We process your Personal Information for the following purposes:

• To provide, operate and improve our Services to you, by performing anonymous data analysis to support service functionality, reliability and improvement. For clarity, this does not include using User Content for model training, unless you have expressly opted in.
• To secure your account and ensure the security of the Services provided.
• To operate, maintain, and improve the Services and the Platform, including analyzing aggregated and usage-related information to understand how users interact with the Services, improve performance and usability, support platform administration, and develop new features or services.
• To provide you support, including but not limited to responding to your requests and inquiries, and investigating and addressing user concerns.
• To assist users of our Platform in the resolution of complaints and disputes between them, as necessary for our legitimate interests in facilitating positive relations among users.
• To manage our business operations and relationships, including administering subscriptions, processing payments through third-party payment providers, and sending service-related notices and transactional communications.
• To conduct limited marketing and outreach activities, such as sending newsletters or service-related updates, where permitted by applicable law or where you have opted in or otherwise consented. You may opt out of marketing communications at any time by adjusting your account preferences or following the unsubscribe instructions provided in such communications.
• To communicate with you and to notify you about changes to our Platform, and any Services we provide through the Platform.
• To operate user-directed third-party integrations. When you instruct the Services to interact with third-party websites, applications, or services, we process and transmit only the information necessary to perform the requested actions, strictly in accordance with your instructions and authorizations. Such processing is limited to the execution of the workflow, and is not used or retained for any independent purpose. Any such third-party providers process your inputs under their own terms and privacy policies, and we do not control or assume responsibility for their data practices. And you are responsible for compliance with applicable third-party terms and policies.
• To comply with applicable laws, cooperate with investigations by law enforcement or other authorities of suspected violations of law, or to pursue or defend against legal threats and/or claims.
• To provide API services. Where you use the Lux API, to process personal information relating to your end users, we process such personal information solely to execute your API requests, and provide the Services in accordance with your instructions. In these cases, you act as the data controller and we act as a data processor to the extent applicable.
• For other business purposes, such as to detect, prevent, and respond to actual or potential fraud or illegal activities, defend our legal rights, and comply with our legal obligations and internal policies.

If you are located in the European Economic Area (“EEA”), we only process your Personal Information when we can rely on a valid legal ground such as:

• Execution of a contract. We need your Personal Information to provide you with our Services, including allowing you to make payments directly through our Platform, or to otherwise respond to your queries.
• Compliance with a legal obligation. We are required or allowed to collect and use your Personal Information, for example, to detect fraud or to comply with our tax, accounting, and anti-money laundering obligations.
• Legitimate interest. We or a third party, have a legitimate interest in processing your Personal Information. such as operating and improving the Services, enhancing the security, reliability, and performance of the Platform, conducting limited analytics, and preventing misuse or fraud. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
• Consent. You have consented to the use of your Personal Information, for example, to send you our newsletter or promotional emails or for the use of certain cookies. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

We do not engage in fully automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of applicable data protection laws.

Although the Services may use artificial intelligence to interpret your instructions and perform automated actions, including operating computer interfaces or executing workflows, such actions are carried out solely based on your explicit instructions, configurations, and authorizations. The Services do not make independent decisions on your behalf, and you remain in control of whether and how any action is taken.

For actions that may involve sensitive operations or elevated risk, the Services are designed to request additional user input, confirmation, or authorization before proceeding, where applicable. Where necessary, Services may include elements of automated decision-making which include:

• Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
• Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

If you are located in the EEA, you also have the right to access the Personal Information we hold about them, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, you shall contact us through the contact information in Section 13 below.

We will share Personal Information with the following categories of recipients, subject to applicable law:

• Third-Party Service Providers: Under your designation, we may share anonymous and desensitized Personal Information with third-party service providers to provide technical infrastructure services, including cloud hosting and computing providers; analyze how our Services are used; conduct quality assurance testing; provide technical and customer support; prevent and detect unauthorized activities; and provide other support to us.
• Affiliates/Employees: We share Personal Information with our affiliates (if we have any in the future), and employees all over America as needed to provide our Services, for purposes consistent with this Policy or to operate shared infrastructure, systems, and technology.
• Suppliers and Service Providers: We share Personal Information with companies that provide products or services to us for the operation of our business. These include providers of IT and software services, remote office services, cyber security services, mailing services, marketing services, and finance systems. Such parties provide reasonable security for Personal Information and to use and process such Personal Information on our behalf only.
• Professional Advisors: We share Personal Information with our accountants and other outside professional advisors in the course of the services they provide to us.
• Financial Institutions: We share Personal Information with financial service providers such as in connection with the collection and payment of our service fees (if any).
• Corporate Purchasers: We may share Personal Information with any corporate purchaser or potential purchaser to the extent permitted by law as part of any merger, acquisition, sale of Company assets, or transition of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which Personal Information would be transferred as an asset of Company.
• Mandatory Disclosures and Legal Claims: We may preserve, use, share, or disclose your Personal Information to comply with any subpoena, court order, or other legal process, to comply with a request from our regulators, governmental request, or any other legally enforceable demand. We also share Personal Information to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or the safety or integrity of our platform, including to help prevent spam, abuse, or malicious actors on our Platform, or to explain why we have removed content or accounts from our Platform, or to defend against legal claims.
• Other Third Parties with Your Consent: We share Personal Information with other third parties with your consent.

If you have questions about the parties with which we share Personal Information, please contact us as specified below.

Through the use of cookies and similar technologies such as web beacons, we may collect your device identifier or IP address, unique device ID, hardware and software type, internet service provider, serving domain, geographical area, location data, browser type, and settings data (such as screen resolution, color depth, time zone settings, browser extension, and plugins) operating system, referring URLs, search history, usage patterns, information on actions taken or interaction with our digital assets (e.g., page views) and dates and times of actions. We may also place web beacons in emails sent to you to track which emails are opened and which links are clicked by you.

The types of cookies we use include:

• Operational Cookies: To the extent applicable, we use operational cookies which are required for the operation of our Websites, for example, cookies that enable you to log into some areas. These operational cookies are session cookies that are erased when you close your browser.
• Google Analytics Cookie: We use third-party analysis tools such as Google Analytics to collect information about how you use our Services. We use this information to create reports and improve our Services. This cookie can help us understand the number of visitors to our Websites, where visitors come from, and how visitors browse or use our Websites. It can also help us identify areas we can improve. To learn more about how Google uses data, visit https://policies.google.com/technologies/partner-sites. To opt out of these cookies across our Websites, visit http://tools.google.com/dlpage/gaoptout.
• Functional Cookies: We use functional cookies to improve the functional performance of our Services and make them easier for you to use such as language or regional settings, in order to enhance usability. These cookies may persist across sessions to improve your experience on subsequent visits These cookies qualify as persistent cookies because they remain on your device for us to use during your next visit to our Websites.
• Third-Party Cookies: Our Websites may include links to third-party websites or services. We do not control and are not responsible for the use of cookies by any third party, and this Policy applies only to cookies used by us. We encourage you to review the privacy and cookie policies of any third-party websites you choose to visit.
• Managing Cookies: Most web browsers allow you to manage cookies through the browser settings. Be aware that, if you opt out from and do not agree to certain cookies, your experience on our Websites may be diminished and some features may not work as intended depending on the cookie.

We maintain reasonable administrative, technical, and physical safeguards that are intended to appropriately protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. However, because no information system can be guaranteed to be completely secure, we cannot guarantee the absolute security of your information. To the extent permitted by applicable law, we will not be liable for unauthorized disclosure of Personal Information that occurs through no fault of us or beyond reasonable control, including, but not limited to, errors in transmission, access to a user’s account by anyone other than the user, uses of the user’s ID and password by a third party, user’s own failure to maintain the confidentiality of account credential or comply with user’s security obligations, and the unauthorized acts of third-parties.

In addition to Section 3 and 4, we provide you the ability to exercise certain controls and choices regarding our collection, use, and sharing of your Personal Information. In accordance with local law, your controls and choices as described in this Section: 

• You may correct, update, and delete your registration account on our Platform at any time. You may also update and correct inaccuracies in your account information at any time by logging in your registration account.
• You may submit a request related to access, modification, or deletion of your information, or someone else’s information if you are their authorized agent, you may also contact us by email or by mail using the details provided under Section 13 below. We may require you to provide additional information for verification.
• You may change your choices for subscriptions, alerts, and newsletters. 
• You may choose whether to receive offers and updates from us and promotions for our Services.
• You may request access to the Personal Information we hold about you and that we amend or delete such information. 
• You may choose to revoke the permission to connect the Services through a third-party account (such as Google or Apple), which will not affect information previously received in accordance with those permissions.
• You may set your browser to refuse all or some browser cookies or to alert you when cookies are being sent.
  
  

You may exercise your controls and choices, or request access to your Personal Information, by contacting us as specified below. Please be aware that if you do not allow us to collect Personal Information from you, some of our Services may not be available to you. If you have questions regarding the specific Personal Information about you that we process or retain, please contact us as specified below.

We may make changes to this Policy. The “Last Updated” date at the top of this page indicates when this Policy was last revised. If we make material changes, we may notify you via a notice posted on our Platform or other methods. We encourage you to read this Policy periodically to stay up-to-date about our privacy practices. Your continued use of our Platform after such changes will constitute your: (i) acknowledgment of the updated Policy; and (ii) agreement to abide and be bound by the updated Policy.

We do not offer the Services to, or knowingly collect Personal Information from, individuals under the age of Thirteen (13). If we become aware that Personal Information has been collected from an individual under Thirteen (13), we will take reasonable steps to delete such information in accordance with applicable law. By using the Services, you represent and warrant that you are at least Thirteen (13) years of age.

• What are the consequences of not providing Personal Information?
  You are not required to provide all Personal Information identified in this Policy to use our Services or to interact with us offline, but certain functionality will not be available if you do not provide Personal Information. If you do not provide Personal Information, we may not be able to respond to your request, provide Services to you, or provide you with information that we believe you would find valuable.
  
  
• Do the Websites honor not track (“DNT”) signals sent via browsers?
  Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we generally do not respond to DNT signals at this time. This does not affect the collection of strictly necessary technical data or the generation of account-level service usage metrics required to operate the Services.
  
  
• How long do we retain Personal Information?
  We retain Personal Information only for as long as reasonably necessary to fulfill the purposes described in this Policy, including providing and operating the Services, maintaining security and system integrity, supporting customer requests, complying with legal obligations, and enforcing our agreements.
  Personal Information used for communications or outreach is retained for as long as you choose to receive such communications, or until you opt out or request deletion, subject to applicable law.
  Where you violate our Terms and your account is suspended, we may keep the identifiers you used to create the account (i.e., email address or phone number) indefinitely to prevent repeat policy offenders from creating new accounts.
  We may keep certain information longer than our policies specify in order to comply with legal requirements and for safety and security reasons.
  
  
• Are third-party websites governed by this Policy?
  Our Platform may contain links and references to other websites administered by unaffiliated third parties. This Policy does not apply to such third-party sites. When you click a link to visit a third-party website, you will be subject to that website’s privacy practices. We encourage you to familiarize yourself with the privacy and security practices of any linked third-party websites before providing any Personal Information on that website.

If users would like to make a complaint, they can contact us by email or by mail using the details provided under Section 13 below.

If users are not satisfied with our response to their complaint, they have the right to lodge their complaint with the relevant data protection authority. They can contact their local data protection authority.

If you have any questions about this Policy, or if you would like to exercise your rights to your Personal Information, you may contact us at legal@openagi.org through our website at https://lux.agiopen.org/.