Privacy Policy

Table of Contents

1. Introduction
2. Data Protection Officer
3. Legal Bases for Processing
4. Use of the Loqus.ai Website
5. Cookies and Tracking Technologies
6. Sharing Information with Third Parties
7. Government and Legal Requests
8. Data Subject Rights and Data Deletion Guide
9. Response Process
10. Data Security
11. Data Storage and Retention
12. International Data Transfers
13. Children's Data
14. Changes to This Policy
15. Questions and Complaints

Introduction

At Loqus.ai, we are committed to protecting and respecting your privacy while delivering innovative AI-powered workspace solutions. Our platform serves as a sophisticated bridge between users and advanced language models, facilitating seamless integration of AI capabilities into your daily workflow. As we provide these services, we understand the critical importance of handling your personal information with the utmost care and transparency.

This Privacy Policy is designed to provide you with comprehensive information about how we collect, use, protect, and manage your personal data when you use our services. It outlines the types of information we gather, the ways we utilize this information to improve your experience, and the measures we take to safeguard your privacy.

We recognize that privacy protection is an evolving responsibility and maintain a commitment to regularly reviewing and updating our practices to ensure they align with the latest privacy standards and regulations. Our practices reflect our core values of transparency, security, and user trust.

Data Protection Officer

3Jane Technologies LTD, operating as Loqus.ai, maintains its headquarters in Cyprus and has established a dedicated Data Protection Office to oversee all matters relating to privacy and data protection. Our Data Protection Officer serves as your primary point of contact for any privacy-related queries, concerns, or requests.

You can reach our Data Protection Officer at:

Privacy Team
3Jane Technologies LTD
Aiantos 22, 1082 Agioi Omologites
Nicosia, Cyprus
[email protected]

Legal Bases for Processing

We process your personal data in accordance with Article 6 of the GDPR. Each processing activity relies on one or more of the following legal bases:

Contractual Necessity We process personal data necessary to fulfill our contractual obligations, including:

• Creating and managing your account
• Providing our AI-powered workspace services
• Processing your communications and requests
• Maintaining your user preferences and settings

Legal Obligation We process personal data to comply with legal requirements, including:

• Maintaining required business records
• Responding to legal requests from authorities
• Complying with tax obligations
• Meeting data protection requirements

Legitimate Interests We process personal data to pursue legitimate interests where your rights and freedoms do not override these interests, including:

• Improving and developing our services
• Ensuring network and information security
• Preventing fraud and unauthorized access
• Analyzing service usage and performance
• Maintaining and enhancing our platform

Consent Where required by law, we process personal data based on your explicit consent, particularly for:

• Marketing communications (where applicable)
• Optional profile enhancements
• Certain types of cookies and tracking technologies
• Processing of voice recordings

Use of the Loqus.ai Website

When you visit and interact with our website, we automatically collect and store certain information about your interaction with our digital properties. This collection serves essential purposes in maintaining and improving our service delivery and user experience.

We collect technical information necessary for website functionality, including your Internet Protocol (IP) address, browser specifications, operating system details, and device characteristics. This information enables us to optimize content delivery and ensure compatibility across different devices and platforms.

Our systems record usage patterns such as pages visited, time spent on various sections, navigation paths through our website, and interaction with specific features. We analyze this information to enhance website performance, streamline user journeys, and identify areas for improvement in our service delivery.

Performance monitoring includes collecting data about page load times, server response rates, error occurrences, and overall system stability. This technical monitoring ensures we maintain optimal service levels and quickly address any performance issues that may affect your experience.

Cookies and Tracking Technologies

Our website employs cookies and similar tracking technologies to provide essential functionality and enhance your user experience. These technologies enable us to maintain certain features, understand usage patterns, and ensure the security of our services.

Essential cookies facilitate core website functions, such as maintaining your authentication status, preserving your preferences, and ensuring secure access to your account. These cookies are fundamental to providing our services and cannot be disabled without affecting basic website functionality.

Performance and analytics technologies help us understand how users interact with our services. This includes information about feature usage, navigation patterns, and service performance. We process this data to optimize our services and enhance user experience.

We implement session management cookies to maintain security during your visit to our platform. These cookies help protect your account by managing secure sessions and preventing unauthorized access attempts.

You maintain control over non-essential cookies through your browser settings. Our cookie management interface allows you to adjust your preferences regarding optional tracking technologies. Detailed information about specific cookies, including their purposes and durations, is available in our Cookie Policy at loqus.ai/privacy/cookies.

Sharing Information with Third Parties

We share your personal information with third parties only in specific, limited circumstances necessary for service delivery and legal compliance. All data sharing activities are conducted with appropriate safeguards and in accordance with applicable data protection regulations.

Our service delivery relies on carefully selected technology providers who assist in various aspects of our operations. These providers include:

Our cloud infrastructure is supported by established providers including DigitalOcean, Anthropic Ireland, and Groq, who maintain robust security standards and process data under strict contractual obligations.

For operational efficiency, we utilize services from Google Workspace for identity management, Cloudflare for security monitoring, and Segment for analytics. Each provider operates under comprehensive data processing agreements that ensure appropriate data protection.

Our data storage and processing capabilities are enhanced through partnerships with Snowflake and Qdrant Solutions, who maintain stringent security protocols and data protection measures aligned with international standards.

We may disclose information when required by law, including responses to valid legal requests, court orders, or regulatory inquiries. Such disclosures are carefully reviewed to ensure compliance with legal obligations while protecting user privacy rights.

In the event of a business transaction such as a merger, acquisition, or asset sale, your information may be transferred as part of the transaction. We will notify you of any such changes in ownership or control of your personal information.

For each third-party relationship, we implement appropriate technical and organizational measures to ensure continuous data protection. This includes:

We establish comprehensive data processing agreements with each service provider, defining strict parameters for data handling and protection.

Regular compliance monitoring and security assessments verify that third parties maintain appropriate security standards and adhere to our data protection requirements.

We limit data access to only what is necessary for specific service functions, implementing strict access controls and authentication mechanisms.

Data transfer protocols ensure secure transmission of information between our systems and third-party services, utilizing encryption and secure communication channels.

In all cases, we maintain oversight of third-party data processing activities and require adherence to privacy practices that align with our standards and applicable regulations.

Our platform utilizes sophisticated automated processing to provide advanced AI-powered services. Under Article 22 of the GDPR, we provide the following information about our automated processing:

Types of Automated Processing Our platform performs automated processing for:

• AI-powered responses to user queries
• Content generation and analysis
• Language processing and translation
• Feature recommendations
• Performance optimization

Logic and Method Our automated processes:

• Employ advanced machine learning models
• Generate responses based on comprehensive training data
• Apply sophisticated natural language processing
• Execute precision-engineered algorithms
• Utilize advanced pattern recognition

Impact and Safeguards The automated processing:

• Determines response generation and content delivery
• Influences service personalization
• Affects recommendations and suggestions
• Guides feature prioritization

Human Oversight We maintain robust oversight mechanisms:

• Regular review of automated systems
• Human intervention availability for all automated processes
• Clear procedures for contesting automated decisions
• Established channels for user feedback and input
• Continuous monitoring and quality assurance

Government and Legal Requests

At Loqus.ai, we are committed to protecting user privacy while complying with our legal obligations. When we receive a request for user information from a government agency, court, or law enforcement authority, we adhere to the following principles:

1. Review of Legality: Every request is carefully reviewed by our legal team to ensure it is valid, legitimate, and has a sound legal basis under applicable laws. We do not process overly broad, vague, or improper requests.
2. Challenging Unlawful Requests: We will challenge and push back against any request that we believe is unlawful or does not have a valid legal basis. We will interpret requests as narrowly as possible to protect user privacy.
3. Data Minimization: If we are compelled to comply with a legally valid request, we will only disclose the minimum amount of information necessary to satisfy the specific legal obligation. We will not provide direct, "backdoor," or unfettered access to user data.
4. Documentation and Transparency: We maintain a record of all legal requests for user data, including our response and the legal reasoning involved. Where not prohibited by law, we are committed to transparency and may publish periodic reports on the volume and nature of requests received.
5. User Notification: Unless we are legally prohibited from doing so by a court order or other legal instrument, our policy is to notify users of a request for their information before disclosure, providing them with an opportunity to seek legal recourse.

Data Subject Rights and Data Deletion Guide

Your rights.

Under the EU GDPR, UK GDPR and comparable data-protection laws, you are entitled to exercise the following rights at any time:

• Right of access – Obtain confirmation of whether we process personal data about you and receive a copy of that data.
• Right to rectification – Request that we correct or complete inaccurate or incomplete information.
• Right to erasure (“right to be forgotten”) – Ask us to delete your personal data when there is no legal or contractual reason for us to keep it.
• Right to restriction of processing – Require us to suspend processing while we verify accuracy, respond to an objection, or establish legal claims.
• Right to data portability – Receive the personal data you provided to us in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to object – Object at any time to processing that is based on our legitimate interests or to processing for direct-marketing purposes.
• Right not to be subject to automated decision-making – Request human intervention and challenge any automated decisions that have legal or similarly significant effects.
• Right to withdraw consent – Withdraw any consent you have previously given without affecting the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint – Contact your local supervisory authority if you believe we have violated your privacy rights.

How to exercise your rights

Email or postal request:

1. Email us at [email protected]
2. Specify which right you wish to exercise and provide enough information for us to verify your identity (e.g., account e-mail address, recent login timestamp).

We acknowledge all requests within 48 hours and provide a substantive response within 30 days. If a request is unusually complex, we will notify you and may extend the response period by up to 60 days, as permitted by law.

Data deletion guide

Scheduled deletion (manual request):

• If you submit a deletion request by e-mail or post, we will delete or anonymise your active-service data within 30 days of confirming your identity.
• Backup copies stored for disaster-recovery purposes are cryptographically isolated and are automatically overwritten on a 35-day rolling cycle. They are inaccessible to production systems during that period.

Retention exceptions

We may retain limited information when required to:

• Comply with legal obligations (tax, accounting, fraud-prevention).
• Establish, exercise, or defend legal claims.
• Demonstrate past consent or fulfil statutory audit duties.

After any applicable retention period expires, the residual data is permanently erased or irreversibly anonymised.

Response Process

We maintain a structured process for addressing privacy matters:

Initial Response

• Acknowledgment within 48 hours
• Professional review by our Data Protection Officer
• Thorough assessment of each request

Review and Resolution

• Comprehensive evaluation of inquiries
• Substantive response within 30 days
• Systematic documentation of communications
• Regular progress updates

Extended Timeline For matters requiring additional consideration:

• Proactive notification before the 30-day deadline
• Clear explanation of timeline extension
• Regular status updates
• Defined resolution timeline

Data Security

We implement comprehensive technical and organizational measures to protect your personal information throughout its lifecycle in our systems. Our security framework encompasses multiple layers of protection to ensure data confidentiality, integrity, and availability.

Our technical security infrastructure incorporates advanced measures including encryption for data in transit and at rest, multi-factor authentication systems, and intrusion detection mechanisms. We maintain continuous security monitoring and implement regular security patches to protect against emerging threats.

The organizational controls governing our security practices include stringent access control policies, detailed incident response procedures, and regular security assessments. Our security protocols undergo continuous review and enhancement to address evolving security challenges and maintain the highest standards of data protection.

Data Storage and Retention

Our data storage and retention practices are designed to ensure secure, efficient data management while complying with applicable regulations. We maintain data in secure facilities that undergo regular security audits and compliance certifications.

The primary storage of your data occurs within the European Union, with additional secure facilities maintained for system redundancy and backup purposes. All storage locations adhere to stringent security standards and are subject to regular monitoring and access controls.

We retain your personal data for specific periods determined by the following factors:

Storage Duration Parameters:

• Legal and regulatory requirements
• Service provision necessities
• Technical operational requirements
• Data protection obligations

Standard Retention Periods:

• Account information remains active throughout your service usage and for 30 days following account closure
• Communication data is retained as necessary for service provision and improvement
• Technical logs follow a rolling retention schedule based on operational requirements
• Backup data is maintained according to our disaster recovery protocols

International Data Transfers

As a global service provider, we transfer personal data across international borders in accordance with established data protection regulations. We implement comprehensive safeguards for all international data transfers to ensure consistent protection of your information.

For transfers outside the European Economic Area (EEA), United Kingdom, or Switzerland, we employ multiple legal mechanisms and technical safeguards:

Transfer Mechanisms:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Additional safeguards as recommended by data protection authorities
• Binding corporate rules where applicable
• Individual derogations under GDPR Article 49 when necessary

We conduct and maintain detailed Transfer Impact Assessments (TIAs) for all international data transfers, evaluating:

• Legal frameworks in recipient countries
• Access controls and protections
• Technical security measures
• Ongoing compliance monitoring

Children's Data

Our services are designed and intended for use by individuals aged 16 and above. We do not knowingly collect or process personal information from individuals below this age threshold. In the event we discover any data collected from individuals under 16, we implement immediate measures to:

• Remove the information from our systems
• Terminate associated account access
• Document the incident and our response
• Strengthen preventive measures

Changes to This Policy

We maintain the right to update this Privacy Policy as our services evolve and to reflect changes in our data practices or applicable regulations. When we make material changes to this policy, we will notify you through appropriate channels:

Notification Methods:

• Email communication to your registered address
• Prominent notice on our service platform
• Website announcements

For material changes, we provide notice at least 30 days before the changes take effect, allowing you sufficient time to review and understand the updates. Previous versions of the Privacy Policy remain accessible for reference purposes.

Questions and Complaints

We maintain dedicated channels for addressing your privacy concerns and inquiries. Our commitment to privacy extends to providing thorough, timely responses to all privacy-related matters.

Contact Channels: 3Jane Technologies LTD Privacy Team Aiantos 22, 1082 Agioi Omologites Nicosia, Cyprus Email: [email protected]

For individuals located in the European Economic Area, you maintain the right to file a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns. The supervisory authority contact information varies by jurisdiction and can be found through the European Data Protection Board website.

This Privacy Policy was last updated on January 22, 2025. We maintain this policy as a living document that evolves with our services while ensuring consistent protection of your privacy rights.