Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how Tech4Biz collects, uses, processes, stores, shares, and protects personal information in connection with the LLM Firewall service, including all associated software applications, APIs, browser extensions, web dashboards, and related services.

This Policy applies to all users of the Service, including individual users, enterprise customers, and team members. By accessing or using the Service, you acknowledge that you have read, understood, and consent to the data practices described in this Policy.

2. Information We Collect

2.1 Personal Information Collected Directly

a) Account and Registration Data:

  • Full name, email address, username, and organizational affiliation
  • Job title, department, and professional contact information
  • Account preferences, settings, and configuration data
  • Authentication credentials (passwords are cryptographically hashed and never stored in plaintext)

b) Identity Verification Data:

  • Multi-factor authentication tokens and backup codes
  • Security questions and answers (where applicable)
  • Identity verification documents (for enterprise accounts)

c) Payment and Billing Information:

  • Billing address, payment method details, and transaction history
  • Tax identification numbers and invoicing information
  • Subscription plan details and usage-based billing data

2.2 Information Collected Automatically

a) Service Usage Data:

  • Prompts, queries, and responses processed through the Service
  • API calls, request/response metadata, and processing timestamps
  • User interactions with dashboards, interfaces, and system features
  • Error logs, system performance metrics, and diagnostic information

b) Technical and Device Information:

  • IP addresses, browser types, operating systems, and device identifiers
  • Network information, connection details, and geographic location data
  • Cookies, session tokens, and other tracking technologies
  • System configurations and integration details

c) Security and Audit Logs:

  • Login attempts, authentication events, and access patterns
  • Security incidents, threat detection alerts, and response actions
  • Administrative actions, permission changes, and system modifications
  • API key usage patterns and security-related events

3. Lawful Basis for Processing

We process personal information based on the following lawful bases:

3.1 Contractual Necessity

Processing necessary for the performance of our contract with you, including service delivery, account management, and customer support.

3.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

  • Service security, fraud prevention, and threat detection
  • System monitoring, performance optimization, and troubleshooting
  • Business analytics, product development, and service improvement
  • Legal compliance and regulatory reporting

3.3 Legal Obligations

Processing necessary to comply with applicable laws, regulations, court orders, and legal processes.

3.4 Consent

Processing based on your explicit consent, which you may withdraw at any time through your account settings or by contacting us.

4. How We Use Your Information

4.1 Service Provision and Management

  • Account Management: Creating, maintaining, and managing user accounts and profiles
  • Service Delivery: Providing core Service functionality, including LLM monitoring and security features
  • Authentication and Access Control: Verifying user identity and managing access permissions
  • Customer Support: Responding to inquiries, troubleshooting issues, and providing technical assistance

4.2 Security and Compliance

  • Threat Detection: Monitoring for security threats, suspicious activities, and policy violations
  • Incident Response: Investigating security incidents and implementing protective measures
  • Compliance Monitoring: Ensuring adherence to applicable laws, regulations, and industry standards
  • Audit and Reporting: Maintaining audit trails and generating compliance reports

4.3 Service Improvement and Analytics

  • Performance Optimization: Analyzing usage patterns to improve Service performance and reliability
  • Feature Development: Understanding user needs to develop new features and capabilities
  • Quality Assurance: Monitoring Service quality and identifying areas for improvement
  • Research and Development: Conducting anonymized research to advance LLM security technologies

5. Data Sharing and Disclosure

No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their commercial purposes.

5.1 Service Providers and Vendors

We may share personal information with trusted third-party service providers who assist us in:

  • Cloud hosting and infrastructure services
  • Payment processing and billing management
  • Email delivery and communication services
  • Security monitoring and threat intelligence
  • Analytics and performance monitoring

5.2 Legal and Regulatory Disclosure

We may disclose personal information when required or permitted by law, including:

  • Compliance with court orders, subpoenas, or legal processes
  • Protection of our rights, property, or safety, or that of others
  • Investigation of fraud, security incidents, or illegal activities
  • Cooperation with law enforcement or regulatory authorities

6. Data Retention and Deletion

6.1 Retention Principles

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, and resolve disputes.

6.2 Specific Retention Periods

a) Account Information:

  • Active accounts: Retained for the duration of the service relationship
  • Inactive accounts: Automatically deleted after [X] months of inactivity
  • Deleted accounts: Permanently removed within [X] days of deletion request

b) Usage and Log Data:

  • Prompt and response logs: Configurable retention periods (default [X] months)
  • Security and audit logs: Retained for [X] years for security and compliance purposes
  • System performance data: Retained for [X] months for optimization purposes

6.3 Data Deletion Rights

You may request deletion of your personal information by:

  • Using account deletion features in the Service dashboard
  • Contacting our privacy team at [PRIVACY_EMAIL]
  • Submitting a formal deletion request through our privacy portal

7. Data Security and Protection

7.1 Security Measures

We implement comprehensive security measures to protect your personal information:

a) Technical Safeguards:

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication and access controls
  • Regular security audits and penetration testing
  • Automated threat detection and response systems

b) Administrative Safeguards:

  • Employee privacy and security training programs
  • Access controls based on job responsibilities and need-to-know principles
  • Regular review and updating of security policies and procedures
  • Incident response plans and breach notification procedures

7.2 Data Processing Locations

Your personal information may be processed and stored in [COUNTRIES/REGIONS] where our servers and service providers are located. We ensure that adequate privacy protections are in place regardless of processing location.

8. Cookies and Tracking Technologies

8.1 Types of Cookies Used

a) Essential Cookies:

  • Authentication and session management cookies
  • Security and fraud prevention cookies
  • Load balancing and performance optimization cookies

b) Functional Cookies:

  • User preference and settings cookies
  • Language and localization cookies
  • Feature customization cookies

8.2 Cookie Management

You can control cookies through your browser settings, but please note that disabling certain cookies may affect Service functionality.

9. Your Privacy Rights

9.1 Access and Portability Rights

You have the right to:

  • Access your personal information held by us
  • Receive a copy of your data in a commonly used format
  • Request information about how your data is processed
  • Download your data through our self-service tools

9.2 Correction and Update Rights

You may:

  • Update your account information through the Service dashboard
  • Request correction of inaccurate or incomplete data
  • Modify your communication preferences and settings
  • Update your consent preferences

9.3 Deletion and Restriction Rights

You may:

  • Request deletion of your personal information
  • Restrict certain types of data processing
  • Object to processing based on legitimate interests
  • Withdraw consent for specific processing activities

10. International Data Transfers

10.1 Cross-Border Transfers

We may transfer your personal information to countries outside your jurisdiction for processing and storage. When we do so, we ensure adequate protection through:

  • Adequacy decisions by relevant privacy authorities
  • Standard contractual clauses approved by privacy regulators
  • Binding corporate rules and internal privacy frameworks
  • Certification programs and codes of conduct

11. Children's Privacy

11.1 Age Restrictions

The Service is not intended for use by children under the age of 18. We do not knowingly collect, use, or disclose personal information from children.

11.2 Parental Rights

If you believe we have collected personal information from a child without proper consent, please contact us immediately. We will investigate and delete such information promptly.

12. Regional Privacy Considerations

12.1 European Union (GDPR)

For EU residents, we comply with the General Data Protection Regulation (GDPR), including:

  • Lawful basis requirements for processing
  • Enhanced rights for data subjects
  • Data protection impact assessments
  • Appointment of Data Protection Officer (where required)

12.2 California (CCPA/CPRA)

For California residents, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • Right to know about personal information collection and use
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights

13. Updates to This Privacy Policy

13.1 Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or Service features. Material changes will be communicated through:

  • Email notifications to registered users
  • Prominent notices on the Service dashboard
  • Updates posted on our website
  • In-app notifications and alerts

13.2 Effective Date

Policy changes become effective on the date specified in the updated Policy. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

14. Contact Information

14.1 Privacy Team

For questions, concerns, or requests related to this Privacy Policy, please contact:

Privacy Team

[COMPANY NAME]
[ADDRESS]
Email: [PRIVACY_EMAIL]
Phone: [PRIVACY_PHONE]
Privacy Portal: [PRIVACY_PORTAL_URL]

Data Protection Officer

If required by applicable law, our Data Protection Officer can be reached at:
Email: [DPO_EMAIL]
Phone: [DPO_PHONE]

15. Acknowledgment and Consent

Important Notice

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE DATA PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

If you do not agree with any aspect of this Policy, please do not use the Service.

This Privacy Policy was last updated on [DATE]. Please review this Policy periodically for changes and updates.

Document Version: [VERSION_NUMBER]
Legal Review Date: [LEGAL_REVIEW_DATE]
Next Scheduled Review: [NEXT_REVIEW_DATE]