PRIVACY POLICY

Last Updated: 01 Aug 2025

Company information, standard definitions, regulatory compliance framework, and document integration: See Shared Legal Definitions and Legal Framework Integration

1. INTRODUCTION

1.1 Scope and Purpose

This Privacy Policy ("Policy") describes how Innovatica Technologies FZ-LLC collects, uses, processes, shares, retains, and protects personal data and non-personal information when you access or use our Brilio platform. This Policy has been designed to achieve global legal defensibility across all jurisdictions where we operate.

1.2 Service Coverage

This Policy applies to all users of the Brilio platform, including individuals who create an account, create or use AI agents, or otherwise interact with our Services. It covers information collected through: - The Brilio website (brilio.ai) - The Brilio platform and all associated services - Communications between you and Innovatica regarding the Service - Any mobile applications or API integrations we may offer - Third-party integrations and connected services

1.3 User Acknowledgment

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein, subject to your rights under applicable law.

2. DATA CONTROLLER AND PROCESSOR ROLES

2.1 Data Controller Responsibilities

Innovatica Technologies FZ-LLC is the data controller for personal information processed in connection with our Services. For users who create and deploy AI agents on our platform, Innovatica acts as a data processor with respect to information processed by those agents on behalf of the agent creator, who acts as the data controller for such processing activities.

2.2 Contact Information

Data Controller Contact Information: - Company: Innovatica Technologies FZ-LLC - Address: VUNE0632, Compass Building - Al Hulaila, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates - Email: privacy@innovatica.ai

Data Protection Officer: - Email: dpo@innovatica.ai - Responsible for: Privacy compliance, data subject requests, and regulatory correspondence

3. CATEGORIES OF DATA WE COLLECT

3.1 Account Information

• Email address
• Full name
• Password (stored in hashed format)
• Billing information and payment details (processed through our payment provider)
• Account preferences and settings
• Profile information you choose to provide

3.2 Usage Data

• Log data (IP address, browser type, referring/exit pages, operating system)
• Device information (device type, operating system, unique device identifiers)
• Usage metrics (features used, interactions with agents, session duration)
• Location data (region and country, derived from IP address)
• Telemetry data for platform performance monitoring
• Subscription information and credit usage

3.3 Agent-Related Data

• Content provided to create and train agents
• Names, descriptions, and configuration of agents
• Knowledge bases and data sources connected to agents
• Agent interactions and usage statistics
• Content generated by agents

3.4 Communications Data

• Customer support inquiries and related communications
• Responses to surveys or feedback requests
• Marketing preferences and interactions with marketing communications

3.5 Platform-Generated Data

• Automatically generated IDs and technical identifiers
• Timestamps and audit logs
• Technical error reports and debugging information
• Performance metrics and analytics

4. HOW WE USE YOUR DATA

4.1 Service Provision

• Creating and managing your account
• Providing platform features and functionality
• Processing payments and managing subscriptions
• Delivering customer support

4.2 Platform Operation

• Monitoring platform performance and security
• Detecting and preventing fraud, abuse, and security threats
• Troubleshooting technical issues
• Maintaining data integrity and backup systems

4.3 Improvement and Development

• Analyzing usage patterns to improve platform features
• Developing new products and services
• Conducting research and development
• Training and improving AI models (with appropriate safeguards)

4.4 Legal and Compliance

• Complying with legal obligations and regulatory requirements
• Protecting our rights and interests
• Responding to law enforcement requests
• Enforcing our terms of service

4.5 Communication

• Sending service-related communications
• Providing customer support
• Delivering marketing communications (with proper consent)
• Notifying you of policy changes or security issues

5. LEGAL BASIS FOR PROCESSING

5.1 Contractual Necessity

We process personal data as necessary to perform our contract with you, including account management, service delivery, and payment processing.

5.2 Legitimate Interests

We process data based on legitimate interests including platform security, fraud prevention, service improvement, and business operations.

5.3 Legal Obligations

We process data to comply with applicable laws, regulations, and legal proceedings.

5.4 Consent

For certain processing activities, we rely on your explicit consent, which you may withdraw at any time.

6. DATA SHARING AND DISCLOSURE

6.1 Service Providers

We share data with trusted third-party service providers who help us operate the platform, including: - Cloud hosting providers (Microsoft Azure) - Payment processors (Stripe) - AI model providers (OpenAI, Anthropic) - Analytics and monitoring services - Customer support tools

6.2 Business Transfers

In connection with any merger, acquisition, or sale of assets, user data may be transferred as part of the transaction.

6.3 Legal Requirements

We may disclose data when required by law, regulation, legal process, or governmental request.

6.4 Protection of Rights

We may disclose data to protect our rights, property, safety, or that of our users or others.

6.5 With Your Consent

We may share data for other purposes with your explicit consent.

7. DATA RETENTION AND DELETION

7.1 Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

7.2 Account Data Retention

• Active accounts: Data retained while account is active
• Deleted accounts: 90-day soft delete period, then permanent deletion
• Billing data: Retained for tax and regulatory compliance (typically 7 years)
• Support communications: Retained for 3 years for service improvement

7.3 Usage and Analytics Data

• Raw usage logs: 2 years
• Aggregated analytics: 5 years (anonymized)
• Security logs: 1 year (unless incident-related)

7.4 Agent and Content Data

• Agent configurations: Retained until account deletion
• User-uploaded content: Retained according to user preferences
• AI-generated content: Subject to user control and deletion requests

7.5 User-Requested Deletion

Users may request data deletion through account settings or by contacting our Data Protection Officer. We will process deletion requests within 30 days, subject to legal retention requirements.

8. DATA SECURITY

8.1 Technical Safeguards

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication for administrative access
• Regular security assessments and penetration testing
• Automated threat detection and response systems

8.2 Organizational Measures

• Employee training on data protection and privacy
• Access controls and need-to-know principles
• Regular security policy reviews and updates
• Incident response and breach notification procedures

8.3 Third-Party Security

All service providers are required to maintain appropriate security measures and undergo regular security assessments.

9. INTERNATIONAL DATA TRANSFERS

9.1 Global Operations

Data may be transferred to and processed in countries where we or our service providers operate, including the United States, European Union, and Asia-Pacific regions.

9.2 Transfer Safeguards

For transfers outside your jurisdiction, we implement appropriate safeguards including: - Standard Contractual Clauses (SCCs) - Adequacy decisions by relevant authorities - Binding Corporate Rules where applicable - Additional security measures as required

9.3 Data Sovereignty Options

Enterprise customers may request data residency in specific regions subject to technical and commercial feasibility.

10. YOUR PRIVACY RIGHTS

10.1 Universal Rights

Regardless of location, you have the right to: - Access your personal data - Correct inaccurate information - Request data deletion (subject to legal requirements) - Object to certain processing activities - Withdraw consent where applicable

10.2 Enhanced Rights (GDPR, CCPA, and Similar Laws)

If you are in a jurisdiction with enhanced privacy laws, you may also have rights to: - Data portability - Restriction of processing - Automated decision-making opt-out - Detailed information about data processing

10.3 Exercising Your Rights

To exercise your privacy rights, contact us at privacy@innovatica.ai or use the privacy controls in your account settings. We will respond to requests within 30 days (or as required by applicable law).

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies

We use the following categories of cookies:

Essential Cookies - Required for basic platform functionality - Authentication and session management - Security and fraud prevention

Functional Cookies - Remember user preferences and settings - Provide enhanced features and personalization - Support multi-language functionality

Analytics Cookies - Understand how users interact with the platform - Measure platform performance and usage - Identify areas for improvement

Marketing Cookies (with consent) - Deliver relevant advertising - Measure marketing campaign effectiveness - Personalize marketing communications

11.2 Cookie Management

You can control cookies through: - Browser settings and preferences - Platform cookie consent tools - Third-party opt-out mechanisms

11.3 Impact of Cookie Choices

Disabling certain cookies may limit platform functionality and user experience.

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

The Brilio platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

12.2 Parental Rights

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

13. CHANGES TO THIS POLICY

13.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

13.2 Notification of Changes

We will notify users of material changes through: - Email notifications to registered users - Prominent notices on our website - In-platform notifications

13.3 Continued Use

Continued use of the platform after policy changes constitutes acceptance of the updated policy.

14. CONTACT INFORMATION

For questions about this Privacy Policy or our privacy practices, contact us at:

Email: privacy@innovatica.ai
Data Protection Officer: dpo@innovatica.ai
Address: VUNE0632, Compass Building - Al Hulaila, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates

---

This Privacy Policy consolidates data protection terms from multiple documents to provide comprehensive coverage while maintaining regulatory compliance across all jurisdictions.