Privacy Policy

Last updated: 31/10/2024

At Counzel.ai, we are committed to protecting your privacy and ensuring the security of your data. We use advanced anonymization and pseudonymization techniques to safeguard information, ensuring that individual privacy is protected at all times.

This Privacy Policy explains how we collect, process, store, and retain data, and describes your rights regarding your information.

  1. Definitions

Capitalized terms in this document are defined as follows:

  • "Counzel Services": Services provided by Counzel.ai, including but not limited to the AI-driven question-answering platform, customized implementations, and additional modules.
  • "Personal Data": Any information that relates to an identified or identifiable individual.
  • "Anonymized Data": Data that has been processed to remove identifying characteristics, ensuring it cannot be linked back to any specific individual.
  • "Pseudonymized Data": Data processed to partially remove identifying characteristics, which can only be linked to a user under restricted conditions and with additional information.
  • "Processing": Any action performed on data, such as collection, storage, or analysis.
  • "User", "Customer", or "You": Any individual or entity subscribing to, accessing, or using Counzel.ai’s services.
  1. Data Controller Information

Counzel.ai acts as the Data Controller for all data collected through our platform and services. You may contact us for privacy inquiries as follows:

  • Email: privacy@counzel.ai
  • Mail: Counzel.ai, Attn: Privacy Team, Rue Sainte Renelde 47, 1430 Rebecq
  1. Data We Collect and Retain

We collect different types of data to ensure the functionality and improvement of our platform. Our practices regarding anonymized, pseudonymized, and personal data are outlined below.

3.1 Anonymized Data

Anonymized data is collected and used to improve the quality of our services and for statistical analysis. This data is stripped of any identifying information and cannot be linked back to individual users. Given its fully anonymized nature, it is not subject to retention limits.

3.2 Pseudonymized Data

Pseudonymized data is managed with the same care and security protocols as personal data and is retained according to similar timelines. This data is only accessible under restricted conditions and is used solely for internal analysis, service improvements, and troubleshooting.

3.3 Personal Data (Conversations and Interactions)

  • Conversations/Records: Interactions on our platform, including conversations, are retained for up to 18 months to allow users to access past records from the previous fiscal year as needed.
  • Contact Information: Contact information and anonymized usage metrics for former customers are retained for administrative purposes for up to 12 months following the end of a subscription.
  • Generated Interactions and Content: All content generated during interactions will be deleted or anonymized after the retention period. Anonymized data may be retained for product improvement but will never include identifiable personal information unless formal consent is provided by the user.

We do not use raw conversations or interactions that contain identifiable personal information for product enhancement. Anonymization is always applied before any such data is used.

3.4 Consent for Future Contact

If you provide explicit consent for future contact, it will remain valid for up to 2 years, unless you choose to revoke it. You may withdraw consent at any time by responding to our communication with “Revoke my consent to be contacted for commercial purposes.” Under no circumstances will we share your contact details with third parties outside of Counzel.ai and its affiliated consulting services.

  1. Security and Data Access Controls

We use industry-standard security measures to protect your data, including:

  • Encryption: All data is encrypted both in transit and at rest on Microsoft Azure cloud servers, ensuring maximum security.
  • Access Limitations: Access to data is strictly limited to authorized technical team members solely for support or maintenance purposes. Any other access requires explicit consent from the user.
  • Data Residency and Processing: Our primary servers are located within the EU to ensure GDPR compliance. In rare cases where EU servers are inaccessible, data may be processed temporarily by non-EU servers, but this data is never retained by third-party AI providers.
  1. Data Usage

We use your data in the following ways, depending on its classification:

  • Anonymized Data: For service improvements, statistical analysis, and enhancing platform performance.
  • Pseudonymized Data: For analysis and service optimization, maintaining strict access control protocols.
  • Personal Data: For account management, user support, and to fulfill service requests as outlined in this Privacy Policy.

Legal Basis: We process anonymized and pseudonymized data based on our legitimate interest in providing a secure and high-quality service to users.

  1. Your Rights

You have certain rights with respect to your data. These include:

  • Access: Request a summary of any pseudonymized or personal data we may hold about you.
  • Rectification: Correct any inaccurate or incomplete data.
  • Deletion: Request deletion of personal data after the retention period or if it is no longer necessary for our services.
  • Objection: Object to data processing based on legitimate interests.
  • Consent Withdrawal: Withdraw consent for any data processing activity that requires it.

To exercise these rights, contact us at privacy@counzel.ai.

  1. Data Sharing

We do not share or sell data with third parties. Data access is restricted to Counzel.ai’s internal teams, and all third-party service providers undergo rigorous security audits to ensure data privacy. Our main service providers include:

  • Microsoft Azure: For secure data storage and hosting within the EU.
  • Additional AI Providers: In rare cases, if EU servers are inaccessible, data may be processed temporarily by non-EU providers. However, data processed outside the EU is not retained.
  1. International Data Transfers

While we prioritize using EU-based providers, there may be rare instances where non-EU providers are engaged due to technical requirements. In such cases, data is processed temporarily, without retention, to ensure minimal privacy risk. All non-EU providers comply with GDPR safeguards, including standard contractual clauses.

  1. Changes to this Privacy Policy

As our platform and services evolve, we may update this Privacy Policy. We encourage you to review this Policy periodically to stay informed about our data practices. Any significant changes will be communicated directly through our platform.