Privacy Policy

Effective Date: 01.07.2023

1. Introduction

These Terms of Service (“Terms” , “Terms of Service”) are a legally binding agreement between you (“User”, “customer”, “you”, “your”) and Profaile GmbH (“Profaile”, “Spexia”, “we”, “us”, “our”). They govern the use of our service (“Service”) via our web pages located at https://spexia.ai (the “Website”) or through our application (the “App”). The Terms are effective as of the date stated above.

By using the Service, you acknowledge that you have read, understood, and agree to be legally bound by the terms and conditions of these Terms of Service and our Privacy Policy, which is hereby incorporated by reference. Please take the time to review our Privacy Policy. If you do not agree to any terms in these Terms of Service or the Privacy Policy, then please do not use our Service.

IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THIS AGREEMENT, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE OUR WEBSITE OR PLATFORM.

2. Which information we collect

At Spexia, we have designed our information collection process to be as comprehensive as possible. This includes but is not limited to the collection of Personal Data from and about you. Here are the main ways in which we collect this information:

DURING REGISTRATION
As you use our product, we collect certain usage data, including your email address, to enhance product quality and provide a more personalized experience. This data, however, does not include any confidential information such as your search results or answers within our platform. For instance, we might record the number of searches per day, the number of follow-up questions you ask, and the number of clicks to external data sources. These metrics help us understand user behavior and improve our services accordingly.

INFORMATION THROUGH PRODUCT USAGE
When you register with us, we collect your name, address, and online contact information, such as your email address and other personal information. These details are essential for creating and managing your account and will be securely stored on our servers. We understand the importance of keeping your information up to date. Hence, you are able to modify your personal details at any point. Please contact us at privacy@spexia.ai to request changes to your information.

Device and Connection Information
When you provide feedback to us, we collect your name and work email. We use this information to address your concerns and conduct necessary follow-ups, ensuring we continuously meet your expectations and improve our product based on your valuable insights.

Email Usage within the Product
We only search for products accessible to you based on your email address. To protect your privacy and data, the use of our services is authenticated via Single Sign-On (SSO), and we maintain all permission access based on your registered email address. This system ensures that only authorized users have access to your data, enhancing the security and privacy of your information.

3. How do use your data

Spexia.ai employs several mechanisms to gather personal data from users in compliance with relevant privacy laws and regulations:

  1. Personalise your experience in using our platform
  2. Inform you about your account and/or subscription
  3. Notify you about changes to our Website and Platform or any products or services
  4. Improve the product - only goal is to make the product as valuable for our users, we use the information to track usage for different features and in product and prioritize future development

4. How do we share the data

At Spexia, we have designed our information collection process to be as comprehensive as possible. This includes but is not limited to the collection of Personal Data from and about you. Here are the main ways in which we collect this information:

Sharing Internally with Our Product Team
Our product team has access to the anonymized metrics collected during your usage of our services. This data is essential for them to understand user behavior and make necessary improvements to our products and services. Furthermore, team members who are corresponding with a user after receiving feedback will have access to your name and email to facilitate an effective response.

Sharing with Third Parties
We share certain information with third parties that help us operate and improve our services. However, we assure you that we do not sell your personal data. Our third-party partners, such as PostHog, only receive information that aids in enhancing our service delivery and your user experience.

5. How do we store and protect the data

Reasonable and appropriate measures are used to secure the information collected and prevent unauthorized access, alteration, disclosure, and accidental loss. However, it should be noted that the internet is not entirely secure and despite our efforts, we cannot guarantee the absolute security of the information transmitted to or through Spexia. Any transmission of information is done at the user's own risk. Spexia is not responsible for any breach of security. It is important to understand that there is no foolproof technology or measure to ensure 100% security.

We store usage data inside of an encrypted database in an AWS project stored in Europe, inaccessible from the public internet. In the event of a breach in our security systems, we take action to remedy the breach as required by law and our Privacy Policy. We may post a notice or try to contact you through the email address you provided. If there is a potential breach of your personal information, we will take specific actions to address the situation, which may include logging you out from all devices, resetting your password, and performing other necessary activities.

Additionally. We use third-party analytics services (Google Analytics, PostHog) to store non-sensitive usage metrics. In both of them, the information is stored in an anonymized form.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion.

6. Cookie Policy

Our website uses cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the offer more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter "Technically Necessary Cookies"), the legal basis for the associated data processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website.
Specifically, we set technically necessary cookies for the purpose of remembering website preferences. Other than that, we use analytical cookies. These cookies are utilized to gather anonymous and summarized data regarding the usage of the website. They aid us in comprehending user interactions with our website and enhancing its overall performance.

To customize your cookie preferences, you have the option to adjust settings within your browser. This enables you to delete or prevent the storage of cookies. It's important to note that disabling essential cookies may impact your ability to fully utilize specific features on our website.

We may revise this Cookie Policy in the future. To keep yourself up to date with our cookie practices, we recommend checking this page for any modifications.

By accessing and using our website, you acknowledge and consent to the utilization of cookies as outlined in this Cookie Policy.

6.1 HOTJAR

We use Hotjar for analytics. The provider is Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta. The provider processes usage data (e.g. web pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://www.hotjar.com/legal/policies/privacy/.

6.2 CALENDLY

We use Calendly to schedule appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g. web pages visited, interest in content, access times), contact data (e.g. e-mail addresses, telephone numbers), and master data (e.g. names, addresses) in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR) adopted by the EU Commission in accordance with the examination procedure under Art. 93 para. 2 of the GDPR, which we have agreed to with the provider.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://calendly.com/pages/privacy.

6.3 GOOGLE TAG MANAGER

We use Google Tag Manager for analytics and for advertisement. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR) adopted by the EU Commission in accordance with the examination procedure under Art. 93 para. 2 of the GDPR, which we have agreed to with the provider.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.

6.4 GOOGLE ANALYTICS

We use Google Analytics for analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.

The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR) adopted by the EU Commission in accordance with the examination procedure under Art. 93 para. 2 of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.

6. Information about your right to object under Article 21 of the GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR (processing based on legitimate interests), including profiling based on this provision according to Article 4(4) of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Additionally. We use third-party analytics services (Google Analytics, PostHog) to store non-sensitive usage metrics. In both of them, the information is stored in an anonymized form.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion.

7. MODIFICATIONS TO OUR PRIVACY POLICY

We reserve the right to change this privacy policy with effect for the future. A current version is always available here.

Contacting us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via the contact us or email us at privacy@spexia.ai.