1. GDPR Commitment and Overview
Aiplicity ("we", "us", "our") is fully committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Statement outlines how we collect, process, and protect the Personal Data of individuals residing in the European Economic Area (EEA) and the United Kingdom (UK). We recognize that data privacy is a fundamental human right and have designed our PaaS architecture with privacy-by-design and privacy-by-default principles.
2. Roles: Controller vs. Processor
Under the GDPR, Aiplicity operates in two distinct capacities depending on the context of the data interaction:
- As a Data Controller: We act as a Controller when collecting data necessary to manage your Aiplicity account (e.g., your name, billing information, email address, and platform usage telemetry).
- As a Data Processor: We act as a Processor for any data you input into our AI tools, CRM, or social media automation workflows (e.g., your clients' emails, Instagram handles, or leads). In this capacity, you (the user) are the Controller, and we only process this data according to your explicit instructions via our software interface.
3. Legal Basis for Processing (Article 6)
We process your Personal Data under the following lawful bases:
- Contractual Necessity: Processing is required to fulfill our Terms of Service and provide you with access to our PaaS platform.
- Legitimate Interests: To improve our platform security, prevent fraud, and optimize our AI algorithms (using anonymized data).
- Consent: For marketing communications, non-essential cookies, or explicit opt-in features. You may withdraw this consent at any time.
- Legal Obligation: To comply with tax, accounting, and international legal requirements.
4. Rights of the Data Subject (Articles 12-23)
If you are a resident of the EEA or UK, the GDPR grants you specific rights over your Personal Data:
- Right to Access (Article 15): You have the right to request a copy of the Personal Data we hold about you.
- Right to Rectification (Article 16): You may request the correction of inaccurate or incomplete data.
- Right to Erasure / Right to be Forgotten (Article 17): You can request the permanent deletion of your data when it is no longer necessary for the purposes it was collected.
- Right to Restriction of Processing (Article 18): You may ask us to temporarily suspend processing of your data under certain conditions.
- Right to Data Portability (Article 20): You can request your data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON export).
- Right to Object (Article 21): You may object to processing based on legitimate interests or for direct marketing purposes.
- Rights Related to Automated Decision Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or significant effects.
5. Cross-Border Data Transfers (Chapter V)
Aiplicity operates globally, and your data may be transferred to servers located in the United States or India. To ensure the continuous protection of your data in accordance with GDPR, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission for all data transfers outside the EEA. We also enforce Zero Data Retention agreements with our third-party AI sub-processors (e.g., OpenAI, Anthropic) to ensure European data is not used for unauthorized model training.
6. Data Protection Officer (DPO) and Representative
To ensure rigorous compliance and oversight, Aiplicity has appointed a dedicated Data Protection Officer. If you have any inquiries regarding your GDPR rights, subject access requests (DSARs), or data privacy concerns, please contact our DPO directly:
Aiplicity Data Protection Officer
Email: dpo@aiplicity.com
Phone: +91 800-AIPLICITY
Address: Baner IT Park, Pune, Maharashtra 411045, India
7. Submitting a Data Subject Access Request (DSAR)
To exercise any of your GDPR rights, please email dpo@aiplicity.com with the subject line "GDPR DSAR Request". We are obligated to verify your identity before processing the request and will respond to all valid requests within thirty (30) days, free of charge, as mandated by the regulation.