AlphaDrafts
Last updated: September 2025

AALPHADRAFTS – PRIVACY POLICY

This Privacy Policy explains how Visionary Insights ("we", "us", "our") collects, uses, shares, and protects personal data when you use AlphaDrafts (the "Service"). It also describes your rights and choices. Where we act as a processor for institutional customers, we process personal data according to our Data Processing Addendum (DPA).

1. Who We Are (Controller)

Visionary Insights Contact: principal@visionaryinsights.co

2. Scope

This Policy applies to personal data we collect online (website, app, integrations) and offline where we link to it. It does not apply to third‑party services that you connect to the Service.

3. What We Collect

A. Account & Profile Data: name, email, password, institution/role, billing details (for paid plans), preferences.

B. Usage Data: app interactions, features used, device identifiers, IP address, approximate location (country/region), logs, crash and performance data, and cookies.

C. Customer Content: prompts, documents, instructions, feedback, and AI outputs you generate.

D. Support & Communications: messages to support, survey responses, marketing preferences.

E. Integrations: if you connect third‑party services (e.g., cloud drives, reference tools), we receive tokens/metadata necessary to enable the integration.

F. Children/Students: We do not knowingly collect personal data from children under 13. In the EEA/UK we do not knowingly allow users under 16 without appropriate consent obtained by an institution.

4. How We Use Data (Purposes & Legal Bases)

– Provide and secure the Service (perform contract; legitimate interests).

– Process prompts and generate outputs via third‑party AI providers (perform contract; legitimate interests).

– Prevent abuse, fraud, and security incidents; enforce terms (legitimate interests; legal obligations).

– Improve the Service, quality, and safety (legitimate interests). We do not use Customer Content to train our own models without your explicit opt‑in.

– Communicate with you (service communications; consent for marketing).

– Personalize the experience (legitimate interests; consent where required).

– Comply with laws and respond to lawful requests (legal obligations).

5. AI Providers & Training

We use third‑party AI providers (currently OpenAI) to process prompts and generate outputs as our processors/subprocessors. By default, these providers state that they do not use API/enterprise data to train their models. We do not allow providers to use Customer Content for model training unless (i) you or your organization opt in and (ii) such use is reflected in a written agreement.

6. Cookies & Similar Technologies

We use cookies and local storage for authentication, preferences, analytics, and abuse prevention. Where required, we will present consent banners and honor Global Privacy Control (GPC) and similar signals.

7. Sharing

We share personal data with:

– Service providers and subprocessors (hosting, AI models, analytics, payments, email).

– Administrators of organization accounts (access, audit, and management).

– Successors in interest (merger, acquisition) with appropriate safeguards.

– Authorities or others when required by law or to protect rights, safety, and security.

We do not sell personal information. We do not share it for cross‑context behavioral advertising without an opt‑out where required by law.

8. International Transfers

We operate globally. Where we transfer personal data internationally, we use appropriate safeguards such as the EU Standard Contractual Clauses and the UK Addendum. For Nigeria, transfers are made in accordance with the Nigeria Data Protection Act, 2023 and NDPC guidance.

9. Security

We implement administrative, technical, and physical measures appropriate to the risk, such as encryption in transit, access controls, logging/monitoring, and secure development practices. No system is perfectly secure.

10. Global Privacy Commitment

10.1 We apply the EU General Data Protection Regulation (GDPR) as our global privacy baseline, ensuring core rights for all users worldwide.

10.2 Where local laws (e.g., U.S. state privacy laws) provide additional rights, we comply with those as well.

11. Your Rights

A. EEA/UK (GDPR): rights to access, rectification, erasure, portability, restriction, objection, and to lodge a complaint with your supervisory authority. Where processing is based on consent, you may withdraw consent at any time. mandated.

B. California (CCPA/CPRA): rights to know/access, delete, correct, opt‑out of sale/sharing, and limit use of sensitive personal information. We honor GPC signals.

C. Virginia, Texas, and other U.S. state laws: we provide required disclosures and rights (access, correction, deletion, portability, and opt‑out of targeted advertising, sale, or profiling where applicable).

Requests: Email us at pricipal@visionaryinsights.co We will verify your identity before responding.

12. Student Data & Institutional Accounts

When an educational institution provisions accounts or enables integrations, we process personal data under the institution's instructions and DPA. We offer admin controls, audit logs, and data location/transfers information upon request. Student accounts should be created by the institution where consent is required by law.

13. Children

The Service is not directed to children under 13. If we learn that a child under 13 (or under 16 in the EEA/UK without appropriate consent) has provided personal data, we will delete the account and data.

14. Do Not Track / GPC

We do not respond to browser "Do Not Track" signals, but we honor Global Privacy Control for opt‑out of sale/sharing where required.

15. Automated Decision‑Making

We do not make solely automated decisions that produce legal or similarly significant effects on individuals without providing required notices and rights.

16. Changes

We may update this Policy. We will post changes with an updated "Last updated" date and notify you of material changes as required by law.