Privacy Policy

1. Introduction

Iridiom, Inc. ("Iridiom," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

This policy applies to all users of our platform and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, password
• Payment Information: Billing address, payment card details (processed securely by Stripe)
• Profile Information: Any additional information you choose to provide
• Communications: Messages, support requests, and feedback
• Content: Projects, documents, and other content you create or upload

2.2 Information Collected Automatically

• Usage Data: Features used, actions taken, time and frequency of use
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: We use cookies and similar tracking technologies (see Section 7)
• Analytics: Aggregated statistics about platform usage

2.3 Information from Third Parties

• OAuth Providers: If you sign in with Google or Microsoft, we receive basic profile information
• Payment Processors: Transaction details from Stripe

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Services
• Process payments and send receipts
• Communicate with you about your account and our Services
• Respond to your requests and provide customer support
• Send you technical notices, updates, and security alerts
• Monitor and analyze trends, usage, and activities
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service
• Send marketing communications (with your consent, where required)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Contract: Processing necessary to provide the Services you requested
• Consent: You have given clear consent for specific purposes
• Legitimate Interests: Processing necessary for our legitimate business interests
• Legal Obligation: Processing necessary to comply with legal requirements

5. How We Share Your Information

We may share your information with:

5.1 Service Providers

• Stripe: Payment processing (see Stripe's privacy policy)
• AWS: Cloud infrastructure and data storage
• Analytics Providers: To understand usage patterns
• Email Services: To send transactional emails

5.2 Legal Requirements

We may disclose your information if required by law, subpoena, or legal process, or to protect our rights, safety, or property.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell your personal data to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• 256-bit SSL/TLS encryption for data in transit
• Encryption at rest for sensitive data
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Analyze how you use our Services
• Provide relevant content and advertising

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

8. Your Privacy Rights

8.1 GDPR Rights (EEA Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we use your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

8.2 CCPA Rights (California Residents)

• Know what personal information we collect and how we use it
• Request deletion of your personal information
• Opt-out of the sale of personal information (we don't sell data)
• Non-discrimination for exercising your rights

To exercise these rights, contact us at dpo@iridiom.com

9. Data Retention

We retain your personal data for as long as necessary to provide the Services and fulfill the purposes described in this policy. When you close your account, we will delete or anonymize your data within 90 days, except where we must retain it for legal, tax, or regulatory purposes.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Our Services are not intended for children under 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Services. Your continued use after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

For EEA residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have not addressed your concerns adequately.