PRIVACY POLICY

1.OVERVIEW

This Privacy Policy ("Policy") describes how Eleveight AI CJSC ("Company", "we", "us", "our"), a company incorporated in the Republic of Armenia, collects, uses, processes, stores, and discloses personal data in connection with its cloud infrastructure, computing, storage, networking, and related services (the "Services").

This Policy applies globally and is designed to comply with applicable data protection laws, including the Law of the Republic of Armenia on Protection of Personal Data, the General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable, and other relevant international privacy laws depending on the jurisdiction of the user or processing activity.

2.DEFINITIONS

"Customer" means any entity using the Services. "Customer Content" means any data uploaded, stored, or processed through the Services by or on behalf of a Customer. "Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data. "Subprocessor" means any third-party engaged by the Company to process Personal Data on its behalf.

3.CATEGORIES OF PERSONAL DATA WE PROCESS

3.1 Information Provided by Users

We may collect:

• Full name and contact details (email, phone number)
• Professional information (job title, company)
• Account credentials and authentication data
• Billing and payment information
• Communications (support requests, emails, chats)
• Any other information voluntarily provided

3.2 Automatically Collected Technical Data

When using the Services, we automatically collect:

• IP addresses and network identifiers
• Device, browser, and operating system information
• System logs, timestamps, and diagnostic data
• Infrastructure usage metrics (compute, storage, networking)
• Performance data (latency, uptime, errors)
• Configuration and deployment metadata

3.3 Customer Content

We process Customer Content strictly on behalf of the Customer and in accordance with documented instructions.

We do NOT access or use Customer Content except where strictly necessary to:

• Provide and maintain the Services
• Ensure security, integrity, and availability
• Comply with legal obligations
• Follow documented instructions from the Customer

We do NOT use Customer Content for training machine learning or artificial intelligence models.

3.4 Identity Verification (KYC / Compliance)

Where required, we may collect:

• Identity verification documents
• Proof of authority or representation
• Corporate due diligence information

3.5 Data from Third Parties

We may receive Personal Data from:

• Payment service providers
• Identity verification providers
• Fraud prevention services
• Public or regulatory sources

4.PURPOSES OF PROCESSING

We process Personal Data for:

4.1 Service Provision

• Providing cloud infrastructure services
• Managing accounts and access control
• Processing payments and subscriptions

4.2 Service Operations

• Monitoring performance and reliability
• Scaling, optimization, and diagnostics

4.3 Security and Abuse Prevention

• Detecting unauthorized access and misuse
• Preventing fraud and maintaining security logs

4.4 Legal Compliance

• Complying with Armenian law and other applicable legal obligations
• Responding to lawful requests from authorities

4.5 Communications

• Service-related notifications
• Support communications

4.6 Business Analytics

• Improving Services
• Internal reporting and analytics

4.7 Marketing (where permitted)

• Product updates and promotional communications subject to applicable consent requirements

5.LEGAL BASES FOR PROCESSING

We process Personal Data based on:

• Performance of contractual obligations
• Compliance with legal obligations (including Armenian law)
• Legitimate interests (security, operations, service improvement)
• Consent, where required under applicable law

6.DATA SHARING AND DISCLOSURE

We may share Personal Data with:

6.1 Service Providers

Infrastructure, payment processing, analytics, monitoring, and security providers.

6.2 Affiliates

Within our corporate group for operational purposes.

6.3 Customers

Where Services are provided through an organization, that organization may access relevant data subject to applicable agreements.

6.4 Legal Authorities

Where required by applicable law or to protect rights, safety, or security.

6.5 Business Transfers

In connection with mergers, acquisitions, or restructuring.

6.6 Subprocessors

We may engage Subprocessors to support Service delivery. We ensure Subprocessors are bound by contractual obligations providing an adequate level of data protection consistent with this Policy and applicable laws.

7.INTERNATIONAL DATA TRANSFERS

As a global cloud provider, Personal Data may be processed in multiple jurisdictions, including the Republic of Armenia and other countries where our infrastructure or service providers operate.

Where required, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) for EU/EEA data
• Encryption of data in transit and at rest
• Access control and security measures
• Other safeguards required under applicable law

8.DATA RETENTION

We retain Personal Data only as long as necessary for:

• Service provision
• Legal and regulatory compliance
• Dispute resolution
• Enforcement of agreements

Retention periods depend on data type and legal requirements:

• Account data: duration of service relationship plus reasonable retention period
• Logs: limited retention for security and diagnostics
• Billing data: retention as required by tax and accounting laws
• KYC data: retention as required under applicable compliance obligations

Customer Content retention is governed by Customer instructions and contractual agreements.

9.COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for:

• Authentication and session management
• Security purposes
• Analytics
• Service functionality
• Marketing (where permitted)

Cookies may be categorized as:

• Strictly necessary
• Functional
• Analytics
• Marketing

Users may control cookies via browser settings or consent management tools.

10.SECURITY

We implement appropriate technical and organizational security measures, including:

• Encryption
• Identity and access management
• Network monitoring and intrusion detection
• Regular security testing and audits

While we take strong security measures, no system can be guaranteed to be completely secure.

11.DATA SUBJECT RIGHTS

Depending on applicable law, individuals may have rights to:

• Access their Personal Data
• Rectification of inaccurate data
• Erasure of data
• Restriction of processing
• Objection to processing
• Data portability
• Withdrawal of consent (where applicable)

We may limit these rights where necessary to comply with legal obligations, security requirements, or legitimate business purposes.

Requests may be submitted to: [email protected]

We may require verification of identity before responding.

12.THIRD-PARTY SERVICES

Third-party services are governed by their own privacy policies. We are not responsible for their practices.

13.CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from minors. If such data is discovered, it will be deleted promptly.

14.REGIONAL PROVISIONS

Depending on jurisdiction, additional rights may apply under:

• Law of the Republic of Armenia on Protection of Personal Data
• GDPR (EU/EEA), where applicable
• Other applicable data protection laws

15.CHANGES TO THIS POLICY

We may update this Policy from time to time. Material changes will be communicated through appropriate channels.

16.CONTACT INFORMATION

Eleveight AI CJSC

1/31 Azatutyan Avenue, Yerevan 0037, Republic of Armenia

Email: [email protected]