Privacy Policy

About This Policy

Your privacy is important to us.  This Privacy Policy describes how Dioptra, Inc. ("Dioptra," "we," or "us") collects, uses, and protects your personal information when you use our website, applications, add-ins or plug-ins, and other services provided by us or when you otherwise interact with us (collectively, the "Services"). “Personal information” as used in this Policy means information that identifies you or can be used to contact you, such as your name, email address, or usage patterns. It doesn't include anonymous data where your identity has been removed.

Important Notes:

• Our Services are designed for businesses, not personal or household use
• We don't knowingly collect information from individuals under 16
• We act as the data controller for all personal information under this Policy
• This Policy covers information we collect directly, not data you process through our Services as a customer
• This Policy is about the rights of individuals, when we refer to “you” in this Policy, we refer to you in your capacity as a natural person, as opposed to the company by which you are employed.

1. Information We Collect

2. How We Use Your Personal Information

We will only use your Personal Information for the purposes as described in this Policy.

• To provide the Services. We use information about you to provide you with access to the Services, including to create and manage your account, bill you, send you data from the Services, and allow interoperability.
• To optimize your experience and improve the Services. We use the information we collect to enable you to enjoy and easily navigate our Services, to personalize your experience, and to improve the Services, including to monitor and analyze trends, usage, and other activities in connection with the Services so that we can continually improve them or create new ones. We may also link or combine information about you with information we get from others to help understand your needs and provide you with new and better Services.
• To communicate with you.  We use information about you to communicate with you, including to send you technical notices, product updates, security alerts, support communications, and administrative messages about the Services (including important changes to the Services). This also includes sending you information about your account and data.
• For security. We may use information about you to maintain and increase the security of the Services, including to detect, investigate, and prevent fraud and other illegal activities from occurring, as well as to protect the rights and property of Dioptra, our customers, and third parties.
• To market and promote the Dioptra Services. We use information about you to send you promotional messages and to show you advertisements. This may also include using information about you to create more personalized advertising and suggest Services that may be of interest to you. We may also use information about you to facilitate contests, sweepstakes, and promotions, and to process and deliver your entries and rewards.
• To comply with legal obligations. We may use information about you to comply with our legal requirements. For example, we may process and retain information about your payments to us for tax and accounting purposes.
• With your consent. Finally, we use information about you for any other purposes that you have consented to. For example, if you agree to do a case study, we might post information about you on one of our public websites.

3. Protection Of Your Personal Information

The security of your personal information is incredibly important to us. We have implemented and we continually maintain a variety of technical and organizational measures to protect your personal information from unauthorized access and against unlawful processing, accidental loss, destruction, and damage. Though no service is impenetrable, we are SOC2 compliant, and our service is built on top of services that maintain ISO 27001 and SOC2 certifications, and have years of experience managing and securing large-scale operations.

4. When We May Disclose Personal Information

We do NOT sell, transfer, or otherwise share your Personal Information with third parties or any data that you store using our services to any third party except as outlined in this privacy policy.

• Third-party service providers. We use third-party service providers who work on our behalf, including to provide hosting services, authentication services, cybersecurity, anti-fraud services, advertising, and other services which may require us to share your personal information, in which case we may provide access to your Personal Information only for purposes of performing their contracted obligations. These data processors will process your information on our behalf and only on our instructions and for the purposes set out in this privacy policy.
• Billing. We use Stripe to receive and process payments in relation to the use of our Services. Stripe acts as an independent controller of the personal information received when it provides these services. More information about how Stripe processes personal information is available here: https://stripe.com/privacy.
• Partners. We may link to or offer third-party products or services. If you choose to use any such third-party services, we may facilitate sharing of your information and documents you choose to use with those services. Your use of those services is not governed by our Terms of Service or this Policy. We do not control the services of those third parties or how they use your information and documents. Be sure to review the terms and conditions and privacy policies of those third parties before using their services.
• Legal disclosures. In rare cases, we may share information about you in response to a request for information if we believe disclosure is permitted or required by an applicable law, regulation, or legal process, including to comply with a subpoena or applicable court order. We may also release your Personal Information when we believe release is appropriate to otherwise comply with the law, enforce our site policies, or protect ours or others rights, property or safety.
• Business transfers. We may sell, transfer or otherwise share your Personal Information in connection with a corporate transaction such as a merger, acquisition, reorganization or sale of assets or financing, or acquisition of all or a portion of or business by another company.
• Aggregated Information. We reserve the right to compile and share aggregated information about our users, transactions completed using our Service, sales, and traffic, though we will not share this information in a manner that permits the identification of a specific user.

5. Retention

We only keep your Personal Information for as long as necessary to fulfill the purposes we collected it for, after which it will be deleted or archived unless we are required to keep it to comply with our legal obligations or for another legitimate and lawful purpose. To determine the appropriate retention period for personal information, we consider several factors, including the terms of our agreements with you, our legitimate interests (as outlined in this Policy), our legal obligations, and the amount and nature of your Personal Information. Different retention periods apply for different types of personal information.

When it is no longer necessary to retain your Personal Information, we will securely destroy it in accordance with applicable laws and regulations. In some circumstances we will anonymize Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. Reviewing Or Changing Personal Information

You can review or request changes to your Personal Information by contacting us at security@diopta.ai

7. Choice/Opt-Out

We will typically send you messages that relate to transactions you conduct on our website or that have important alerts and notices about your account or our Services. You cannot opt out of these communications.

Additionally, we may send you promotional information regarding our Services. You can opt out of receiving promotional emails by following the opt-out instructions provided in those emails or by contacting us at security@diopta.ai with your specific request.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

You can configure your software so it does not accept cookies, though you may not be able to access certain portions or features of our Services.

8. U.S. State-Specific Privacy Notice

This section provides additional details about the Personal Information we collect about individuals and the rights afforded to them under various applicable U.S. state data-protection and privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act or “CPRA” (collectively, the “CCPA”). Subject to applicable law, you have the following rights with respect to your personal information:

• Right to know: You have the right to request that we disclose what personal information we collect, use, disclose, share, and sell about you, including the categories of personal information, the sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions under applicable law.
• Right to correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to opt-out: You have the right to opt-out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
• Right to limit sensitive Personal Information: Our Services are not intended for the collection of sensitive Personal Information.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your privacy rights under applicable state law.
• Right to information About third parties: You have the right to request information about the categories of third parties to whom we have disclosed your personal information.
• Right to portable data: You have the right to receive your personal information in a portable and readily usable format that allows you to transmit the data to another entity.

Exercising Your Rights. To exercise any of these rights, please contact us at security@diopta.ai. To protect your privacy and security, we will verify your identity before fulfilling your requests within the timeframes required by applicable law. The verification process may require you to provide additional information depending on the nature of your request and the sensitivity of the information involved. You may designate an authorized agent to make requests on your behalf. We may require written authorization from you and verification of both your and the agent's identity before processing requests submitted by authorized agents.

Categories of Personal Information Collected Under CCPA:

• Identifiers - Name, email, IP address, online identifiers
• Personal Records - Contact info, financial information
• Commercial Information - Purchase history, service records
• Internet Activity - Website usage, interactions with our services
• Geolocation Data - Device location information
• Audio/Visual - Call recordings, photos you provide
• Inferences - Profiles derived from your information
• Account Credentials - Login information with required access codes

Sale and Sharing of Personal Information: Dioptra does not sell your personal information as defined by the California Consumer Privacy Act (CCPA). We do not share your personal information for cross-context behavioral advertising purposes. While we may share your personal information with third-party service providers as described in this Policy, such sharing is limited to service providers who process your information on our behalf and solely for the purposes of providing services to us. This does not constitute a "sale" or "sharing" under the CCPA.

12-Month Disclosure: In the preceding 12 months, we have not sold or shared personal information for monetary or other valuable consideration, nor have we shared personal information for cross-context behavioral advertising purposes.

9. Supplemental Notice for the EEA, UK, and Switzerland

This section provides additional details about the Personal Information we process subject to the General Data Protection Regulation (GDPR) and UK GDPR.

Controller: Dioptra, Inc. is the data controller of your Personal Information processed under this Policy.

Your Rights: Subject to applicable law, you have the following rights with respect to your Personal Information:

• Right of access - You have the right to access your personal information that we hold and receive it in a portable format.
• Right to rectification - You have the right to request that we correct inaccurate personal information.
• Right to erasure - You have the right to request deletion of your personal information.
• Right to restrict processing - You have the right to request that we restrict processing of your personal information.
• Right to object - You have the right to object to processing of your personal information, particularly for direct marketing purposes.
• Right to data portability - You have the right to receive your personal information in a structured, commonly used format.
• Right to withdraw consent - Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise your rights, please contact us at security@diopta.ai. We may ask you to provide additional information to confirm your identity.

Legal Bases for Processing: We process your personal information based on the following legal grounds:

• Contract performance - To provide our Services and fulfill our contractual obligations to you
• Legal compliance - To comply with applicable laws and regulations
• Legitimate interests - For our business operations, security, and service improvement, where not overridden by your rights
• Consent - Where you have provided specific consent for certain processing activities

International Data Transfers: Your personal information may be transferred to, stored, or processed in countries outside the EEA, UK, or Switzerland, including the United States. We ensure such transfers comply with applicable data protection laws through appropriate safeguards, including:

• European Commission adequacy decisions for countries with adequate protection
• Standard Contractual Clauses approved by the European Commission
• Other legally recognized transfer mechanisms

Complaints: You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred. Contact information for EEA data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en, and for the UK Information Commissioner's Office at https://ico.org.uk/global/contact-us/.

10. Changes to our Privacy Policy

If we change our privacy policy, we will post those changes on this page and update the "Last Updated" date above. Any changes will become effective when we post the revised Privacy Policy on this page.

11. Terms and Conditions

Please also visit the Dioptra Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of our Services.

Questions?

Please contact us at security@diopta.ai.