Privacy Policy

We collect information you provide directly to us when you create an account, use our services, or communicate with us. This includes: • Personal Information: Name, email address, phone number, company name, billing information • Usage Data: Log data, device information, IP addresses, browser type, pages visited • Business Data: Financial data, transactions, inventory records, and other data you input into our system • Communications: Messages, support tickets, and feedback you send to us We use cookies and similar tracking technologies to collect information about your browsing activities.

We use the information we collect to: • Provide, maintain, and improve our services • Process transactions and send related information • Send administrative messages, technical notices, and security alerts • Respond to your comments and questions • Provide customer support and technical assistance • Analyze usage patterns and optimize our platform • Develop new features and services • Protect against fraudulent or illegal activity • Comply with legal obligations We do not sell your personal information to third parties.

We implement industry-standard security measures to protect your data: • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) • Access Controls: Role-based access control with multi-factor authentication • Regular Audits: Security audits, penetration testing, and vulnerability assessments • Compliance: SOC 2 Type II, ISO 27001, and GDPR compliance • Monitoring: 24/7 security monitoring and incident response • Backups: Automated daily backups with point-in-time recovery While we strive to protect your data, no method of transmission over the internet is 100% secure.

We retain your information for as long as your account is active or as needed to provide services. Specific retention policies: • Account Data: Retained while your account is active • Transaction Records: Retained for 7 years for tax and audit purposes • Deleted Accounts: Data is permanently deleted within 30 days of account closure • Backups: Backup data is retained for 90 days You can request deletion of your data at any time by contacting us.

We may share your information with: • Service Providers: Cloud hosting, payment processors, analytics services (under strict confidentiality agreements) • Legal Requirements: When required by law, subpoena, or court order • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified) • With Your Consent: When you explicitly authorize us to share information We never sell or rent your personal information to third parties for marketing purposes.

Under GDPR, you have the right to: • Access: Request a copy of your personal data • Rectification: Correct inaccurate or incomplete data • Erasure: Request deletion of your data ("right to be forgotten") • Portability: Receive your data in a machine-readable format • Restriction: Limit how we process your data • Objection: Object to processing based on legitimate interests • Withdraw Consent: Withdraw consent at any time To exercise these rights, contact [email protected]

We use cookies and similar technologies for: • Essential Cookies: Required for platform functionality • Analytics Cookies: Track usage patterns and performance • Preference Cookies: Remember your settings and preferences • Marketing Cookies: Deliver relevant advertising (with consent) You can control cookies through your browser settings. Blocking essential cookies may affect platform functionality.

Our platform integrates with third-party services: • Payment Gateways: Stripe, PayPal (their privacy policies apply) • Cloud Providers: AWS, Google Cloud (data processing agreements in place) • Analytics: Google Analytics (anonymized IP addresses) • Support Tools: Intercom, Zendesk We carefully vet all third-party providers for security and privacy compliance.

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through: • EU-US Data Privacy Framework compliance • Standard Contractual Clauses (SCCs) • Data processing agreements with all vendors • Encryption during transit and at rest We comply with applicable data transfer regulations including GDPR.

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

We may update this privacy policy from time to time. We will notify you of material changes by: • Email notification to your registered email • Prominent notice on our platform • Updating the "Last Updated" date below Continued use of our services after changes constitutes acceptance of the updated policy.

For questions or concerns about this privacy policy, contact us: • Email: [email protected] • Address: Chrysolite AI, Accra, Ghana • Data Protection Officer: [email protected]