Privacy Policy

AIVORYS LLC
Privacy Policy
Effective Date: June 1, 2025
Last Updated: June 1, 2025

1. Introduction and Scope
   Aivorys, LLC. (“Aivorys,” “we,” “our,” or “us”) is committed to protecting your personal data. This Privacy
   Policy explains how we collect, use, disclose, and safeguard information when you visit our website at
   https://aivorys.com, use our cloud computing infrastructure, artificial intelligence (AI) services,
   automation tools, chatbot solutions, voice-agent platforms, and any related services (collectively, the
   “Services”).
   This Policy applies to all individuals who interact with our Services, including website visitors, registered
   users, business customers, and their end-users, wherever they are located globally. Please read this
   Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood,
   and agree to the practices described herein.
   If you do not agree with this Privacy Policy, please discontinue use of our Services and contact us to
   discuss your concerns.
2. Data Controller and Contact Information
   For purposes of applicable privacy law, Aivorys, LLC. is the data controller responsible for your personal
   information. If you have any questions, requests, or concerns about this Privacy Policy or how we
   process your data, please contact:
   Aivorys, LLC.
   1831 Solano Ave #7024
   Berkeley, CA 94707
   United States
   Email: david@aivorys.com
   Phone: (510) 849-9420

Aivorys — Privacy Policy | Confidential | Page 2 of 10

Website: https://aivorys.com

3. Personal Data We Collect
   We collect different categories of personal data depending on how you interact with our Services:

3.1 Information You Provide Directly
 Identity and contact information: full name, email address, phone number, job title, company name
 Account credentials: username, password (stored in encrypted form), security questions
 Billing and payment information: credit card details (processed by third-party payment processors),
billing address, invoice details
 Communications: messages, inquiries, feedback, and support requests you submit to us
 Contractual information: details shared during onboarding, service agreements, or procurement
processes

3.2 Information Collected Automatically
 Usage data: pages visited, features accessed, session duration, click paths, and interactions with our
platform
 Device and technical data: IP address, browser type and version, operating system, device identifiers
 Log data: access logs, error logs, and system event data
 Cookies and tracking data: as described in Section 7 below
 Inferred data: information we derive from your usage patterns, preferences, and interactions

3.3 Information from Third Parties
 Data from integration partners: when you connect third-party applications or services to our platform
 Public sources: publicly available professional information, such as LinkedIn profiles, where relevant to a
business relationship
 Analytics and advertising partners: aggregated and pseudonymized data from third-party analytics
services

3.4 Customer-Submitted Data (Business Customers)
If you are a business customer using our Services to deploy chatbots, voice agents, or automation
workflows, you may upload or process data belonging to your own customers or end-users through our
infrastructure. Aivorys processes such data as a data processor on your behalf, subject to our Data
Processing Agreement (DPA). You are the data controller for such data and are responsible for its lawful
collection and use.

Aivorys — Privacy Policy | Confidential | Page 3 of 10

4. How We Collect Your Data
    Directly from you when you register for an account, complete a contact form, or request a
   demonstration
    Automatically via cookies, web beacons, pixels, and similar technologies when you use our website or
   Services
    Through API integrations when you connect your systems to our platform
    From third-party service providers, including payment processors, analytics providers, and cloud
   infrastructure partners
    During customer support interactions, including email, chat, and phone communications
5. Purposes and Legal Bases for Processing
   We use your personal data for the following purposes, each supported by an appropriate legal basis
   under applicable law:

5.1 Providing and Managing Our Services
We process your data to create and manage your account, deliver the Services you have requested,
process transactions, and provide technical support. Legal basis: Performance of a contract; Legitimate
interests.

5.2 Service Improvement and Development
We analyze usage patterns and feedback to improve our existing Services, develop new features, and
optimize performance. Legal basis: Legitimate interests.

5.3 Security and Fraud Prevention
We use data to detect, prevent, and respond to security threats, fraudulent activity, abuse, and
violations of our Terms and Conditions. Legal basis: Legitimate interests; Legal obligation.

5.4 Communications and Marketing
We may send you service-related communications, account updates, and, with your consent where
required, marketing materials, newsletters, or promotional offers. Legal basis: Consent; Legitimate
interests (for existing customers).

Aivorys — Privacy Policy | Confidential | Page 4 of 10

5.5 Legal Compliance
We process data to meet our legal and regulatory obligations, respond to lawful requests from
governmental authorities, and enforce our rights. Legal basis: Legal obligation; Legitimate interests.

5.6 Analytics and Research
We use aggregated and anonymized data for internal analytics, market research, and business
intelligence. Legal basis: Legitimate interests.

6. Legal Bases for Processing (GDPR)
   For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the
   following legal bases under the General Data Protection Regulation (GDPR) and applicable national law:
    Contractual necessity (Art. 6(1)(b)): Processing necessary to fulfill a contract with you or to take steps
   before entering a contract at your request
    Legal obligation (Art. 6(1)(c)): Processing required to comply with applicable law or regulatory
   requirement
    Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, such as
   improving services, preventing fraud, and ensuring security, where such interests are not overridden by
   your rights
    Consent (Art. 6(1)(a)): Processing based on your freely given, specific, informed, and unambiguous
   consent, which you may withdraw at any time without affecting the lawfulness of prior processing
    Vital interests (Art. 6(1)(d)): In rare emergency circumstances where processing is necessary to protect
   someone’s life
7. Cookies and Tracking Technologies
   We use cookies, web beacons, pixels, local storage, and similar tracking technologies to operate and
   improve our Services. Below is an overview of the types of cookies we use:

7.1 Types of Cookies
 Strictly necessary cookies: Required for the website and Services to function properly. These cannot be
disabled without impairing functionality.
 Functional cookies: Remember your preferences and settings (e.g., language, region) to provide a more
personalized experience.
 Performance and analytics cookies: Collect information about how visitors use our Services, including
pages visited and errors encountered. This data is aggregated and anonymized.

Aivorys — Privacy Policy | Confidential | Page 5 of 10

 Marketing and advertising cookies: Track your browsing habits to deliver relevant advertisements and
measure campaign effectiveness.

7.2 Your Cookie Choices
You may manage your cookie preferences through our cookie consent banner (where required by law)
or through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or
receive a notification before a cookie is stored. Note that disabling certain cookies may affect the
functionality of our Services.
For opt-out options related to analytics and advertising, you may also visit the Network Advertising
Initiative (NAI) opt-out page, the Digital Advertising Alliance (DAA) opt-out page, or your device’s privacy
settings.

8. Third-Party Services and Integrations
   Our Services integrate with or rely upon third-party service providers who may process your personal
   data on our behalf. These include, but are not limited to:
    Cloud infrastructure providers (e.g., Amazon Web Services, Google Cloud Platform, Microsoft Azure) for
   hosting and data storage
    Payment processors (e.g., Stripe, Braintree) for billing and transaction processing. We do not store full
   payment card information on our servers.
    Analytics providers (e.g., Google Analytics, Mixpanel) for understanding usage and improving our
   Services
    Customer support platforms (e.g., Intercom, Zendesk) for managing support communications
    Email and communication services (e.g., SendGrid, Mailchimp) for transactional and marketing emails
    Authentication providers for single sign-on (SSO) and identity management
   All third-party service providers are subject to data processing agreements requiring them to protect
   your data in accordance with applicable privacy laws. We conduct due diligence to select providers who
   maintain appropriate security and privacy standards.
9. Data Sharing and Disclosure
   We do not sell, rent, or trade your personal data. We may share your data in the following limited
   circumstances:
    Service providers: With third-party vendors who perform services on our behalf (see Section 8), bound
   by confidentiality and data processing obligations
    Business transfers: In connection with a merger, acquisition, sale of assets, or other business
   reorganization, subject to standard confidentiality protections

Aivorys — Privacy Policy | Confidential | Page 6 of 10

 Legal requirements: When required by law, court order, or lawful governmental authority, or to protect
the rights, property, or safety of Aivorys, our users, or others
 Affiliates and subsidiaries: With members of the Aivorys corporate family who operate under consistent
privacy standards
 With your consent: For any other purpose with your explicit prior consent
We require all recipients of personal data to maintain the confidentiality and security of such data and
to use it only for the purpose for which it was shared.

10. International Data Transfers
    Aivorys operates globally. Your personal data may be transferred to and processed in countries other
    than the country in which you reside, including the United States and other jurisdictions where our
    service providers operate. These countries may have data protection laws that differ from those in your
    country.
    For transfers from the EEA, UK, or Switzerland to countries not recognized as providing an adequate
    level of data protection, we implement appropriate safeguards, including:
     Standard Contractual Clauses (SCCs) approved by the European Commission
     Binding Corporate Rules (BCRs) where applicable
     Adequacy decisions where recognized by applicable data protection authorities
    You may request a copy of the applicable transfer mechanisms by contacting us at the address provided
    in Section 2.
11. Data Retention
    We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy,
    unless a longer retention period is required or permitted by law. Our retention criteria include:
     Account data: Retained for the duration of your account plus a reasonable period thereafter to handle
    any follow-up inquiries, disputes, or legal obligations
     Transaction and billing records: Retained for a minimum of seven (7) years to comply with applicable
    tax, accounting, and financial regulations
     Communications and support records: Retained for up to three (3) years after the resolution of the
    relevant matter
     Usage and log data: Generally retained for up to twelve (12) months for operational and security
    purposes
     Marketing data: Retained until you withdraw consent or opt out
    When personal data is no longer required, we delete or anonymize it securely in accordance with our
    data retention and destruction policies.

Aivorys — Privacy Policy | Confidential | Page 7 of 10

12. Security Practices
    Aivorys implements industry-standard technical and organizational security measures designed to
    protect your personal data against unauthorized access, disclosure, alteration, destruction, or accidental
    loss. These measures include:
     Encryption of data in transit using TLS/SSL protocols
     Encryption of data at rest using AES-256 or equivalent standards
     Access controls, role-based permissions, and multi-factor authentication
     Regular vulnerability assessments, penetration testing, and security audits
     Incident response procedures and breach notification processes
     Employee security training and confidentiality obligations
    While we take reasonable measures to protect your data, no method of electronic storage or
    transmission is completely secure. We cannot guarantee absolute security, and you use our Services at
    your own risk. In the event of a data breach that affects your rights, we will notify you in accordance
    with applicable legal requirements.
13. HIPAA Disclaimer and Healthcare Data
    IMPORTANT: STANDARD SERVICES ARE NOT HIPAA-COMPLIANT
    Aivorys’ standard cloud computing, AI, chatbot, and voice-agent services — as provided through the
    default Aivorys platform — are NOT configured or certified to comply with the Health Insurance
    Portability and Accountability Act (HIPAA) or its implementing regulations, including the HIPAA Privacy
    Rule, Security Rule, and Breach Notification Rule.
    Healthcare providers, health plans, healthcare clearinghouses, business associates, and any other
    entities that are subject to HIPAA and that intend to process, store, or transmit Protected Health
    Information (PHI) through Aivorys’ Services must NOT use the standard Aivorys platform for such data
    unless and until they have engaged Aivorys’ dedicated HIPAA-compliant infrastructure solution as
    described below.

13.1 Optional HIPAA-Compliant Infrastructure
Aivorys offers a dedicated, separately configured HIPAA-compliant infrastructure solution for qualifying
customers in the healthcare sector. This solution is available upon request and subject to a separately
executed Business Associate Agreement (BAA).

To inquire about our HIPAA-compliant infrastructure offering, please contact us at:
Email: david@aivorys.com

Aivorys — Privacy Policy | Confidential | Page 8 of 10

Phone: (510) 849-9420
Website: https://aivorys.com/contact
Unless a customer has expressly purchased and activated the HIPAA-compliant infrastructure package,
and a valid Business Associate Agreement is in place, Aivorys makes no representations, warranties, or
assurances that its Services satisfy any HIPAA requirement. Customers using standard services are solely
responsible for ensuring that they do not process PHI through such Services and for their own HIPAA
compliance obligations.

14. Your Privacy Rights
    Depending on your location and applicable law, you may have the following rights regarding your
    personal data:

14.1 Rights Under GDPR (EEA, UK, Switzerland)
 Right to access: Request a copy of the personal data we hold about you
 Right to rectification: Request correction of inaccurate or incomplete data
 Right to erasure (‘right to be forgotten’): Request deletion of your data in certain circumstances
 Right to restriction: Request that we restrict processing of your data in certain circumstances
 Right to data portability: Receive your data in a structured, commonly used, machine-readable format
 Right to object: Object to processing based on legitimate interests or for direct marketing purposes
 Right to withdraw consent: Withdraw any consent previously given without affecting prior lawful
processing
 Right to lodge a complaint with a supervisory authority: Contact your local data protection authority

14.2 Rights Under CCPA/CPRA (California Residents)
 Right to know: Request disclosure of the categories and specific pieces of personal information
collected, the sources of collection, the purposes for collection, and third parties with whom we share
information
 Right to delete: Request deletion of personal information we have collected from you, subject to certain
exceptions
 Right to correct: Request correction of inaccurate personal information
 Right to opt out of sale or sharing: We do not sell personal information within the meaning of the
CCPA/CPRA. If this changes, you will have the right to opt out.
 Right to limit use of sensitive personal information: Limit our use of sensitive personal information to
what is necessary to perform the Services
 Right to non-discrimination: You will not receive discriminatory treatment for exercising your privacy
rights

Aivorys — Privacy Policy | Confidential | Page 9 of 10

14.3 Exercising Your Rights
To exercise any of the rights listed above, please submit a verifiable request to david@aivorys.com or
through our website at https://aivorys.com/contact. We will respond to verifiable requests within the
timeframe required by applicable law (generally 30 days for GDPR, and 45 days for CCPA/CPRA, with
permissible extensions). We may need to verify your identity before fulfilling your request.
14.3 California Automatic Renewal Law Compliance
California Automatic Renewal Law Compliance
We comply with California’s Automatic Renewal Law. We will notify you, the consumer, at least 7 days
but no more than 30 days before new fees take effect. To cancel your contract with us, please notify us
in writing by sending an email to contact@Aivorys.com for Aivorys or contact@carefreecomputing.cloud
for Carefree Computing. We will confirm your cancellation date in writing.

15. Children’s Privacy
    Our Services are not directed to individuals under the age of sixteen (16) years. We do not knowingly
    collect personal data from children under 16. If we become aware that we have inadvertently collected
    personal data from a child under 16 without verifiable parental consent, we will take steps to delete
    such information as quickly as possible.
    If you are a parent or guardian and believe that your child has provided us with personal data without
    your consent, please contact us at the details provided in Section 2.
16. Third-Party Links and Integrations
    Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does
    not apply to those third parties. We encourage you to review the privacy policies of any third-party
    services you access through our platform. We are not responsible for the privacy practices or content of
    third-party websites.
17. Changes to This Privacy Policy
    We may update this Privacy Policy from time to time to reflect changes in our practices, technologies,
    legal requirements, or for other operational reasons. When we make material changes, we will notify
    you by:
     Posting the updated Privacy Policy on this page with a revised ‘Last Updated’ date
     Sending an email notification to the address associated with your account (for material changes)
     Displaying a prominent notice on our website or within our Services

Aivorys — Privacy Policy | Confidential | Page 10 of 10

Your continued use of our Services after the effective date of the updated Policy constitutes your
acceptance of the changes. We encourage you to review this Policy periodically.

18. Contact Us
    If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please
    contact us:
    Email: david@aivorys.com
    Phone: (510) 849-9420
    Website: https://aivorys.com
    Mailing Address: Aivorys LLC., 1831 Solano Ave #7024, Berkeley, CA 94707
    For EEA/UK users, if you are not satisfied with our response, you have the right to lodge a complaint
    with your national or regional data protection supervisory authority.