Privacy Policy

Effective Date: January 6, 2025

1. Introduction
AskTuring is committed to protecting your privacy and maintaining the confidentiality of your data. As a secure AI document intelligence platform, privacy and data protection are fundamental to our service. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our website, platform, and services (collectively, the “Service”).
Our Core Privacy Commitment: We operate under a Zero Data Retention (ZDR) philosophy for AI training—we never use your documents, queries, or conversations to train any AI models, whether our own or third-party models.

2. Information We Collect
2.1 Account Information

• Registration Data: Name, email address, company information, and billing details
• Authentication Data: Login credentials, security settings, and access logs
• Profile Information: User preferences, team roles, and account settings

• Documents: Files you upload to create indexes (PDFs, Word docs, presentations, etc.)
• Queries: Questions and prompts you submit to the AI models
• Conversations: Chat history and AI-generated responses
• Custom Data: Semantic maps, glossaries, and custom terminology you define

• Platform Activity: How you interact with features, frequency of use, and session duration
• Technical Data: IP addresses, browser type, device information, and operating system
• Performance Data: Response times, error logs (without sensitive content), and system metrics

• Support Interactions: Messages, tickets, and feedback you send us
• Marketing Communications: Email engagement data (opens, clicks) if you opt in
• Email-to-Index Content: Documents sent via our email-to-index feature

• Document Processing: Vectorizing and indexing your uploaded documents
• AI Interactions: Facilitating secure communication with third-party AI models
• Search and Retrieval: Enabling precise document-based responses to your queries
• Collaboration: Supporting team features and shared workspaces

• Account Management: Maintaining your account, processing payments, and providing support
• Security: Protecting against unauthorized access, fraud, and abuse
• Performance Optimization: Improving platform reliability and response times
• Compliance: Meeting legal and regulatory requirements

• Service Updates: Notifying you of important changes, maintenance, or new features
• Marketing: Sending promotional content about our services (opt-out available)
• Support: Responding to your inquiries and providing assistance

• No AI Training: Your content is never used to train, improve, or develop any AI models
• Transient Processing: When using third-party AI models, your data is processed temporarily and immediately deleted from their systems
• Complete Data Isolation: Your documents and conversations are stored separately from other users’ data
• User Control: You maintain full ownership and control over all your content

• Secure Transmission: We encrypt all data sent to external AI providers (Claude, ChatGPT, Gemini)
• No Persistence: Third-party models process your queries without storing them
• Privacy Compliance: We select providers committed to privacy and data protection
• Contractual Protection: Our agreements with AI providers include strict data handling requirements

• Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3
• Secure Infrastructure: SOC 2 compliant hosting with enterprise-grade security controls
• Access Controls: Role-based permissions and multi-factor authentication
• Network Security: Firewall protection, intrusion detection, and secure communications

• Limited Access: Only authorized personnel can access user data, and only when necessary
• Data Minimization: We collect and retain only the information needed to provide our services
• Regular Audits: Ongoing security assessments and compliance monitoring
• Incident Response: Established procedures for detecting and responding to security events

• SOC 2 Type II: Annual third-party audits of our security controls
• GDPR: Full compliance with European data protection regulations
• CCPA: California Consumer Privacy Act compliance
• HIPAA: Available for customers requiring healthcare data protection
• GLBA: Financial data protection compliance when applicable

• Service Providers: Trusted vendors who help us operate our platform (hosting, payment processing, customer support) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government request
• Safety and Security: To protect rights, property, or safety of AskTuring, our users, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection commitments)
• With Your Consent: When you explicitly authorize us to share information

7. Your Privacy Rights and Choices
7.1 Access and Control

• View Your Data: Access all personal information we have about you
• Update Information: Modify your account details and preferences at any time
• Download Content: Export your documents, conversations, and data
• Delete Content: Remove specific documents, conversations, or your entire account

• Marketing Opt-Out: Unsubscribe from promotional emails at any time
• Notification Settings: Control which service-related communications you receive
• Email-to-Index Control: Enable or disable email document uploads per index

• Right to access, rectify, erase, restrict processing, and data portability
• Right to object to processing and withdraw consent
• Right to file complaints with supervisory authorities

• Right to know what personal information is collected and how it’s used
• Right to delete personal information
• Right to opt out of sale (though we don’t sell data)
• Right to non-discrimination for exercising privacy rights

• Account Data: Retained while your account is active and for 90 days after closure
• Content: Your documents and conversations are kept until you delete them or close your account
• Usage Logs: Technical logs are retained for 12 months for security and performance analysis
• Support Communications: Kept for 3 years to provide ongoing support

• Inactive Accounts: Free accounts inactive for 12 months may be deleted with prior notice
• Temporary Data: Session data and API logs are automatically purged according to our ZDR policy
• Third-Party Processing: Data sent to AI models is immediately deleted after processing

9. International Data Transfers
AskTuring operates globally and may transfer your information to countries outside your residence. We ensure adequate protection through:

• Adequacy Decisions: Transferring to countries with adequate privacy protection
• Standard Contractual Clauses: Using EU-approved data transfer mechanisms
• Certification Programs: Participating in recognized privacy frameworks

11. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will:

• Notify Users: Email active users about material changes
• Post Updates: Display the new policy on our website with the effective date
• Maintain Archives: Keep previous versions available for reference
• Grace Period: Provide 30 days’ notice before material changes take effect

• Identity Verification: We may request verification before processing privacy requests
• Response Time: Most requests fulfilled within 30 days
• No Cost: Privacy requests are processed free of charge

• California Privacy Rights: https://oag.ca.gov/privacy
• U.S. Federal Trade Commission: https://www.ftc.gov/tips-advice/business-center/privacy-and-security
• European Data Protection Board: https://edpb.europa.eu/edpb_en

13.2 Security Certifications
Current security attestations and certifications are available upon request to enterprise customers.