Policy is issued by Alhambra AI ("Alhambra AI," "we," "us," or "our"). We are committed to protecting the privacy and security of the information we collect from you. This policy outlines our practices concerning the collection, use, and disclosure of your personal data when you interact with our services. For the purposes of applicable data protection laws, such as the General Data Protection Regulation (GDPR), Alhambra AI is the data controller of the personal data processed through the Services.  

1.2 Applicability of this Policy

This Privacy Policy applies to your use of the website www.alhambraai.io, including any associated applications, software, and services provided by Alhambra AI (collectively, the "Services"). It governs any interaction you may have with us, whether by visiting our website, creating an account, or using our AI-powered tools. This policy does not apply to any third-party websites, services, or applications, even if they are accessible through our Services.  

1.3 Acceptance and Changes to this Policy

By accessing or using our Services, you signify your understanding of and agreement with the terms of this Privacy Policy. If you do not agree with this policy, you must not use our Services.

We reserve the right to modify this Privacy Policy at any time. We will post any changes on this page and update the "Effective Date" at the top. For material changes, we will provide more prominent notice, such as by sending an email notification or displaying a notice within the Services. Your continued use of the Services after such changes have been made constitutes your acceptance of the new Privacy Policy. We encourage you to review this policy periodically to stay informed about our data practices.  

2.0 Information We Collect

To provide and improve our Services, we collect information in several ways. The data we collect can be categorized as follows:

2.1 Data You Provide Directly

When you interact with our Services, you may provide us with certain information directly. This includes:

  • Account Information: When you register for an account, we collect information necessary for account creation and management, such as your name, email address, chosen password, and contact details. If you subscribe to a paid plan, we will also collect payment information, such as your credit or debit card details and billing address, which are processed by our third-party payment processors.  

  • User Content: As an AI service, we collect the data you input into our platform. This includes any text, prompts, documents, questions, or other information you provide to be processed by our AI models ("User Content"). This is essential for the core functionality of the Services.  

  • Communications: If you contact us for customer support, provide feedback, participate in a survey, or communicate with us in any other way, we will collect the information you provide in your communications, such as your contact information and the content of your message.  

2.2 Data We Collect Automatically

When you use our Services, we automatically collect certain information about your device and your usage of the Services. This includes:

  • Usage Data & Technical Information: We collect data about your interactions with our Services. This includes your IP address, browser type and version, device identifiers (such as IMEI number for phones), operating system, the features you use, the pages you visit, the time and date of your access, crash data, and other diagnostic and performance data. This information helps us understand how our Services are being used, troubleshoot issues, and improve performance.  

  • Location Information: We may determine your approximate location from your IP address. We use this information for security purposes (e.g., detecting suspicious login activity) and to personalize your experience. We do not collect precise geolocation data without your explicit consent.  

  • Cookies and Tracking Technologies: We use cookies, pixels, and similar tracking technologies to operate and administer our Services, gather usage data, and improve your experience. For example, we use cookies to keep you logged in and remember your preferences. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features of the Services.  

2.3 Data from Third Parties

We may also receive information about you from third-party sources. This includes:

  • Third-Party Logins: If you choose to create an account or log in to our Services using a third-party service (such as Google or Apple), we will receive information from that service, such as your name, email address, and profile picture, as permitted by your privacy settings on that service.  

  • Service Providers and Partners: We may receive information from our business partners and service providers, such as analytics providers who help us understand our user base or payment processors who provide us with transaction details.  

3.0 How We Use Your Information

We use the information we collect for various purposes, grounded in different legal bases, such as the necessity to perform a contract with you, our legitimate business interests, or your consent. These purposes include:

3.1 To Provide, Maintain, and Secure the Service

We use your information to deliver the core functionality of our Services. This includes creating and managing your account, processing your subscriptions and payments, responding to your requests, and providing customer support. We also use your data for security purposes, such as authenticating users, preventing fraud and misuse, and protecting the integrity of our systems.  

3.2 To Improve and Develop Our Services (AI Model Training)

A central part of our mission is to continuously improve our AI models and services. To achieve this, we may use User Content to train, fine-tune, and enhance the underlying algorithms and models that power our Services. This process is fundamental to making our AI more accurate, capable, and safe.

We are committed to transparency and user control in this process. You have the right to opt-out of having your User Content used for the purpose of training our AI models. You can exercise this right through your account settings or by contacting us directly.

Furthermore, we may aggregate or de-identify personal data so that it can no longer be used to identify you. We use this anonymized data for research, analytics, and to develop new features and services. In line with best practices, we commit to maintaining and using this information in its de-identified form and will not attempt to re-identify it, except as required by law.  

3.3 To Communicate with You

We use your contact information to send you important administrative and service-related communications, such as updates to our terms, security alerts, and transaction confirmations. Because this information is crucial to your interaction with us, you may not opt out of these communications. With your consent, we may also send you promotional and marketing communications about new products, features, or offers that we believe may be of interest to you. You can opt out of receiving marketing communications at any time.  

3.4 Legal Compliance

We may use and disclose your information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities.  

4.0 How We Share and Disclose Information

We do not sell your personal data. We may share your information only in the following limited circumstances:

  • With Service Providers: We share information with third-party vendors, consultants, and other service providers who perform services on our behalf. These may include cloud hosting providers, payment processors, analytics companies, and customer support providers. These parties are contractually obligated to use your data only to perform services for us and to protect it with appropriate confidentiality and security measures.  

  • Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to a successor or affiliate as part of that transaction. We will notify you of any such deal and inform you of your choices in that event.  

  • Legal Requirements and Protection of Rights: We may disclose your information if we believe in good faith that it is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights, property, or safety of Alhambra AI, our users, or the public; (c) prevent or investigate possible wrongdoing in connection with the Services; or (d) protect against legal liability.  

  • With Your Consent: We may share your information with other third parties when we have your explicit consent to do so.

5.0 Data Security and Retention

5.1 Security Measures

We implement and maintain commercially reasonable technical, administrative, and organizational measures designed to protect your personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no internet or email transmission is ever fully secure or error-free, and we cannot guarantee "perfect security." You should take special care in deciding what information you send to us via the Services.  

5.2 Retention Policy

We will retain your personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, including to provide you with the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria used to determine our retention periods include the duration of your relationship with us, the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.  

6.0 Your Data Protection Rights

Depending on your location, you may have certain statutory rights in relation to your personal data. We are committed to upholding these rights for all our users, regardless of their location, wherever feasible. The provision of clear, accessible data rights is a cornerstone of a modern, trustworthy data privacy framework. It ensures compliance with global standards like GDPR and CCPA and empowers users with meaningful control over their information. The following bullet points summarize these rights to provide a clear and comparative overview, acknowledging that terminology and applicability may vary by jurisdiction:

  • Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it. This right is applicable in all jurisdictions.

  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data we hold about you. This right is applicable in all jurisdictions.

  • Right to Erasure / Deletion: You have the right to request the deletion of your personal data from our records, subject to certain legal exceptions. This right is primarily applicable in the European Economic Area (EEA) / UK (under GDPR), California (under CCPA), and other regions with similar laws.

  • Right to Restrict Processing: You have the right to request that we limit how we process your personal data in certain circumstances. This right is primarily applicable in the EEA / UK (under GDPR).

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have it transferred to another controller where technically feasible. This right is primarily applicable in the EEA / UK (under GDPR).

  • Right to Object to Processing: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing. This right is primarily applicable in the EEA / UK (under GDPR).

  • Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the "sale" or "sharing" of your personal data for purposes like cross-context behavioral advertising. (Note: Alhambra AI does not sell personal data). This right is primarily applicable in California (under CCPA).

  • Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time. This right is applicable in all jurisdictions where consent is the legal basis for processing.

6.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@alhambraai.io. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.  

7.0 International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States, please be aware that we transfer data, including personal data, to the United States for processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers of personal data from the EEA, UK, and Switzerland, we rely on legal mechanisms such as the European Commission's Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

8.0 Policy Towards Children

Our Services are not directed to individuals under the age of 13 (or a higher age as required by applicable law in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information from our files as soon as possible.  

9.0 Contact Information

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:

Alhambra AI Email: privacy@alhambraai.io [Physical Address, if applicable]

If you are in the EEA or UK, you may also contact our designated representative or Data Protection Officer (DPO) at the same email address.