Privacy Policy
Last updated:
Oct 8, 2024
CuratedAI attaches great importance to the security and confidentiality of your personal data. This Privacy Policy (the “Policy”, the “Privacy Policy”) explains our practices in relation to the processing of personal data of individuals.
We collect and use your personal data when you use our website www.curatedai.eu (the “Site”) and/or use any of our services available on app.curatedai.eu, namely our document review tool and our research tool (the “Services”). We also collect and use your personal data whenever you choose to contact us via email, phone, or social media.
1. Who are we?
“We” in this privacy policy refers to CuratedAI B.V., a company incorporated under Belgian laws with registered address Groeneweg 17, 9320 Aalst, Belgium and company number 1 005.972.647.
We are the data controller responsible for the collection and use of your personal data in the manner explained in this privacy policy. If you have any questions about this, please contact us by e-mail at privacy@curatedai.eu.
In certain circumstances, third parties may (also) be responsible for the processing of your personal data. In that case, we recommend that you consult the privacy policies of these third parties.
2. What types of data do we process and of whom?
For the purposes of this Policy, the categories of individuals whose personal data is processed, as well as the types of personal data we process, can be classified as follows:
2.1. Website visitors - individuals who visit our Site. The types of personal data we process include:
Contact information - We collect personal data such as first and last name, email address and other contact and personal information when you use our contact form or sign up for our newsletter. We also collect such data when you register and get access to a demo or a free version of any of our Services.
Log files and analytics data - We collect information about the way you interact with and use our Site through log files and website analytics tools (using cookies). This information may include your IP address, referral and exit URLs, browser type, operating system, date/time of access, pages visited, the popularity of certain content, and clickstream data.
2.2. Customers - individuals who enter into an agreement with us for the provision of Services under any of our paid plans. The types of personal data we process include:
Customer account information - We process personal information such as first and last name, name of the legal entity (if applicable), address, phone number, email address, payment and billing information (i.e., credit card information, VAT number).
Other types of personal data: When you contact us via email, virtual meeting or phone, we may process any additional personal data provided to us in order to deal with your query.
2.3. Users - individuals who access and use our Services (either for free or under an agreement with a Customer). The types of personal data we process include:
Account information - If you create an account to use our Services, we will process your first and last name, email address and unique user ID.
Log files and analytics data - We collect information about the way you interact with and use our Services through log files and analytics tools (using cookies). This information may include statistical data about your interaction with our tool, such as the number of times you clicked accept/reject, downloaded reports, reviewed documents, asked questions in our chat, etc. It also includes technical information associated with the device you use, such as your IP address, browser type, geographical location and operating system.
Uploaded personal data - this includes any personal data that you upload or share while using our Services. This includes personal data contained in the documents you upload to our document review tool and/or in the prompts you send to our research tool.
Other types of personal data: When you provide us feedback or contact us via email, virtual meeting or phone, we may process any additional personal data provided to us in order to incorporate your feedback or provide you with an answer.
2.4. Other - individuals, other than the ones listed above, such as potential customers or partners, followers in our social media channels, etc. The types of personal data we process include:
Contact information - We may process information such as first and last name, name of the legal entity, job function, email address, social media username, etc.
Other types of personal data - We may process personal information you have made publicly available (e.g. in social media or on other webpages) or any other types of personal data provided to us in order to communicate with you.
3. What data sources do we use?
We mainly process personal data that is directly provided by you when you use our Site and/or Services or directly contact us by email. Apart from you, we may also collect information from publicly accessible sources (e.g. social media and other webpages, companies trade register, etc.).
4. Why do we process your data and on what basis?
The following purposes and legal basis are applicable to the processing of your personal data by CuratedAI:
We process personal data to provide, administer, maintain and secure the Services and fulfil our obligations under the applicable terms and agreements. The legal basis we rely on for this data processing is the performance of a contract.
We process personal data to maintain and secure our Site and Services, including detecting and preventing malware, illegal content, misuse, and other harmful behaviors. Additionally, we use your data to respond to queries, notify you about service-related matters, invite you to provide feedback or reviews, improve and develop our Services, and for statistical purposes. The legal basis for this data processing is our legitimate interest.
We process personal data to promote our brand and Services, including to send marketing communication, newsletters, and analyze user activity. The legal basis for such data processing is your consent. You can revoke your consent at any time by changing your cookie settings or via the unsubscribe link in every marketing email.
We process personal data to fulfill our legal obligations, such as compliance with court orders, orders/requests or other documents issued by competent authorities, applicable legislation, etc. In such cases, the legal basis is compliance with a legal obligation to which we are subject.
For other purposes outside the scope of the above-mentioned purposes, including using personal data to train and fine-tune our AI model, we will obtain your consent.
5. With whom do we share your personal data?
In principle, we do not share your personal data with anyone but the suppliers who help us process your personal data. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential.
We disclose entire or part of your personal data with the following third parties and always ensure that the appropriate safeguards for your privacy are undertaken:
Azure OpenAI Service - your prompts, generated content, and any uploaded documents are processed by Azure OpenAI in order to provide you with the Services. The Azure OpenAI Service is hosted and operated by Microsoft within the Azure environment, and it does not interact with any services operated by OpenAI, such as ChatGPT or the OpenAI API. To clarify, your data (both personal and non-personal):
Are NOT shared with other customers.
Are NOT accessible to OpenAI or used to improve OpenAI models.
Are NOT used to train, retrain, or improve foundation models used by Azure OpenAI Service.
Are NOT used to improve Microsoft or any third-party products or services without your explicit permission or instruction.
For more information, please see Data, privacy, and security for Azure OpenAI Service and the Microsoft Products and Services Data Protection Addendum, which governs data processing by the Azure OpenAI Service.
Stripe - We use Stripe to process payments. When you make a purchase, your payment information, including your card details, is securely processed by Stripe. We do not store your payment details on our servers. Stripe operates in compliance with the Payment Card Industry Data Security Standard (PCI DSS) and uses encryption and other safeguards to protect your information. For more details on Stripe’s data protection practices, please review Stripe’s Privacy Policy.
Analytics Providers (Posthog, Google Analytics) - To understand how users interact with our Site and Services, we use analytics tools such as Posthog and Google Analytics. These services help us track user behavior, gather usage data, and improve our offerings. The information collected includes data such as pages visited, session duration, and user interactions. This data is typically anonymized and does not directly identify you. For more information, please refer to the Google Privacy Policy and Posthog Privacy Policy.
Newsletters and Marketing - If you opt-in to receive newsletters or other marketing materials from us, we may share your email address and other necessary personal data with our third-party email marketing provider to deliver these communications. These providers are bound by data protection agreements that ensure your information is used solely for the purpose of delivering marketing materials and is not shared with unauthorized parties. You can opt out of marketing communications at any time by following the unsubscribe link in our emails or contacting us directly.
6. International Data Transfers
We use host and process your data in the European Economic Area (EEA) on servers based in Germany and France.
If a transfer of your personal data outside the EEA were to take place, we will use the appropriate transfer mechanisms to ensure that the transfer is in compliance with applicable data protection legislation. Such mechanism shall be transferring the personal data: (i) to a recipient in a country for which the European Commission has decided to provide adequate level of data protection; or (ii) to a recipient that has executed the Standard contractual clauses approved by the European Commission. You can request access to the applicable transfer documentation by contacting us at privacy@curatedai.eu.
7. Cookies
Our Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user behavior. Cookies are small files stored on your device that allow us to remember your preferences and provide a more personalized experience.
For detailed information on how we use cookies and how you can manage your preferences, please refer to our Cookie Policy.
8. Security Measures
We take the security of your personal data seriously and have implemented robust measures to ensure its protection. All data is stored and processed exclusively within the European Union, adhering to GDPR standards. Our infrastructure is hosted by AWS (Frankfurt) and Azure (France), both of which offer ISO 27001, SOC 1, 2, and 3 compliance, ensuring top-tier security for data storage and processing.
We utilize AES-256 encryption to protect your data at rest, and SSL/TLS protocols to secure all communications in transit. We also use multi-factor authentication (MFA) and round-the-clock monitoring to detect any potential threats. For particularly sensitive data, we offer double encryption with customer-managed keys on Azure, adding an extra layer of protection.
For enterprise clients, we provide dedicated and isolated environments, ensuring complete data segregation and preventing any unauthorized access between tenants.
For more information about our security measures, please refer to our Security page or contact us at founders@curatedai.eu.
9. How long do we keep your personal data?
Your personal data will be processed only for as long as necessary to achieve the purposes outlined in this policy or, if processing is based on your consent, until you withdraw that consent.
For data collected through our tool, such as uploaded documents, we automatically delete this information 48 hours after processing unless you request an extension. For paid services, your data is never used for model training and is securely deleted according to this retention policy. If you are using our free service, any data used for model training is fully anonymized before being retained for this purpose.
Personal data collected through other channels, such as our website, social media, or email communications, will be retained for as long as necessary to maintain our relationship with you, respond to inquiries, or for historical reference in case of future interactions. We will de-identify your personal data when it is no longer needed for these purposes, unless we are legally required to retain it for a longer period.
10. Your rights regarding your personal data
You have the following rights in relation to the processing of your personal data, which we are committed to respecting:
Right of Access: You have the right to request access to the personal data we hold about you. This includes obtaining confirmation as to whether or not your personal data is being processed, and if so, receiving a copy of the data in an understandable format along with information about how and why we are processing it.
Right to Rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion. We will promptly make the necessary changes to ensure your information is up-to-date.
Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, if you withdraw your consent, or if you object to the processing and we have no legitimate overriding interest to continue processing. You can also request erasure if your data is being processed unlawfully or if it must be erased to comply with a legal obligation.
Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You can also request that we transfer this data to another controller where technically feasible.
Right to Object: You have the right to object to the processing of your personal data at any time, especially in cases where the processing is based on our legitimate interests, including profiling. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your rights and interests or if the processing is necessary for legal claims.
Right to Restriction of Processing: You can request that we limit the processing of your personal data in specific situations, such as when you contest the accuracy of the data, if the processing is unlawful but you prefer restriction over deletion, or if you need the data to be preserved for legal claims despite us no longer needing it for processing purposes.
Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Once consent is withdrawn, we will stop processing your personal data for the purposes you initially agreed to, unless we have another legal basis for continuing the processing.
To exercise any of these rights, please contact us at privacy@curatedai.eu.
You also have the right to lodge a complaint with your local data protection authority if you believe we are not handling your data in accordance with the law. For Belgium, the competent authority is the Autorité de protection des données (APD) / Gegevensbeschermingsautoriteit (GBA). You can contact the Belgian DPA using the following details:
Address: Rue de la Presse 35, 1000 Brussels, Belgium
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
11. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Any updates or changes will be posted on our Site and, where appropriate, communicated to you via email to ensure you are informed about what personal data we collect, how it is processed, and under what conditions, if any, we may disclose it.
For any data processing-related questions and/or requests, please contact us at privacy@curatedai.eu.
