Your Privacy Matters

We're committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information.

Last Updated: Aug 17, 2025

1. Scope

This Privacy Policy explains how we collect, use, share, and safeguard information when you or your organization ("Customer") uses Foreclose AI Platform, our websites, dashboards, and APIs.

2. Definitions

Customer Data: Data you or your users submit to the Service (e.g., account details, content, logs). We process Customer Data on behalf of Customer.

Personal Data / Personal Information: Information that identifies or can reasonably identify an individual.

Usage Data: Telemetry, device/browser metadata, performance metrics, and configuration data generated by use of the Service.

3. What We Collect

Account & Billing: name, business email, role, organization; payment info is handled by Cashfree (we do not store card data).

Auth: Supabase authentication (we do not store passwords directly). We may receive SSO/IdP attributes if you enable SSO.

Product Use & Gateway Logs: pseudonymous identifiers, IP address, device/browser metadata, API routes, status codes, timings, error traces, and configuration data generated by use of the Service. By default we do not ingest prompt/content bodies; Customers may optionally configure metadata-only collection.

Customer Data Content: not required by the Service; if you choose to send any content, it will be processed only to provide the Service.

Cookies & Similar Tech: essential cookies for auth/session; optional GA4 analytics subject to consent and honoring Global Privacy Control (GPC). Details in our Cookie Notice.

4. How We Use Data

• Provide and operate the Service; authenticate users; secure the Service; process payments; deliver support.

• Improve and develop features; analyze adoption and performance; prevent abuse and fraud.

• Communicate service updates, security alerts, and administrative messages.

AI/Model Training (if applicable): We do not use Customer Data to train models by default. If we ever offer opt-in model improvement, we will (a) clearly present controls, (b) exclude sensitive categories, and (c) apply data minimization.

5. Legal Bases (GDPR/UK GDPR if applicable)

Our processing relies on one or more of: contract performance, legitimate interests (e.g., security, product improvement), legal obligation, and consent (for optional analytics/marketing).

6. Your Choices & Rights

Subject to law, you may request access, correction, deletion, portability, or restriction of your Personal Data; object to certain processing; or withdraw consent. Contact: founder@laikatest.com.

7. Data Retention

Gateway/telemetry logs: retained for 30 days, then deleted or aggregated.

Account data: kept while your account is active and as required for legal, accounting, or security purposes.

Backups: retained for a limited time and then overwritten during regular cycles.

Where features allow, Customer can configure retention for Customer Data.

8. Sharing & Disclosures

Service Providers/Subprocessors: infrastructure, analytics, email, support, payments. Current list: /subprocessors.

Legal/Compliance: to comply with law, respond to lawful requests, enforce terms, or protect rights/safety.

Business Transfers: in a merger, acquisition, or asset sale, with notice and maintained protections.

9. International Transfers

We host primarily in AWS ap-south-1 (Mumbai). We may transfer Personal Data to other countries where we or our subprocessors operate. When required, we use approved mechanisms (e.g., Standard Contractual Clauses and the UK Addendum) plus supplementary measures. We do not presently target EU/UK users; if this changes, we will update this Policy.

10. Security

We maintain administrative, technical, and physical safeguards proportionate to risk, including encryption in transit (TLS 1.2+) and at rest (AES‑256 with AWS KMS), access controls, logging/monitoring (e.g., CloudWatch), vulnerability management on a rolling roadmap, and employee confidentiality commitments. Customers are responsible for secure configuration of their accounts and integrations.

11. Children

The Service is not directed to children under 18 (as defined by India's DPDP). We do not knowingly collect such data.

12. Data Breach

We will notify Customer without undue delay of a confirmed Personal Data breach affecting Customer Data, including scope, impact, and remedial actions, consistent with contractual and legal obligations.

13. Region-Specific Disclosures

India (DPDP Act, 2023): We act as a Data Processor for Customer Data and as a Data Fiduciary for website/marketing data. Grievance Officer: founder@laikatest.com. Individuals can exercise their rights (access, correction, deletion, grievance redressal) by emailing founder@laikatest.com. If unresolved, they may escalate per the DPDP framework.

United States (California): We do not sell or share Personal Information as defined by the CPRA. We honor opt-out signals where required (including GPC) and provide rights to access, delete, and correct where applicable.

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via email or in-product. Continued use after Effective Date constitutes acceptance.

Questions About Privacy?

If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us.