Privacy Policy

Effective date: 1 January 2025

Deftify AI (“we”, “our”, or “us”) respects your privacy. This Policy describes how we collect, use, disclose, and safeguard your information when you use our websites or AI services (“Services”).

1. Information We Collect

• Information you provide: name, email, billing details, and any files or text you upload (“Customer Content”).
• Automatically collected: IP address, browser type, device identifiers, pages visited, timestamps, and cookies.
• Generated data: log files, error reports, and model outputs derived from Customer Content.

2. Legal Bases (GDPR)

We process personal data only when we have a lawful basis: contract performance, legitimate interests, legal obligation, or your consent.

3. How We Use Information

• Provide, maintain, and improve the Services.
• Train and fine-tune models (data is anonymized or aggregated where required).
• Respond to support requests.
• Send transactional messages and, where you opt-in, marketing emails.
• Detect security incidents and prevent fraud.

4. Data Retention

We keep Customer Content only as long as necessary to provide the Services and as required by law. Aggregated or anonymized data may be retained indefinitely.

5. Sharing & Disclosure

We never sell personal data. We may share it with:

• Service providers: cloud-hosting, payment processors, email delivery, under contractual obligations.
• Legal authorities: when required by law or to protect our rights.
• Business transfers: in connection with a merger or sale of assets (we will notify you).

6. Cookies & Tracking

We use essential cookies for authentication, preference cookies for UI settings, and analytics cookies (Google Analytics). You can manage non-essential cookies through your browser or our cookie banner.

7. International Transfers

If you are located in the EEA, UK, or Switzerland, your data may be transferred to countries not recognized as adequate by the European Commission. We rely on Standard Contractual Clauses or other lawful mechanisms.

8. Security

We implement industry-standard measures: TLS in transit, encryption at rest, role-based access control, annual penetration tests, and SOC-2-compliant vendors.

9. Your Rights

• GDPR: right of access, rectification, erasure, restriction, data portability, and objection. You may lodge a complaint with your local supervisory authority.
• CCPA/CPRA: right to know, delete, correct, and opt-out of “sharing” (we do not sell data). We do not use personal data for automated decision-making that produces legal or similarly significant effects without providing an opt-out.

Exercise any right by emailing privacy@Deftify.ca. We will verify your identity before fulfilling the request.

10. Children

The Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently done so, contact us and we will promptly delete the data.

11. Changes to This Policy

We may update this Policy from time to time by posting a new version on this page with a revised effective date.

12. Contact

Questions? Email privacy@Deftify.ca or write to: