Privacy Policy
Contents
1. Who we are2. Personal data we collect3. How we use personal data4. Legal bases for processing5. AI model training and your choices6. How we share personal data7. International data transfers8. Data retention9. Security10. Your rights11. Cookies and similar technologies12. Children's privacy13. Changes to this policy14. How to contact us1. Who we are
2C-AI ("2C-AI", "we", "us") researches, develops and deploys artificial intelligence systems and related services, including our websites, APIs and enterprise products (together, the "Services"). This Privacy Policy explains how we collect, use, disclose and protect personal data when you use the Services or otherwise interact with us. For data-protection matters, 2C-AI acts as the data controller of the personal data described in this policy, except where we process data on behalf of enterprise customers as a processor under a separate data processing agreement.
2. Personal data we collect
2.1 Data you provide to us
- Account data — name, email address, organisation, password and account settings.
- Inputs and content — prompts, files, images and other content you submit to our AI systems, and the outputs generated for you.
- Communications — messages you send to info@2c-ai.com, contact@2c-ai.com, legal@2c-ai.com or through our forms, including support requests and feedback.
- Payment data — billing details processed by our payment providers; we do not store full card numbers.
2.2 Data collected automatically
- Usage data — features used, requests made, timestamps and approximate region.
- Device and log data — IP address, browser type, operating system, device identifiers and crash logs.
- Cookie data — as described in Section 11.
2.3 Data from other sources
We may receive limited data from business partners, resellers and publicly available sources, for example to verify enterprise accounts or prevent fraud.
3. How we use personal data
- Provide, maintain and improve the Services;
- Create and administer accounts, authenticate users and process payments;
- Respond to enquiries and provide customer support;
- Monitor for, prevent and investigate abuse, fraud, security incidents and violations of our Terms of Use;
- Conduct research and development, including AI safety research, subject to Section 5;
- Comply with legal obligations and enforce our legal rights;
- Send service notices and, with your consent where required, product updates you can opt out of at any time.
We do not sell personal data, and we do not use your personal data or your content for third-party advertising.
4. Legal bases for processing
Where laws such as the EU/UK GDPR apply, we process personal data on the following bases: performance of a contract (providing the Services you request); legitimate interests (securing and improving the Services, preventing abuse), balanced against your rights; consent (e.g. optional cookies, marketing, and certain uses of your content), which you may withdraw at any time; and legal obligation (e.g. tax, accounting and lawful requests from authorities).
5. AI model training and your choices
Improving AI models responsibly may involve learning from real-world usage. Our commitments:
- Enterprise and API customer content is not used to train our models by default.
- Where consumer content may be used to improve models, we tell you clearly and provide an opt-out control in your account settings.
- We apply de-identification, filtering and access controls to training data, and we do not seek out sensitive personal data for training.
- You may request deletion of your content as described in Section 10.
6. How we share personal data
- Service providers — cloud hosting, payment, analytics and support vendors bound by contract to process data only on our instructions;
- Enterprise administrators — if you use the Services through an organisation, its administrators may access account and usage information;
- Legal and safety — where required by law, or where necessary to protect the rights, safety and security of 2C-AI, our users or the public;
- Corporate transactions — in connection with a merger, acquisition or asset sale, subject to this policy.
7. International data transfers
We operate globally. Where personal data is transferred across borders, we use lawful transfer mechanisms such as adequacy decisions and standard contractual clauses, and we apply equivalent protections regardless of where data is processed.
8. Data retention
We keep personal data only as long as needed for the purposes described above, then delete or de-identify it. Typical periods: account data for the life of the account plus a limited wind-down period; security logs for up to 24 months; financial records as required by law. You may request earlier deletion under Section 10.
9. Security
We protect personal data with technical and organisational measures including encryption in transit (TLS) and at rest, network isolation, role-based access controls, audit logging, employee security training and independent security testing. No system is perfectly secure; if a breach affecting your personal data occurs, we will notify you and regulators as required by applicable law.
10. Your rights
Depending on your jurisdiction (including the EU/UK GDPR, Hong Kong PDPO, Taiwan PDPA, mainland China PIPL, and US state privacy laws), you may have the right to:
- Access a copy of your personal data;
- Correct inaccurate data;
- Delete your data;
- Receive your data in a portable format;
- Object to or restrict certain processing;
- Withdraw consent at any time;
- Lodge a complaint with your data protection authority.
To exercise any right, email legal@2c-ai.com. We respond within the timeframe required by applicable law (normally within 30 days) and will never discriminate against you for exercising your rights.
11. Cookies and similar technologies
We use strictly necessary cookies to operate the site (e.g. remembering your language choice) and, with your consent where required, limited analytics cookies to understand aggregate usage. We do not use advertising cookies. You can control cookies through your browser settings; disabling necessary cookies may affect site functionality.
12. Children's privacy
The Services are not directed to children under 13 (or the higher minimum age in your jurisdiction), and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact legal@2c-ai.com and we will delete it.
13. Changes to this policy
We may update this policy as our Services and the law evolve. For material changes we will give prominent notice (such as a banner or email) before the changes take effect, and we will always show the "last updated" date above.
14. How to contact us
Privacy and legal matters: legal@2c-ai.com
General enquiries: info@2c-ai.com
Business enquiries: contact@2c-ai.com