SELF Privacy Policy & Data Handling

Our Commitment to Your Privacy

At SerenixAI, we believe that privacy is fundamental to trust. We collect and handle only the minimum data necessary to provide our service, and we do so with complete transparency. This document explains exactly what data we collect, how we use it, and your rights regarding your information.

Data Collection Principles

Minimal Data Collection

We follow a "collect only what you need" philosophy:

• No tracking or analytics beyond basic service functionality
• No third-party data sharing for advertising or marketing
• No data retention beyond what's required for service provision
• No data monetization - your data is never sold or traded

Explicit Consent

• All data collection requires your explicit, informed consent
• You can withdraw consent at any time
• Data collection purposes are clearly explained before collection
• Consent is specific to each type of data and use

What Data We Collect

Account Data

Purpose: To provide and secure your account Data Collected:

• Email address (for authentication and communication)
• Account creation timestamp
• Basic usage statistics (for service improvement)

Retention: Until account deletion or 3 years of inactivity

Conversation Data

Purpose: To provide AI conversation services and ensure safety Data Collected:

• Your conversation messages (temporarily processed)
• Safety metadata (anonymized patterns for safety improvement)
• Session identifiers (for technical support)

Retention: Conversations are not stored permanently. Processing is temporary and data is immediately discarded after response generation.

Technical Data

Purpose: To ensure service reliability and security Data Collected:

• IP addresses (anonymized for security monitoring)
• Device/browser information (for compatibility)
• Error logs (anonymized for service improvement)

Retention: 90 days maximum, then automatically deleted

How We Use Your Data

Service Provision

• Authentication: Verify your identity for secure access
• Personalization: Remember your preferences and settings
• Safety: Monitor for harmful patterns and intervene when necessary

Service Improvement

• Anonymized Analytics: Understand usage patterns to improve service
• Safety Research: Study interaction patterns to enhance safety mechanisms
• Technical Support: Troubleshoot issues when you request help

Legal Compliance

• Regulatory Requirements: Comply with applicable privacy laws
• Safety Obligations: Maintain records required for safety governance
• Legal Protection: Respond to valid legal requests with minimal data disclosure

Data Security Measures

Encryption

• In Transit: All data encrypted using TLS 1.3
• At Rest: Sensitive data encrypted using AES-256
• End-to-End: Conversation data encrypted before transmission

Access Controls

• Principle of Least Privilege: Team members access only necessary data
• Multi-Factor Authentication: Required for all administrative access
• Audit Logging: All data access is logged and monitored

Infrastructure Security

• SOC 2 Compliant Hosting: Secure, audited infrastructure
• Regular Security Audits: Independent security assessments
• Incident Response: 24/7 monitoring and rapid response capabilities

Data Sharing and Disclosure

We Do Not Share Your Data With:

• Advertising networks
• Marketing companies
• Data brokers
• Social media platforms
• Any third party for commercial purposes

We May Share Data Only When:

• Required by Law: Valid legal requests with proper documentation
• Safety Critical: Immediate threat to user safety requiring intervention
• Service Providers: Essential third-party services (hosting, payment processing) under strict contracts
• Your Consent: When you explicitly authorize sharing

International Data Transfers

• Data is primarily stored in Canada
• Cross-border transfers use appropriate safeguards
• Transfers comply with Canadian privacy laws and international standards

Your Rights and Controls

Access Rights

• View Your Data: Request a copy of all data we hold about you
• Data Portability: Export your data in a machine-readable format
• Correction: Request correction of inaccurate or incomplete data

Control Rights

• Deletion: Request complete deletion of your account and all associated data
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing
• Withdrawal: Withdraw consent for data processing at any time

Communication Preferences

• Marketing Opt-Out: We don't send marketing, but you can control all communications
• Notification Settings: Choose what notifications you receive
• Contact Preferences: Control how we contact you

Data Retention and Deletion

Retention Periods

• Active Accounts: Data retained as long as account is active
• Inactive Accounts: 3 years of inactivity before deletion
• Legal Holds: Extended retention only when legally required
• Backup Retention: Encrypted backups retained for 90 days

Account Deletion Process

1. Request Deletion: Submit deletion request through account settings
2. Confirmation: Verify your identity and intent
3. Processing: Data deletion completed within 30 days
4. Confirmation: Receive confirmation of complete deletion

Cookies and Tracking

Essential Cookies Only

• Session Management: Required for secure login
• Security: Prevent unauthorized access
• Preferences: Remember your settings (no tracking)

No Third-Party Tracking

• No Analytics Cookies: We don't track your behavior
• No Advertising Cookies: We don't serve targeted ads
• No Social Media Pixels: We don't share data with social platforms

Children's Privacy

Age Restrictions

• Minimum Age: 13 years old with parental or guardian consent
• Parental Consent: Required for users under 18 years old
• Adult Supervision: Users under 18 require adult supervision
• Content Filtering: Additional safeguards for sensitive topics

Safety Considerations

• Harm Prevention: Special attention to user safety and well-being
• Parental Controls: Enhanced privacy controls for younger users
• Reporting Mechanisms: Clear channels for safety concerns
• Support Access: Access to human support when needed

Changes to This Policy

Notification

• Material Changes: We will notify you of significant policy changes
• Review Period: 30 days to review changes before they take effect
• Opt-Out Rights: Right to delete account if you disagree with changes

Version History

• Current Version: 1.0 (December 21, 2025)
• Previous Versions: Archived for transparency
• Change Log: All changes documented and explained

Contact Us

Privacy Questions

• Email: privacy@SerenixAI.com
• Response Time: Within 48 hours
• Dedicated Team: Privacy specialists handle all inquiries

Data Requests

• Portal: Secure data request portal in your account settings
• Verification: Identity verification required for security
• Timeline: Requests fulfilled within 30 days

Emergency Contact

• Safety Concerns: safety@SerenixAI.com (24/7 response)
• Security Issues: security@SerenixAI.com (immediate response)

This privacy policy reflects our commitment to transparency, security, and user rights. We believe privacy is not just a legal requirement—it's essential to building trust in AI systems.

Last Updated: December 21, 2025