Privacy Policy

Enterprise-grade data protection for AI solutions

Effective Date: January 1, 2025 | Last Updated: December 20, 2024

SOC 2 Ready

Type II Controls

GDPR Compliant

EU Data Protection

256-bit Encryption

AES-256 Standard

1. Our Commitment to Your Privacy

Day2 AI Ltd. ("Day2 AI," "we," "our," or "us") provides enterprise AI solutions, automation services, and consulting to businesses worldwide. We understand that data security is paramount for our enterprise clients, and we have built our infrastructure and practices to meet the highest industry standards.

This Privacy Policy describes how we collect, use, protect, and share information when you use our website (day2-ai.com) and our AI automation services. By engaging with Day2 AI, you acknowledge that you have read and understood this policy.

2. Information We Collect

2.1 Business Contact Information

When you engage with our services, we collect professional information necessary to deliver our AI solutions:

  • Full name and job title
  • Business email address and phone number
  • Company name, size, and industry
  • Project requirements and technical specifications
  • Billing and invoicing details

2.2 Service Usage Data

To optimize our AI solutions and ensure system reliability, we collect:

  • API usage metrics and performance logs
  • System integration data and error reports
  • Feature utilization patterns (anonymized)
  • Authentication and access logs

2.3 Website Analytics

Our website collects standard analytics data to improve user experience:

  • IP address (anonymized after 30 days)
  • Browser type and device information
  • Pages visited and navigation patterns
  • Referring sources and campaign data

3. How We Use Your Information

We process your information exclusively for legitimate business purposes:

  • Service Delivery: To implement, configure, and maintain your AI automation solutions
  • Technical Support: To diagnose issues, provide assistance, and ensure system uptime
  • Security Operations: To monitor for threats, prevent unauthorized access, and maintain system integrity
  • Product Improvement: To enhance our AI models and develop new features based on aggregated, anonymized usage patterns
  • Communication: To send service updates, security notices, and relevant product information
  • Legal Compliance: To meet regulatory requirements and respond to lawful requests

4. Enterprise Security Measures

Day2 AI implements comprehensive enterprise security controls:

Data Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • End-to-end encryption for sensitive communications
  • Hardware Security Modules (HSM) for key management

Infrastructure Security

  • ISO 27001 certified data centers
  • Multi-region redundancy and failover
  • 24/7 infrastructure monitoring and alerting
  • Regular penetration testing by third parties
  • Network segmentation and firewall protection

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required
  • Principle of least privilege enforcement
  • Comprehensive audit logging
  • Regular access reviews and certifications

Operational Security

  • Security awareness training for all employees
  • Background checks for personnel with data access
  • Incident response plan with defined SLAs
  • Business continuity and disaster recovery procedures
  • Vendor security assessments

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only in these circumstances:

  • Service Providers: Vetted vendors who assist with hosting, analytics, and support, bound by strict data processing agreements
  • Integration Partners: When you authorize connections to third-party systems (e.g., Jira, Azure DevOps, Salesforce)
  • Legal Requirements: When required by law, court order, or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected clients

All third-party service providers undergo security assessments and are contractually obligated to maintain confidentiality and implement appropriate security measures.

6. Data Retention

We retain data based on business necessity and legal requirements:

  • Active Client Data: Retained for the duration of our business relationship plus 3 years
  • Financial Records: Retained for 7 years per accounting regulations
  • Security Logs: Retained for 1 year for threat analysis and compliance
  • Marketing Data: Retained until consent is withdrawn or 2 years of inactivity

Upon request or end of retention period, data is securely deleted using industry-standard methods ensuring irrecoverability.

7. Your Rights

Regardless of your location, we provide the following rights to all users:

  • Access: Request a copy of your personal data we hold
  • Correction: Update or correct inaccurate information
  • Deletion: Request removal of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Opt out of certain processing activities
  • Withdraw Consent: Revoke previously given consent at any time

To exercise these rights, contact our Data Protection team at [email protected]. We respond to all requests within 30 days.

8. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process data under the following legal bases:

  • Contract Performance: Processing necessary to deliver services you have engaged
  • Legitimate Interest: Business operations, security, and service improvement
  • Legal Obligation: Compliance with applicable laws and regulations
  • Consent: Marketing communications and optional analytics

For international data transfers, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission. You may lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.

9. CCPA Compliance (California Residents)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information—we do not sell personal information
  • Right to non-discrimination for exercising privacy rights

10. Cookies and Tracking

Our website uses cookies to enhance functionality and analyze usage:

  • Essential Cookies: Required for site functionality and security
  • Analytics Cookies: Help us understand how visitors interact with our site
  • Preference Cookies: Remember your settings and choices

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

11. Children's Privacy

Day2 AI provides B2B enterprise services and does not knowingly collect information from individuals under 18 years of age. Our services are intended for business professionals and organizations.

12. Policy Updates

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to active clients and posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, data requests, or concerns:

Day2 AI Ltd.
Data Protection Team

Email: [email protected]

General Inquiries: [email protected]

Contact Form: day2-ai.com/contact

We aim to respond to all privacy inquiries within 5 business days and fulfill data requests within 30 days.