This Privacy Policy (hereinafter referred to as the “Policy”) aims to clarify the manner, scope, and rights and protections of the user’s personal information collected, used, stored, transmitted, and disclosed by the EarMe AI Software (hereinafter referred to as the “Software”), and applies to all users who use the Software (hereinafter referred to as the “Users”). This Policy strictly adheres to the International General Privacy Protection Principles and related regulations (including, but not limited to, the European Union‘s General Data Protection Regulation (GDPR), the U.S. California Consumer Privacy Act (CPRA), the ISO/IEC 29100:2024 privacy framework, etc.), ensures the security of users‘ personal information and their legitimate rights, ensures data processing behavior is transparent, compliant, and controllable, practices the core philosophy of “Privacy-by-Design,” and prevents any infringing data processing behavior.
If users use this Software, it is considered that they have fully read, understood, and agreed to all the terms of this Policy; if users do not agree with this Policy, they should immediately stop using this Software. This Policy may be revised at any time in accordance with legal and regulatory updates, software functionality iteration, and privacy protection needs. After the revisions, users will be notified through this Software pop-up windows, notifications, etc., and the revised terms will take effect from the date of notification. Users‘ continued use of this Software is considered to accept the revised Policy.
1. Definition and scope
1.1 Core Definitions
1.1.1 Personal Information: Means information that can identify a specific natural person individually or in combination with other information (i.e., internationally common personal identifiable information PII), including but not limited to names, email addresses, device information, AI interaction records, speech data, biometrics (such as voice imprints, if applicable), etc., conforming to the GDPR‘s definition of personal information.
1.1.2 Non-Personal Information: Means information that cannot identify a specific natural person, including but not limited to software usage statistics, device information after anonymizing processing, aggregate interaction data, de-identifying data required for AI model optimization, etc., which cannot be restored to personally identifiable information after processing.
1.1.3 Data Controller: Means the entity responsible for determining the purpose and method of processing personal information, i.e., this Software operator, who bears the primary responsibility for data protection, conforms to the requirements defined by the GDPR for data controllers, and needs to fulfill accountability obligations for data processing.
1.1.4 Third-Party Services: Means services provided by third parties that are integrated or linked to this Software, including but not limited to third-party cloud services, data analysis services, speech recognition services, etc., whose privacy policies are determined independently by third parties, and operators are not responsible for protecting the privacy of third-party services.
1.2 Applicability Scope
1.2.1 This Policy applies to the entire process of users using all features and services of this Software, including but not limited to all actions such as software download, installation, registration, login, AI interactions, feature settings, feedback suggestions, etc., covering all service scenarios such as AI voice interactions, text interactions, etc.
1.2.2 This Policy does not apply to third-party services. Third-party services are solely responsible for their information processing behavior. Users should carefully read their privacy policies and understand their data collection and usage rules when using third-party services.
2. Information Collection and Acquisition
2.1 Collecting Principles
2.1.1 Legitimacy Principles: Collect user personal information only under statutory circumstances such as obtaining the user‘s explicit consent, fulfilling contractual obligations or based on legitimate interests, strictly following the requirements of Article 6 of the GDPR regarding the legal basis for data processing, preventing covert collection, default check, etc. violations.
2.1.2 Minimum Required Principle: Collect only the personal information necessary to realize the core functions of this Software AI interaction and related services, do not collect information that is not functional, distribute authorization requests as needed, avoid excessive collection, and ensure that the scope of data collection is highly aligned with the purposes of use.
2.1.3 Transparency Principles: Clearly inform users of the purpose, scope, method, and use of information collected, adopt clear and understandable statements, avoid vague descriptions, ensure that users are aware and have the freedom to choose whether to provide it, and comply with the requirements of Article 12 of the GDPR regarding information disclosure.
2.2 Types and Methods of Information Collected
2.2.1 Registration and Login Information: When users register or log in to this Software, they can choose to register via email, and we will collect the email address provided by the user for account verification, password recovery, and service notifications; if the user logs in through a third-party account (such as Google, Apple ID, etc.), we will obtain the basic information provided by that third-party account (such as account ID, nickname), used to complete login verification, without collecting other privacy information from the third-party account.
2.2.2 Device Information: In order to ensure the proper operation of the Software, optimize the AI interaction experience and ensure the security of the account, we will automatically collect device information from users using this Software, including but not limited to the device model, operating system version, device unique identifier (such as IMEI, MAC address), device storage capacity, network type, IP address, etc. This information is used only for software adaptation, AI functionality optimization and security protection.
2.2.3 AI Interaction Information: When users use this Software AI interaction features (including voice interactions, text interactions, etc.), we will collect relevant interaction information, including but not limited to user input text, voice data, interaction instructions, AI response records, usage duration, interaction preferences, etc., for the purpose of optimizing AI models, improving the accuracy of interactions, and providing personalized AI services to users. Voice data will be processed in an encrypted manner to prevent information disclosure.
2.2.4 Other Information: User feedback, complaint information, consultation content, etc. provided to this Software by the user will be collected and used for troubleshooting, service improvement and functionality optimization, not for other unrelated purposes, and will be promptly recorded and properly stored after collection.
3. Information Usage
3.1 Purpose of Use
3.1.1 Provide Core Services: Use the collected information to provide users with the core functions of this Software, such as AI interactions, account management, feature settings, feedback responses, etc., to ensure the proper operation of the service, meet the users‘ AI interaction needs, and ensure the smoothness and accuracy of the interaction process.
3.1.2 Optimize the AI experience: Based on user interaction information and usage preferences, adopt technologies such as differential privacy to optimize AI model algorithms and interaction logic, improve the accuracy and smoothness of AI responses, and provide personalized AI interaction services, while avoiding the disclosure of individual user‘s specific preference information.
3.1.3 Ensure Account Security: Identify abnormal login behavior, malicious operations, prevent account theft, fraud, and other risks through device information, network information, etc., ensure the security of user accounts and personal information, and establish complete operation logs for security auditing.
3.1.4 Service Notifications and Improvements: To send software update notifications, account security alerts, service-related announcements, etc., through user-provided email; to utilize the collected feedback information, usage data, to fix software vulnerabilities, improve functionality defects, and improve service quality, in compliance with the GDPR accountability requirements.
3.2 Usage Restrictions
3.2.1 Not exceeding collection purposes: Use of user personal information only within the scope of the clear use purposes of this Policy, not for purposes unrelated to this Software AI interaction services, strict prohibition on processing data beyond the legally authorized scope, if necessary to extend the scope of use, explicit consent will be obtained separately from the user.
3.2.2 Anonymization Processing: After the user‘s personal information is anonymized and de-identified, it can be used for AI model training, statistical analysis, service optimization, etc. This class of anonymized data does not have the ability to identify the user and will not be re-identified, conforming to the GDPR requirements regarding data use.
4. Information Storage
4.1 Storage locations: User personal information will be stored on servers that comply with international privacy protection standards. Storage locations include, but are not limited to, regions such as the European Union, the United States, etc. Data residency requirements are strictly followed, ensuring that European Union user data is stored within the European Union, California user data complies with the CPRA storage standards, and all storage servers are equipped with comprehensive security measures.
4.2 Storage period: User personal information will be stored only for the period necessary to fulfill the purposes of use stipulated in this Policy. After the period is exceeded, user personal information will be deleted or anonymized in accordance with international common standards and the requirements of relevant laws and regulations, following the “minimum necessary” storage principle.
4.2.1 Account Information: When a user‘s account is in an active state, its account information will be continuously stored; after a user signs out of their account, all account-related information will be deleted or anonymized within 15 business days.
4.2.2 Interactive Information: The storage period does not exceed 18 months. After the period is exceeded, it will be automatically deleted or anonymized. If the user explicitly requests the deletion, it will be processed immediately to ensure that the data storage does not exceed the required period.
4.3 Storage security: Adopting internationally advanced encryption technologies (including, but not limited to, AES-256 encryption, SSL/TLS transmission encryption, and end-to-end encryption), encrypting the storage and transmission of user personal information to prevent risks such as information leakage, tampering, and loss; establishing a well-established security management system, adopting role-based access control (RBAC) to restrict internal personnel‘s access to user information, conducting regular security audits and vulnerability detection, conforming to the ISO/IEC 29100:2024 privacy framework and ISO/IEC 27001 information security management system requirements.
5. Information Transfer and Disclosure
5.1 Information Transfer: The transfer of the user‘s personal information will employ cryptographic technology to ensure the security of the information during the transfer process; only when necessary for the implementation of this software service, the transfer will take place between servers that comply with international privacy protection standards, cross-border transfers will strictly comply with the legal and regulatory requirements of the relevant region, ensuring compliance with data sovereignty.
5.2 Information Disclosure: We will strictly protect the user‘s personal information and will not disclose the user’s personal information to any unrelated third parties, except in the following circumstances:
5.2.1 Obtaining the User‘s Explicit Consent: Under the User‘s explicit authorization, disclose relevant information to the third party designated by the User, and disclose only the information necessary to achieve the authorization purposes, and keep a user authorization record.
5.2.2 Enforcement of statutory obligations: Disclosure of user personal information in accordance with relevant international laws and regulations, judicial or administrative authorities‘ requirements, coordination with relevant enforcement activities, and ensuring compliance responses.
5.2.3 Ensuring the proper operation of services: Disclosure of necessary user information to third parties providing services such as technical support, server hosting, AI model optimization, data analysis, etc. for this Software (such third parties have signed a privacy protection agreement, committed to strictly protecting user information, and are used only to provide services for this Software, subject to the control of the operator).
5.2.4 Anonymization Disclosure: After anonymizing and de-identifying the user‘s personal information, such data may be disclosed to third parties for purposes such as AI technology research and statistical analysis, and does not involve any personally identifiable information.
6. User Rights
6.1 Information Rights and Access Rights: Users have the right to access their personal information, including account information, interaction records, usage behavior information, etc., which can be accessed through the “Personal Center - Privacy Settings” feature of this Software. We will provide the query service free of charge, in compliance with the GDPR and CPRA access rights requirements.
6.2 Correction Right: If users discover that their personal information is incorrect or incomplete and have the right to request correction, they can apply for correction through this Software feedback channel or by contacting Customer Service email. We will review and process the request within 5 working days.
6.3 Right to deletion: Users have the right to request the deletion of their personal information, which can be requested through the “Personal Center - Privacy Settings” of this Software, or by contacting Customer Service email application. We will complete the deletion or anonymization processing within 15 working days (except as otherwise stipulated by law and regulations), in accordance with the CPRA “right to oblivion” requirements.
6.4 Right to withdraw consent: Users have the right to withdraw their consent to the collection and use of personal information by the Software. Users can disable the right to collect such information through the Software‘s “Personal Center - Privacy Settings”. After withdrawing consent, the Software will no longer collect such information, but this does not affect the legal use of the information collected before the withdrawal.
6.5 Right to Complaint: If a user believes that the information processing behavior of this Software violates their privacy rights, we will respond to and handle complaints via customer service email as stipulated in this Policy within 7 working days.
7. Third-party service descriptions
7.1 This Software may integrate or link to third-party services, including but not limited to third-party cloud services, data analysis services, speech recognition services, etc., third-party services may collect information related to users for use in providing their own services, and third parties must follow the same privacy protection standards as this Software.
7.2 This Software provides only links or integration entrances to third-party services. It does not control the information collection behavior of third-party services. The privacy policies of third-party services are determined by themselves. When users use third-party services, they should carefully read their privacy policies and understand their information collection and usage rules.
7.3 If users do not consent to third-party services collecting their information, they can choose not to use those third-party services, or by disabling information collection permissions through the settings of the third-party services themselves, which may affect the normal use of the relevant features.
8. Contact and Dispute Resolution
8.1 Contact: If you have any questions, suggestions or complaints regarding this Privacy Policy, please contact us via the following email address: vasilache@coenergiaalternativesrl.com. We will respond to your inquiries, suggestions or complaints within 7 working days and promptly address the relevant issues to safeguard your legitimate rights and interests.
8.2 Dispute Resolution: The establishment, execution, interpretation, and dispute resolution of this Policy are governed by the principles of international law and relevant international conventions; any dispute arising between users and the operating parties of this Software due to this Policy should be resolved first through friendly negotiation; if negotiation fails, any party has the right to apply for arbitration with a neutral international arbitration body, and the arbitration ruling is a final ruling that is binding on both parties and avoids compliance risks due to jurisdiction issues.