Privacy Policy

Definitions

1. Introduction

InnRay Rafał Pydyniak ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website at innray.com or use our Services, including the InnRay AI platform.

2. Information We Collect and Process

2.1. Information from Website Visitors

We collect a minimal amount of personal data from visitors to our Website:

• Contact Form Data: If you choose to contact us via a form, we collect your name, email address, and any message you provide, in order to respond to your inquiry.
• Server Logs: Like virtually all websites, our web server automatically logs the IP address of visitors for security and operational purposes. This data is not used for tracking.

2.2. Information We Process for Our Service Customers

When providing our Services, we act as a Data Processor on behalf of our customers. The specific categories of "Customer Content" and "Account Information" we process are dependent on the Service being provided and will be explicitly defined in the signed Master Service Agreement (MSA) or Statement of Work (SOW) with each customer.

For example, for the Innray AI platform, this may include uploaded documents and user queries. For a custom development project, this may include source code, database schemas, or other project-related assets provided by the customer for the purpose of the engagement.

3. Legal Basis for Processing (GDPR)

3.1. For Website Visitors

• Responding to Inquiries (Art. 6(1)(b) GDPR): Processing your contact details when you request information about our services is a necessary step before entering into a potential contract.
• Legitimate Interest (Art. 6(1)(f) GDPR): We process server logs for the legitimate interest of maintaining the security and integrity of our Website.

3.2. For Service Customers

The legal bases for processing data within our Services include:

• Contract Performance (Art. 6(1)(b) GDPR): Processing documents to provide AI responses and maintaining core platform functionality.
• Legitimate Interest (Art. 6(1)(f) GDPR): System security monitoring, performance optimization, and fraud prevention.
• Legal Obligation (Art. 6(1)(c) GDPR): Maintaining audit logs for compliance and data breach reporting.

4. How We Process Your Information

The processing activities described below pertain to the delivery of our Services, such as the InnRay AI platform.

Core Service Delivery

• Index and process documents for AI-powered responses
• Generate responses to user queries using AI models
• Maintain sophisticated permission structures and access controls
• Provide detailed usage analytics and reporting dashboards

5. Data Security Measures

We implement robust, enterprise-grade security measures to protect all data, whether from our Website or our Services. These measures include encryption, strict access controls, and secure infrastructure practices.

6. Third-Party Integrations and Subprocessors

This section outlines the subprocessors used to deliver our InnRay AI platform. Our general marketing Website does not utilize these specific third-party services.

A complete, real-time list of all subprocessors for InnRayAi is available at: https://innray.com/innray-ai/subprocessors

7. Data Retention and Deletion

7.1. For Website Visitors

Data from contact form submissions is retained only as long as necessary to address the inquiry.

7.2. For Service Customers

Data processed for our Services is retained according to the following schedule:

• Customer Content (Documents, Queries): Retained for the subscription duration plus a maximum of 30 days post-termination for recovery purposes.
• Audit Logs & Legal Data: Retained as required by applicable regulations.

8. Data Ownership and Customer Rights

While all individuals have rights over their personal data, this section primarily details the rights and data ownership of customers using our Services.

Absolute Data Ownership

• Customers retain complete and exclusive ownership of all uploaded content.
• We act strictly as a data processor; the customer remains the data controller.
• We assert zero intellectual property claims on customer data under any circumstances.

9. International Data Transfers and Residency

This section applies specifically to data processed within our Services.

• EU Customers: We provide the option for EU-only data processing and storage.
• Cross-Border Transfers: Any transfers of data outside the EU are conducted only with explicit customer agreement and are protected by Standard Contractual Clauses (SCC) or other appropriate legal safeguards.

12. Cookies and Tracking Technologies

12.1. On Our Website (innray.com)

We believe in privacy. Our public marketing Website does not use any advertising or analytics cookies (e.g., Google Analytics). We only use cookies that are strictly necessary for the security and basic functionality of the site.

12.2. In Our Services Platform

Our InnRay AI platform uses essential cookies required for user authentication, security, and session management. These cookies are not used for tracking or advertising purposes.

15. Policy Changes and Updates

We reserve the right to modify this Privacy Policy at any time. We will notify customers of any material changes via email or platform announcements. Your continued use of our Website or Services after any such changes constitutes your acceptance of the new policy.

16. Contact Information