How We Handle Your Data

1 About careinteli AI

• careinteli AI is a Software-as-a-Service (SaaS) platform that provides AI-powered knowledge assistants, document search, and automation tools to businesses.
• The platform is operated by careinteli AI and its owner(s) ("we", "us", "our").
• This Privacy Policy describes how we collect, use, store, and protect data submitted to or generated by the platform.
• Continued use of the platform indicates your acknowledgement of this Policy. If you do not accept it, stop using the platform immediately.

2 Data We Collect

• Account data: Name, email address, organisation name, and role — collected at registration or via your identity provider.
• Document data: Files, PDFs, text, and other content you upload to the platform for AI processing and knowledge retrieval.
• Query data: Questions, prompts, and conversations you submit to AI assistants.
• Usage data: Log entries, IP addresses, browser/device metadata, feature usage telemetry, and error traces — collected automatically for platform operation and debugging.
• AI evaluation data: Test queries, expected answers, and evaluation results where you use training or evaluation features.
• Authentication tokens: OAuth 2.0 access tokens and session tokens issued by your identity provider — held in memory or secure storage for the duration of your session only.

3 Authentication & Identity

• OAuth 2.0 / OpenID Connect: OAuth 2.0OIDC All user authentication is delegated to Auth0 (or a configured enterprise identity provider). careinteli AI never sees or stores your password.
• JSON Web Tokens (JWT): JWT Upon successful login, a signed JWT is issued. Every API request to the backend is validated against this token's signature and expiry — unauthenticated requests are rejected outright.
• Token expiry & rotation: Access tokens are short-lived. Refresh tokens are used to obtain new access tokens without requiring re-login. Both are invalidated on logout.
• Role-based access control (RBAC): User roles and permissions are embedded in tokens and enforced server-side. Users can only access data and features their role permits.
• Multi-tenant isolation: Each organisation (tenant) operates within a hard-isolated data partition. Cross-tenant data access is architecturally prevented at the API layer.

4 Encryption & Data Protection

• Encryption in transit: TLS 1.2+HTTPS All communication between your browser/client and our servers uses TLS-encrypted HTTPS. Plain HTTP connections are rejected or redirected.
• Encryption at rest: AES-256 Documents, embeddings, database records, and blob storage objects are stored on cloud infrastructure that applies AES-256 encryption at the storage layer.
• Vector & document stores: Document embeddings and extracted content are stored in encrypted managed databases. Access is restricted to authorised backend services only via private networking.
• Secrets management: API keys, service credentials, and encryption keys are stored in environment-level secret stores (e.g., cloud key vault / secrets manager) — never in source code or plain text configuration.
• Blob/object storage: Uploaded files are stored in encrypted cloud blob storage with private access policies. Public access is disabled by default.
• Audit logging: Access to sensitive data and administrative actions are logged for audit purposes. Logs are retained for a minimum of 90 days.

5 Cloud Infrastructure & Third Parties

• Cloud provider: The platform is hosted on major cloud infrastructure (Microsoft Azure, AWS, or equivalent). Data may be stored in cloud regions as configured by the deployment.
• AI model providers: Queries submitted to AI assistants may be processed by third-party large language model (LLM) APIs. These providers have their own privacy and data-use policies which apply independently.
• Authentication provider: Auth0 (or configured enterprise IdP) processes authentication events. Their data handling is governed by their own privacy policy.
• No data sold: careinteli AI does not sell, rent, or trade your data to any third party for commercial purposes.
• Sub-processors: We may share data with sub-processors (cloud, AI, monitoring services) strictly as necessary to operate the platform. We require sub-processors to maintain appropriate security standards.
• No control over downstream cloud: Once data is handed to cloud infrastructure providers for storage or processing, it is subject to their infrastructure-level controls which are beyond careinteli AI's direct oversight.

6 Data Retention & Deletion

• Uploaded documents and associated embeddings are retained for as long as your account is active or until you explicitly delete them.
• Conversation/query history is retained to support search, audit, and re-evaluation features. You may request deletion at any time.
• Upon account termination, your data will be scheduled for deletion from active systems within 30 days. Residual copies in backups may persist for up to 90 days before being purged.
• Usage logs and telemetry are retained for up to 12 months for operational and security analysis, then purged.
• careinteli AI does not guarantee complete erasure of data that has been processed by third-party AI model providers, as their data handling is governed independently.

7 Your Rights & Choices

• Access: You may request a summary of the data careinteli AI holds about you by contacting us at admin@careinteli.ai.
• Deletion: You may request deletion of your account and associated data at any time. Requests will be processed within 30 days subject to legal or operational retention obligations.
• Correction: If you believe data we hold about you is inaccurate, contact us to request correction.
• Portability: Where technically feasible, we will provide your data in a machine-readable format upon request.
• Opt-out of telemetry: Contact us to discuss options to limit usage telemetry collection. Note that some telemetry is essential for platform security and operation and cannot be disabled.

8 No Security Guarantees & Limitation of Liability

• Best-effort only: All security measures described in this Policy are applied on a best-effort basis. careinteli AI does not warrant or guarantee that data will be fully secure, that breaches will not occur, or that data will not be lost.
• Cloud beyond our control: Data stored in cloud infrastructure is subject to the security practices of those providers. careinteli AI is not liable for breaches, outages, or data loss caused by cloud infrastructure providers.
• No liability for breaches: In the event of a data breach, careinteli AI's liability is limited as described in the Terms of Use. Specifically, the maximum aggregate liability is limited to USD $1 or amounts paid in the prior 30 days.
• No guarantee of availability: We do not guarantee uninterrupted or error-free service. Scheduled or unscheduled downtime may result in temporary unavailability of your data.
• AI processing risks: Data submitted to AI models may be used to generate responses in ways that are unpredictable. Do not submit sensitive, regulated, or confidential data unless you have specifically confirmed the platform is configured to handle it.

9 Cookies & Session Tracking

• careinteli AI uses strictly necessary session cookies and browser local storage to maintain your authenticated session.
• We do not use third-party advertising cookies or tracking pixels.
• Auth0 may set cookies as part of the authentication flow; these are governed by Auth0's cookie policy.
• You may disable cookies in your browser, but doing so will prevent you from logging in or using the platform.

10 Changes to This Policy

• careinteli AI reserves the right to update this Privacy Policy at any time without prior notice.
• The "Last updated" date at the top of this page reflects the most recent revision.
• Continued use of the platform after changes constitutes acknowledgement of the updated Policy.
• For material changes affecting how your data is processed, we will attempt to notify users via email or in-app notification where reasonably practicable — but this is not guaranteed.