PRIVACY POLICY

Last updated: July 14, 2025

1. Overview

Segura Intelligence Group OÜ (“Segura,” “we,” “our,” or “us”) provides Brain‑as‑a‑Service—AI‑driven data analytics and consulting—principally to clients in North America, the EU/EEA, and the United Kingdom. We comply with the EU General Data Protection Regulation (GDPR), UK GDPR, the 2025 EU‑U.S. Data Privacy Framework (DPF), and the California Consumer Privacy Act (CCPA/CPRA). We do not sell personal data and do not knowingly process data from individuals under 18.

2. Who We Are

3. Scope

This Policy covers personal data when you:

• visit agnosticai.xyz or sub‑domains,
• interact via forms, email, chat, or marketing,
• use or purchase our Brain‑as‑a‑Service offerings.

It does not apply to third‑party sites or services that link to us; review their policies separately.

4. What Data We Collect

*Retention may be extended when required by law.

5. Why & How We Use Data

6. Legal Bases for Processing

• Consent – non‑essential cookies, newsletters.
• Contract – to provide services/trials.
• Legitimate Interest – B2B marketing, platform security.
• Legal Obligation – accounting, regulatory requests.

7. Cookies & Similar Tech

We use first‑ and third‑party cookies for functionality, analytics, and advertising. EU/UK/California visitors see a banner to accept, reject, or customise non‑essential cookies. Details live in our Cookie Policy.

8. Do‑Not‑Track & Global Privacy Control

We honour browser‑based Global Privacy Control (GPC) and California Do‑Not‑Sell / Do‑Not‑Share signals by disabling non‑essential tracking and blocking cross‑context behavioural advertising.

9. Automated Decision‑Making & Profiling

Our predictive AI models are run only under client instruction and never produce decisions with legal or similarly significant effects on individuals without human review. You may object to profiling (see Section 14).

10. Sharing & International Transfers

For UK transfers we append the UK International Data Transfer Addendum (IDTA) to the SCCs.

11. Data Retention

• Contract & accounting records: 7 years.
• Marketing lists: until you opt out.
• Google Analytics data: 24–26 months (max).

12. Security Measures

• Encryption: TLS 1.3 in transit; AES‑256 at rest.
• Hosting: SiteGround ISO 27001‑certified DC (Frankfurt).
• Access: zero‑trust IAM, hardware keys for admins.
• Monitoring: 24/7 logs, WAF, documented breach plan (GDPR Arts 33‑34, CCPA §1798.82).

No method is 100 % secure, but we follow industry best practices and continuously improve.

13. Your Rights

14. Exercising Your Rights

Email eureka@agnosticai.xyz with the subject “Privacy Request – [Right]”.

• Acknowledgement: within 72 hours.
• Resolution: within 30 days (45 days for CCPA, extendable once).

15. Limitation of Liability & Disclaimer

The website and services are provided “as‑is” and “as‑available.” To the extent permitted by law, Segura disclaims all warranties and is not liable for indirect, incidental, consequential, or punitive damages arising from or related to this Policy or our processing activities. Nothing here excludes liability that cannot be limited under applicable law.

16. Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. Posting the revised Policy on our site constitutes notice. Material changes will be flagged via banner or email at least 14 days before taking effect. Check the “Last updated” date above for the current version.

17. Dispute Resolution & Governing Law

• Governing law & venue: Estonian law; disputes subject to Harju County Court (Tallinn).
• Informal resolution: Contact us first; we aim to resolve within 30 days.
• Supervisory authorities: EEA – Estonian Data Protection Inspectorate; UK – ICO; US/California – CPPA; DPF arbitration through BBB National Programs for cross‑border transfers.

18. Contact Us

Segura Intelligence Group OÜ
Committed to privacy, security & responsible data analytics.