PRIVACY POLICY
Last Updated: March 29, 2026
1. Introduction and Scope
This Privacy Policy ("Policy") explains how AI-GADETS, Inc. ("Company," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal data through our software-as-a-service (SaaS) platform that provides real estate and currency investment opportunity evaluation tools (the "Service").
This Policy applies to:
•Users who access our platform directly•Customers who use our Service through their own applications or integrations•Visitors to our website and affiliated online properties•Any other individuals whose data we process in connection with the Service
Please read this Policy carefully. By accessing or using AI-GADETS, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by it. If you do not agree with our practices, please do not use our Service.
2. Information We Collect
We collect personal data in the following categories:
2.1 Account and Registration Information
When you create an account, we collect:
•Name and contact information (email address, phone number)
•Company name and business details
•Account credentials (username, password)
•Billing and payment information
•Subscription tier and service preferences
•Your role and authorization level within your organization
2.2 Investment and Financial Data
To provide our evaluation services, we collect and process:
•Real estate property details (address, acquisition price, property type, condition, market comparables)•Property financial data (rental income, expenses, cash flow projections, depreciation schedules)•Currency investment information (holdings, transaction history, conversion rates, portfolio composition)•Investment criteria and parameters you set for opportunity evaluation•Historical investment performance data•Geographic and market-specific investment preferences
Important: This data may constitute sensitive personal financial information. We implement enhanced security measures to protect this data. See Section 9 for details.
2.3 Usage and Technical Information
We automatically collect:
•IP address and device identifiers
•Browser type, operating system, and device information•Pages visited, features used, and time spent on features•Search queries and filter parameters used in the Service•API calls and integration activity•Timestamps of access and activity•Referring/exit pages and clickstream data•Performance metrics and error logs•Geolocation data (approximate, derived from IP address)•Unique identifiers assigned to your account and devices
2.4 Communications Data
We collect:
•Email correspondence between you and our support team•Chat logs and messages within the platform•User feedback, support tickets, and survey responses•Documentation of feature requests or complaints
2.5 Third-Party Data
We may receive personal data about you from:
•Our payment processors•Third-party data providers used for market analysis•Integration partners and APIs you authorize•Business associates or employees of your organization who provide information to facilitate your use of the Service•Public records related to real estate properties you evaluate
3. Legal Basis for Processing
We process personal data on the following legal bases:
3.1 Contract Performance
Processing necessary to provide the Service you've requested, including:
•Creating and maintaining your account•Delivering evaluation tools and generating analysis•Processing payments and managing billing•Providing technical support
3.2 Legitimate Business Interests
We process data for legitimate business purposes, including:
•Improving and optimizing the Service•Preventing fraud, abuse, and unauthorized access•Conducting analytics and generating insights about Service usage•Enforcing our Terms of Service and other agreements•Marketing and promoting our Service•Maintaining data security and system integrity•Complying with legal obligations
3.3 Legal Obligation
We process data when required by law, including:
•Tax and financial reporting requirements•Anti-money laundering (AML) and Know Your Customer (KYC) regulations•Law enforcement requests and government investigations•Real estate transaction reporting requirements under FinCEN regulations
3.4 Consent
For certain uses, we rely on your explicit consent, including:
•Marketing communications (which you can withdraw anytime)•Optional analytics and experience improvement programs•Cookies and similar tracking technologies
4. How We Use Your Information
We use collected information for:
4.1 Service Delivery
•Creating, maintaining, and authenticating your account•Processing and responding to your evaluation requests•Generating investment opportunity analyses and recommendations•Providing real estate property valuations and currency exchange data•Delivering reports and analytics tailored to your investment criteria•Processing payments and maintaining billing records•Providing technical support and troubleshooting
4.2 Service Improvement
•Analyzing usage patterns to identify popular features•Testing new features and service variations•Conducting research to enhance algorithm accuracy•Developing derivative market insights (see Section 4.3)•Identifying and fixing technical issues and performance problems
4.3 Aggregate and De-identified Data
We may use aggregated or de-identified data (where it cannot identify individuals) for:
•Market research and trend analysis•Publishing industry reports and benchmarks•Training and improving our machine learning models•Creating statistical analyses about real estate and currency markets•Sharing anonymized market insights with the investment community
Important: We do not include identifiable information in any market reports or insights we share publicly or with third parties.
4.4 Legal and Compliance
•Complying with applicable laws and regulations•Responding to legal process and government requests•Enforcing our Terms of Service and other agreements•Protecting against fraud, security threats, and abuse•Maintaining audit trails and records for regulatory purposes
4.5 Business Operations
•Managing customer relationships and accounts•Communicating updates, security alerts, and Service changes•Conducting user research and customer satisfaction surveys•Sending transactional and administrative notifications•Managing complaints and resolving disputes
4.6 Marketing and Communications
•Sending newsletters and updates about new features (with your consent)•Notifying you about changes to our Privacy Policy or Terms of Service•Promotional communications about AI-GADETS offerings•You may opt out of marketing communications at any time using the unsubscribe link or by contacting privacy@ai-gadets.com
5. Data Sharing and Disclosure
5.1 What We Do NOT Do
•We do not sell personal data to third parties for commercial purposes
•We do not share investment data with competitors or marketing firms•We do not monetize user data through data brokerage or resale•We do not use your financial investment data for targeted advertising directed at you
5.2 Service Providers and Processors
We share personal data with third-party service providers who process it on our behalf under Data Processing Agreements:
•Cloud Infrastructure Providers: Hosting, storage, and backup services•Payment Processors: Credit card processing and payment handling•Email and Communication Services: Email delivery, customer support platforms•Analytics Providers: Usage analytics and performance monitoring•Security and Compliance Services: Vulnerability scanning, incident response•Business Services: Accounting, legal, and HR services
Data Processing Agreements: We require all processors to implement appropriate safeguards and use data only as instructed.
5.3 API Integrations and Third-Party Services
If you authorize integrations with third-party services (e.g., property databases, real estate listing services, currency exchange APIs), we share necessary data as follows:
•Only data specifically required for the integration is shared•You control which integrations are active on your account•We provide transparency about what data each integration receives•Third parties must agree to data protection terms before receiving data
5.4 Business Transfers
If AI-GADETS is involved in a merger, acquisition, bankruptcy, or asset sale:
•Personal data may be transferred as part of that transaction•You will be notified of material changes to this Privacy Policy or our ownership•You may request deletion of your data before the transfer (subject to legal limitations)
5.5 Legal Requirements and Government Requests
We may disclose personal data when required by law or in response to:
•Subpoenas, court orders, and legal process•Government agency requests and investigations•Law enforcement inquiries•National security letters•Financial crimes reporting obligations
We will provide notice when legally permitted and will request to limit disclosure to the extent permitted by law.
5.6 Fraud Prevention and Security
We may share information with:
•Law enforcement and fraud prevention agencies•Other service providers to prevent fraud and unauthorized access•Cybersecurity incident response teams when necessary to protect our systems
5.7 Aggregate and De-identified Information
We may freely share aggregated, anonymized, or de-identified data that cannot identify individuals for market research, benchmarking, and public reporting.
6. Your Privacy Rights and Choices
6.1 United States - CCPA/CPRA Rights (California)
If you are a California resident, you have the following rights:
- Right to Know: You may request what personal data we collect, use, and share about you.
- Right to Delete: You may request deletion of personal data we collected, with certain exceptions (e.g., when needed to complete a transaction or comply with law).
- Right to Correct: You may request correction of inaccurate personal data we maintain.
Right to Opt-Out: You may opt out of:
•Sale or sharing of your personal data (which we do not engage in)•Targeted advertising (which we do not conduct)•Automated decision-making that produces legal or similarly significant effects
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights through differential pricing, denial of service, or reduced quality of service.
Shine the Light Rights: You may request information about personal data shared with third parties for their marketing purposes (which we do not do).
6.2 European Union and UK - GDPR Rights
If you are located in the European Union, United Kingdom, or other jurisdictions with equivalent data protection laws, you have the following rights:
- Right of Access: You may request a copy of personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete personal data.
- Right to Erasure (Right to Be Forgotten): You may request deletion of your personal data, subject to legal exceptions (e.g., where processing is necessary for contractual performance or legal compliance).
- Right to Restrict Processing: You may request we limit how we use your personal data.
- Right to Data Portability: You may request personal data in a structured, commonly used format and request transfer to another controller.
- Right to Object: You may object to certain types of processing, including processing for marketing purposes and automated decision-making.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.
International Data Transfers: If we transfer your data outside the EU/UK, we do so with appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).
6.3 Other Jurisdictions
Additional privacy rights may apply based on your location, including those in:
•Brazil (LGPD)•Canada (PIPEDA)•Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Missouri, Montana, Oregon, Tennessee, Utah, and Virginia (comprehensive state privacy laws)
We comply with applicable laws in your jurisdiction.
6.4 How to Exercise Your Rights
To submit a privacy request:
Email: service@ai-gadets.com Attn: Privacy
Mail: AI-GADETS, Inc., Privacy Officer, Charlotte, North Carolina, USA
In-App Request: You may submit certain requests directly through your account settings
Requirements:
•Include sufficient information for us to verify your identity
•Specify which right(s) you are exercising
•Provide enough detail for us to process your request
Response Timeline:
•We will respond to requests within 45 days (or as required by law)
•Complex requests may take longer; we will notify you of any delays
•We may request additional information to verify your identity before responding
Verification: We will use reasonable measures to verify your identity. For sensitive data requests, we may require additional verification such as signed statements or government identification.
6.5 Email and Communication Preferences
•Marketing Emails: Use the unsubscribe link in any marketing email to opt out
•Service Communications: We will continue sending transactional emails (account updates, security alerts, billing notices) as necessary to provide the Service
•Your Account: Manage your communication preferences through your account dashboard
6.6 Cookies and Tracking Technologies
Cookie Management:
•You may control cookies through your browser settings
•You may opt out of certain analytics cookies through our cookie preference center
•Some cookies are essential to Service functionality and cannot be disabled while using the Service
Do Not Track Signals: Our systems currently do not respond to Do Not Track signals due to lack of industry standards, but you may disable tracking cookies through your browser settings.
7. Data Retention
We retain personal data according to the following principles:
7.1 Account Data
•Active Accounts: Retained while your account is active and for legitimate business purposes
•Closed Accounts: We retain account data for 3 years following account closure to comply with tax, legal, and audit requirements
•Accelerated Deletion: You may request deletion of specific data types within your account if not required for contract performance or legal compliance
7.2 Payment and Billing Data
•Retained for 7 years to comply with tax law and financial reporting requirements
•Shorter retention: After the initial 3-year period, we anonymize payment data where possible
•Credit card data: Not retained after transaction completion; stored securely by payment processors
7.3 Investment and Financial Data
•Retained while account is active for Service functionality
•After account closure: Retained for 1 year unless you request earlier deletion (except where legally required to retain)
•Aggregate/De-identified data: Retained indefinitely for market research and analysis
7.4 Support and Communication Records
•Retained for 3 years after last contact to resolve disputes and maintain record of support interactions
•May be deleted earlier if you request and deletion does not conflict with legal obligations
7.5 Technical and Usage Data
•Raw logs: Retained for 90 days for security and troubleshooting
•Aggregated analytics: Retained indefinitely (in de-identified form)
•Cookies: Set retention periods disclosed at time of collection; typically 1-2 years
7.6 Legal and Compliance Data
•Audit trails: Retained for 7 years to comply with regulatory and tax requirements
•Data subject to legal holds: Retained as long as litigation or investigation is pending
7.7 Data Deletion Procedures
When we delete data:
•Data is removed from active systems and backups
•Cryptographic keys used to encrypt data are destroyed
•Residual data on archival backups are retained only as long as operationally necessary
•Third-party processors are instructed to delete data per our Data Processing Agreements
8. Data Security
We implement comprehensive technical, administrative, and physical safeguards to protect personal data against unauthorized access, alteration, disclosure, and destruction.
8.1 Encryption
•In Transit: All data transmitted to and from the Service is encrypted using TLS 1.2 or higher
•At Rest: Sensitive data including investment portfolios and payment information is encrypted using AES-256
•Database Encryption: Our production databases are encrypted at the storage layer
•Key Management: Encryption keys are stored separately from encrypted data and rotated regularly
8.2 Access Controls
•Role-Based Access: Only authorized employees with business justification can access personal data
•Principle of Least Privilege: Employees receive access to minimum data necessary for their role
•Authentication: Multi-factor authentication required for internal system access
•Audit Logging: All access to sensitive data is logged and monitored
•Segregation: Real estate and currency investment data is segregated from other systems
•Termination Procedures: Access is immediately revoked upon employee termination
8.3 Infrastructure and Network Security
•Firewalls and Intrusion Detection: Network protected by firewalls and continuously monitored for intrusions
•Vulnerability Scanning: Regular automated vulnerability assessments and penetration testing
•DDoS Protection: Protection against distributed denial-of-service attacks
•Secure APIs: All APIs require authentication and are rate-limited
•Network Segmentation: Systems are segregated to limit lateral movement in case of compromise
8.4 Application Security
•Secure Development: Security training for development teams; secure coding practices throughout development lifecycle
•Code Review: Security-focused code reviews before deployment
•Dependency Management: Regular scanning and updating of third-party libraries and dependencies
•Testing: Regular security testing including static analysis, dynamic analysis, and manual testing
•Data Validation: Input validation and output encoding to prevent injection attacks
8.5 Incident Response
•Incident Response Plan: Documented procedures for detecting, responding to, and remediating security incidents
•Monitoring: 24/7 monitoring for suspicious activity and security events
•Response Team: Dedicated team trained to respond to security incidents
•External Support: Relationships with cybersecurity firms for incident investigation and forensics
•Breach Notification: See Section 10 for breach notification procedures
8.6 Business Continuity and Disaster Recovery
•Backups: Data backed up regularly; backup integrity tested quarterly
•Geographic Redundancy: Backup systems located in geographically separate locations
•Recovery Testing: Disaster recovery procedures tested regularly
•Backup Encryption: Backups are encrypted and access is restricted
8.7 Physical Security
•Data Centers: Located in secure facilities with controlled access, surveillance, and environmental controls
•Server Security: Servers are protected in locked cabinets within restricted areas
•Media Destruction: Data-bearing media is securely destroyed per industry standards
8.8 Limitations
While we implement strong security measures, no security system is impenetrable. We cannot guarantee absolute security of personal data. By using the Service, you acknowledge the inherent security risks of internet-based systems and assume responsibility for maintaining the confidentiality of your credentials.
9. Sensitive Financial Data
Given the nature of our Service involving real estate and currency investment data, we provide additional protections:
9.1 Enhanced Classification
We classify certain data as "Sensitive Financial Data," including:
•Investment portfolio holdings and valuations
•Real estate acquisition prices and financial projections
•Currency conversion and transaction history
•Earnings and expense data
•Loan terms and debt obligations
•Personal financial information used for investment analysis
9.2 Restricted Access
•Sensitive Financial Data is accessed only by employees with specific authorization
•Access requires documented business justification
•All access is logged and reviewed regularly
•Contractors and third parties have no access to Sensitive Financial Data
9.3 Encryption and Protection
•Sensitive Financial Data is encrypted at rest using AES-256
•Transmitted under TLS 1.2+ encryption
•Isolated from other systems to the extent operationally feasible
•Never shared with third parties except service processors who sign strict agreements
9.4 Data Minimization
•We collect only investment data necessary to provide evaluation services
•Users control what data they input into the Service
•We do not correlate your investment data with other data sources to identify financial patterns
•Your investment data is not used for marketing, advertising, or secondary purposes
10. Data Breaches and Breach Notification
10.1 Breach Definition
A "Breach" is unauthorized access, disclosure, or loss of personal data that compromises the confidentiality, integrity, or availability of information.
10.2 Breach Assessment
Upon discovering a potential Breach:
•We conduct an investigation to confirm the Breach
•We assess the scope, nature, and extent of compromised data
•We assess the risk to individuals affected
•We determine our legal notification obligations
10.3 Breach Notification
Timing: We notify affected individuals without unreasonable delay, generally within 30 days of confirming a Breach (or as required by law, whichever is sooner).
Content: Breach notifications include:
•Description of the Breach and data affected
•Types of personal data compromised
•Likely consequences
•Measures we have taken to address the Breach
•Recommended steps individuals can take
•Our contact information for questions
Methods: We notify via email to the address associated with your account, or by other means if email is not available.
Regulatory Notification: We notify relevant regulatory authorities as required by applicable privacy laws.
10.4 Third-Party Data Processor Breaches
If a third-party processor experiences a Breach:
•The processor notifies us immediately
•We assess the impact to your data
•We provide notice to you if your personal data is compromised
•We work with the processor to remediate and prevent recurrence
10.5 No Liability Waiver
Nothing in this Privacy Policy waives any legal rights or remedies available to you under applicable law regarding data breaches.
11. Children's Privacy
The Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.
If we become aware that we have collected personal data from a child:
•We will delete it promptly
•We will notify the child's parent or guardian
•We will comply with applicable children's privacy laws (e.g., COPPA in the United States)
Parents who believe their child has provided us with information should contact privacy@ai-gadets.com immediately.
12. International Data Transfers
12.1 Data Transfer Mechanisms
AI-GADETS is based in the United States. If you are located outside the United States, personal data is transferred to, stored in, and processed in the United States.
For transfers outside your country of residence:
•EU/UK to US: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as adequate safeguards
•Other Jurisdictions: We implement appropriate contractual safeguards for transfers
•Your Consent: By using the Service, you consent to transfers of your personal data to the United States and other countries
12.2 Data Protection
•We require all recipients of transferred data to implement safeguards equivalent to those in your country of origin
•You have the right to request information about transfer mechanisms
•You may object to transfers; we will work with you to identify alternatives if available
12.3 Data Location
•Operational data is stored on US-based cloud infrastructure
•Backup data may be stored in multiple geographic locations for redundancy and disaster recovery
•You may request information about specific storage locations
13. Third-Party Services and Links
The Service may contain links to third-party websites, applications, and services not operated by AI-GADETS. This Privacy Policy does not apply to third-party services.
13.1 Third-Party Websites
We are not responsible for:
•Privacy practices of linked websites or services
•Content, accuracy, or practices of third parties
•Data collection by third parties
13.2 Your Responsibility
When you visit third-party sites:
•Review their privacy policies
•Understand their data practices
•Make your own decisions about providing data
13.3 Integration Partners
If you authorize the Service to integrate with third-party applications:
•We share only necessary data required for the integration
•We provide transparency about what data is shared
•The third party's privacy policy governs their use of data
•You may revoke integrations through your account settings
14. Data Protection Officer and Contact Information
14.1 Data Protection Officer
Our Data Protection Officer oversees privacy and data protection compliance.
Contact:
•Email: dpo@ai-gadets.com
•Mailing Address: Data Protection Officer, AI-GADETS, Inc., Greeleyville, South Carolina, USA
14.2 Privacy and Inquiries
For privacy questions, requests, or concerns:
Email: privacy@ai-gadets.com
Mailing Address:
AI-GADETS, Inc.
Privacy Department
Greeleyville, South Carolina
United States
Response Timeline: We respond to privacy inquiries within 10 business days. Complex inquiries may require additional time.
14.3 Regulatory Authorities
If you are not satisfied with our response to a privacy inquiry, you may lodge a complaint with:
•California: California Privacy Protection Agency
•EU/UK: Your national data protection authority
•Other Jurisdictions: Applicable privacy regulator for your location
15. Policy Updates and Modifications
15.1 Changes to This Policy
We may update this Privacy Policy to:
•Reflect changes in our data practices
•Address new regulatory requirements
•Improve clarity or transparency
•Respond to user feedback
15.2 Notification of Changes
•Significant Changes: We will provide advance notice
15.3 Prior Versions (e.g., email, notification on the website) of material changes
•Effective Date: The "Last Updated" date at the top reflects the most recent version
•Continued Use: Your continued use of the Service after changes constitutes acceptance of the updated Policy
Prior versions of this Privacy Policy are available upon request at privacy@ai-gadets.com.
16. Supplemental Notices
16.1 California Residents - Additional Rights
Categories of Personal Data We Collect (CCPA):
•Identifiers (name, email, username)
•Commercial information (purchase history, account preferences)
•Biometric information (none collected)
•Internet activity (usage, IP address, device information)
•Geolocation data
•Inferences (investment risk profile based on your stated preferences)
California Shine the Light: We do not share personal data with third parties for their marketing purposes, so no disclosure is required.
Sale or Sharing of Personal Data: We do not sell or share personal data in a manner requiring CCPA/CPRA disclosure.
16.2 European Union and UK - Additional Notices
Data Controller: AI-GADETS, Inc. is the data controller for processing your personal data.
Legal Basis for Processing: See Section 3 for detailed legal bases.
Automated Decision-Making: We do not use automated decision-making that produces legal or significantly similar effects on you without appropriate safeguards and the ability to request human review.
16.3 Brazil - LGPD Rights
If you are a Brazilian resident, you have rights under the Lei Geral de Proteção de Dados (LGPD), including:
•Access to your personal data
•Correction of inaccurate data
•Deletion of data
•Portability of data
•Objection to processing
Contact privacy@ai-gadets.com for LGPD-specific requests.
16.4 Canada - PIPEDA Rights
If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including:
•Access to personal information we hold
•Correction of inaccurate information
•Requesting accountability for our information management practices
Contact privacy@ai-gadets.com for PIPEDA-specific requests.
17. Acknowledgment and Acceptance
By accessing or using the AI-GADETS Service, you acknowledge that:
•You have read and understood this Privacy Policy
•You agree to our data processing practices described herein
•You understand the types of personal data we collect and how it is used
•You have the rights described in Section 6 and understand how to exercise them
•You consent to international data transfers as described in Section 12
If you do not agree with this Privacy Policy, please do not use the Service.
18. California Privacy Rights Summary
For California Residents: This section supplements the rights described throughout this Policy.
•Your Rights: You have the right to know, delete, correct, and opt-out as described in Section 6.2
•Non-Discrimination: We do not discriminate based on privacy rights exercise
•Authorized Agents: You may designate an authorized agent to submit requests on your behalf; we will require proof of authorization
•Verification: We will verify your identity before responding to requests
•Processing Timeline: We respond within 45 days; complex requests may take up to 90 days