Privacy Policy

Last updated: March 9, 2026

LogionOS Inc. ("LogionOS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI compliance platform, APIs, dashboard, browser extension, and related services (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you register for the Service, we collect:

• Email address
• Organization name
• API key credentials (generated by our system)

1.2 Compliance Query Data

When you submit queries to the LogionOS API for compliance analysis, we process:

• The text content of your query (input)
• The jurisdiction selection
• Compliance check results (matched rules, risk scores, actions)

1.3 Usage Data

We automatically collect:

• API request timestamps and response times
• Feature usage patterns (dashboard pages visited, reports generated)
• Error logs for debugging and service improvement

1.4 Information We Do NOT Collect

• We do not collect or store passwords (authentication is API key-based)
• We do not collect payment card information directly (handled by third-party processors)
• We do not collect biometric data

2. How We Use Your Information

Purpose	Legal Basis
Provide and operate the compliance checking service	Performance of contract
Generate audit logs and compliance reports	Performance of contract
Monitor service performance and uptime	Legitimate interest
Improve service quality and accuracy	Legitimate interest
Send service notifications and updates	Performance of contract
Comply with legal obligations	Legal obligation

We do NOT use your compliance query data to train machine learning models. Your submitted content is processed in real-time for compliance analysis and stored only as part of your audit logs.

3. Data Retention

• Audit Logs: Retained for the duration of your account plus 90 days after termination, unless you request earlier deletion.
• Account Information: Retained as long as your account is active. Deleted within 30 days of account closure.
• Usage Data: Aggregated and anonymized data may be retained indefinitely for analytics purposes.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

• Service Providers: Cloud hosting providers (for infrastructure operation only), subject to data processing agreements
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• With Your Consent: When you explicitly authorize disclosure

5. Data Security

We implement industry-standard security measures including:

• TLS 1.2+ encryption for all API communications
• Unique API keys per account with role-based access control (RBAC)
• 4 permission levels: admin, developer, auditor, viewer
• Audit logging of all system access and data modifications
• Regular security assessments and monitoring

6. International Data Transfers

Our Service is hosted on infrastructure that may process data in the United States. If you are located outside the United States, your data may be transferred to and processed in the US. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Data Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at chris@logionos.com. We will respond within 30 days.

8. Jurisdiction-Specific Provisions

8.1 European Economic Area (GDPR)

If you are in the EEA, we process personal data under the legal bases described in Section 2. You have the right to lodge a complaint with your local data protection authority.

8.2 California (CCPA/CPRA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8.3 Japan (APPI)

We comply with the Act on the Protection of Personal Information. Japanese residents may request disclosure, correction, or deletion of personal data by contacting us.

8.4 United Kingdom (UK GDPR)

UK residents have equivalent rights under the UK GDPR. Our data protection practices comply with the requirements of the UK Data Protection Act 2018.

8.5 Singapore (PDPA)

We comply with the Personal Data Protection Act 2012 (as amended). Singapore residents may contact us to access or correct personal data.

9. Chrome Extension

The LogionOS Chrome Extension ("AI Compliance Shield") monitors queries sent to supported AI platforms (ChatGPT, Claude, Google Gemini) for compliance purposes. The following disclosures apply specifically to the extension:

Permission	Purpose
storage	Save user preferences, daily statistics, and recent check history locally in Chrome
activeTab	Detect which AI platform tab is active
scripting	Inject the compliance interceptor on supported AI platform pages
Host permissions	Run content scripts on chatgpt.com, claude.ai, gemini.google.com only
Optional host permissions	Connect to user-configured API endpoint (requested only when a custom API URL is set for on-premise deployments)

• The extension only activates on the four AI platform domains listed above
• Query text is sent only to the user-configured LogionOS API endpoint for compliance analysis
• All settings, statistics, and check history are stored locally in chrome.storage.local
• The extension does not collect browsing history, personal information, or AI responses
• The extension does not contain remote code loading — all logic is bundled in the package
• Organizations using on-premise API deployments retain full control over all data processing

10. Cookies and Tracking

Our website uses minimal cookies for essential functionality only. The Enterprise Dashboard uses localStorage for session management. We do not use third-party advertising trackers.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

LogionOS Inc.
Data Protection Inquiries
Email: chris@logionos.com
Website: https://logionos.com