2.1 Account Information

• Registration Data: Name, email address, company information, and billing details

• Authentication Data: Login credentials, security settings, and access logs

• Profile Information: User preferences, team roles, and account settings

2.2 Content You Upload

• Documents: Files you upload to create indexes (PDFs, Word docs, presentations, etc.)

• Queries: Questions and prompts you submit to the AI models

• Conversations: Chat history and AI-generated responses

• Custom Data: Semantic maps, glossaries, and custom terminology you define

2.3 Usage and Technical Information

• Platform Activity: How you interact with features, frequency of use, and session duration

• Technical Data: IP addresses, browser type, device information, and operating system

• Performance Data: Response times, error logs (without sensitive content), and system metrics

2.4 Communications

• Support Interactions: Messages, tickets, and feedback you send us

• Marketing Communications: Email engagement data (opens, clicks) if you opt in

• Email-to-Index Content: Documents sent via our email-to-index feature

3. How We Use Your Information
3.1 Core Service Delivery

• Document Processing: Vectorizing and indexing your uploaded documents

• AI Interactions: Facilitating secure communication with third-party AI models

• Search and Retrieval: Enabling precise document-based responses to your queries

• Collaboration: Supporting team features and shared workspaces

3.2 Platform Operations

• Account Management: Maintaining your account, processing payments, and providing support

• Security: Protecting against unauthorized access, fraud, and abuse

• Performance Optimization: Improving platform reliability and response times

• Compliance: Meeting legal and regulatory requirements

3.3 Communications (With Your Consent)

• Service Updates: Notifying you of important changes, maintenance, or new features

• Marketing: Sending promotional content about our services (opt-out available)

• Support: Responding to your inquiries and providing assistance

4. Our Zero Data Retention (ZDR) Commitment
4.1 What ZDR Means

• No AI Training: Your content is never used to train, improve, or develop any AI models

• Transient Processing: When using third-party AI models, your data is processed temporarily and immediately deleted from their systems

• Complete Data Isolation: Your documents and conversations are stored separately from other users’ data

• User Control: You maintain full ownership and control over all your content

4.2 Third-Party AI Model Interactions

• Secure Transmission: We encrypt all data sent to external AI providers (Claude, ChatGPT, Gemini)

• No Persistence: Third-party models process your queries without storing them

• Privacy Compliance: We select providers committed to privacy and data protection

• Contractual Protection: Our agreements with AI providers include strict data handling requirements

5. How We Protect Your Information
5.1 Technical Safeguards

• Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3

• Secure Infrastructure: SOC 2 compliant hosting with enterprise-grade security controls

• Access Controls: Role-based permissions and multi-factor authentication

• Network Security: Firewall protection, intrusion detection, and secure communications

5.2 Organizational Safeguards

• Limited Access: Only authorized personnel can access user data, and only when necessary

• Data Minimization: We collect and retain only the information needed to provide our services

• Regular Audits: Ongoing security assessments and compliance monitoring

• Incident Response: Established procedures for detecting and responding to security events

5.3 Compliance Frameworks
We adhere to industry-leading security and privacy standards:

• SOC 2 Type II: Annual third-party audits of our security controls

• GDPR: Full compliance with European data protection regulations

• CCPA: California Consumer Privacy Act compliance

• HIPAA: Available for customers requiring healthcare data protection

• GLBA: Financial data protection compliance when applicable

6. Data Sharing and Disclosure
6.1 We Do Not Sell Your Data
AskTuring does not sell, rent, or trade your personal information or content to third parties for monetary consideration.
6.2 Limited Sharing Circumstances
We may share your information only in these specific situations:

• Service Providers: Trusted vendors who help us operate our platform (hosting, payment processing, customer support) under strict confidentiality agreements

• Legal Requirements: When required by law, court order, or government request

• Safety and Security: To protect rights, property, or safety of AskTuring, our users, or the public

• Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection commitments)

• With Your Consent: When you explicitly authorize us to share information

6.3 Team Collaboration
When you invite team members to your workspace, they gain access to shared indexes and conversations according to the permissions you set.

7. Your Privacy Rights and Choices
7.1 Access and Control

• View Your Data: Access all personal information we have about you

• Update Information: Modify your account details and preferences at any time

• Download Content: Export your documents, conversations, and data

• Delete Content: Remove specific documents, conversations, or your entire account

7.2 Communication Preferences

• Marketing Opt-Out: Unsubscribe from promotional emails at any time

• Notification Settings: Control which service-related communications you receive

• Email-to-Index Control: Enable or disable email document uploads per index

7.3 Regional Privacy Rights
For European Union Residents (GDPR):

• Right to access, rectify, erase, restrict processing, and data portability

• Right to object to processing and withdraw consent

• Right to file complaints with supervisory authorities

For California Residents (CCPA):

• Right to know what personal information is collected and how it’s used

• Right to delete personal information

• Right to opt out of sale (though we don’t sell data)

• Right to non-discrimination for exercising privacy rights

For Other Jurisdictions: We respect privacy rights as required by applicable local laws.

8. Data Retention and Deletion
8.1 Retention Periods

• Account Data: Retained while your account is active and for 90 days after closure

• Content: Your documents and conversations are kept until you delete them or close your account

• Usage Logs: Technical logs are retained for 12 months for security and performance analysis

• Support Communications: Kept for 3 years to provide ongoing support

8.2 Automatic Deletion

• Inactive Accounts: Free accounts inactive for 12 months may be deleted with prior notice

• Temporary Data: Session data and API logs are automatically purged according to our ZDR policy

• Third-Party Processing: Data sent to AI models is immediately deleted after processing

8.3 Custom Retention Requirements
Enterprise customers may have specific retention requirements outlined in their service agreements, which take precedence over these general terms.

9. International Data Transfers
AskTuring operates globally and may transfer your information to countries outside your residence. We ensure adequate protection through:

• Adequacy Decisions: Transferring to countries with adequate privacy protection

• Standard Contractual Clauses: Using EU-approved data transfer mechanisms

• Certification Programs: Participating in recognized privacy frameworks

10. Children’s Privacy
Our Service is not intended for children under 16. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately and terminate the account.

11. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will:

• Notify Users: Email active users about material changes

• Post Updates: Display the new policy on our website with the effective date

• Maintain Archives: Keep previous versions available for reference

• Grace Period: Provide 30 days’ notice before material changes take effect

12. Contact Us and Exercise Your Rights
12.1 Privacy Officer Contact
For privacy-related questions, requests, or concerns:
Email: privacy@askturing.ai
Subject Line: Privacy Request – [Your Name] 12.2 Support Contact
For general support and account assistance:
Email: support@askturing.ai
Response Time: Within 24 hours for privacy requests
12.3 Mailing Address
AskTuring, Inc.
Attn: Privacy Officer
2223 Avenida de la Playa, Suite 206
La Jolla, CA 92037
United States
12.4 Request Processing

• Identity Verification: We may request verification before processing privacy requests

• Response Time: Most requests fulfilled within 30 days

• No Cost: Privacy requests are processed free of charge

13. Additional Resources
13.1 Regulatory Information

• California Privacy Rights: https://oag.ca.gov/privacy

• U.S. Federal Trade Commission: https://www.ftc.gov/tips-advice/business-center/privacy-and-security

• European Data Protection Board: https://edpb.europa.eu/edpb_en

13.2 Security Certifications
Current security attestations and certifications are available upon request to enterprise customers.