<aside>

🔒 Learn how we handle your data and keep it secure—our full data and security policy is right here.

</aside>

Last Update: August 28, 2024

1. Introduction

At HalfSerious, we are dedicated to ensuring the highest level of data security and privacy throughout the entire data lifecycle—from collection to destruction. This Data & Security Policy outlines the comprehensive practices we have implemented to safeguard the data you entrust to us. Our policies are meticulously designed to comply with relevant data protection regulations, including Quebec’s Law 25 and PIPEDA, as well as applicable international standards where necessary. We align our practices with recognized industry frameworks such as NIST to ensure that we meet or exceed current best practices.

2. Data Collection and Use

What types of data will we collect from clients?

Our solution collects only the minimal personally identifiable information (PII) necessary for user authentication and system functionality. Specifically, we may collect and store user names and email addresses provided by our authentication provider to facilitate secure access through Single Sign-On (SSO). We do not collect or store additional personal information beyond what is essential for this purpose. Additionally, we may gather anonymized data for operational purposes, such as system optimization and security monitoring, ensuring that any data collected is used strictly to enhance the security and performance of our services.

For what purposes will the collected data be used?

The primary use of the collected data is to facilitate secure user authentication and ensure the efficient operation of our systems. Specifically, user names and email addresses are used to manage access and maintain the integrity of our services.

Secondary uses of the data may include:

• User Support and Communication: Using contact information, such as email addresses, to provide support, send important notifications, and communicate updates or changes related to the service.
• Compliance and Legal Obligations: Retaining data as necessary to comply with legal obligations, respond to lawful requests from public authorities, or for the purposes of auditing and reporting.
• Service Improvement: Analyzing anonymized data trends to improve and develop new features, enhance user experience, and refine the overall functionality of our systems.
• Security Enhancements: Employing collected data to detect, prevent, and respond to security incidents, including unauthorized access attempts and potential threats.

3. Data Storage and Retention

Where will client data be stored?

Client data will be stored on secure servers located in jurisdictions that align with both operational requirements and applicable data protection regulations. Depending on the client's specific needs and the availability of services, data may be stored in Canada or other regions. All data storage locations are carefully selected to ensure compliance with relevant legal and regulatory standards, and we provide transparency regarding data residency to meet any jurisdictional requirements.

What are our data retention policies?

Data, including all prompts and generated content, is securely stored by Azure OpenAI services for up to thirty (30) days, primarily for abuse monitoring and compliance with legal and regulatory requirements. Azure OpenAI does not use this data to train, retrain, or improve any models. Additionally, we retain certain client data necessary for our operational needs, which includes user names, email addresses, and other relevant data required for authentication and service functionality.