Privacy Policy

Your privacy and data security are fundamental to how we build and operate eKTextAI.

Last updated: November 2025

GDPR/UK-GDPR Compliant

Contents

🔒 Our Commitment to Privacy

At eKTextAI, we believe privacy is a fundamental right. This policy explains how we collect, use, and protect your information when you use our enterprise knowledge AI platform.

📋 Data Controller

Service Provider: eKTextAI

Operated by: MarvelSoft IT Services

Location: DSO, Dubai, United Arab Emirates

Contact Email: info@ektextai.com

Legal Contact: info@marvelsoft.co.in

1. Information We Collect

Personal Information

  • Name, email address, and contact information
  • Organization details and business information
  • Account credentials and authentication data
  • Communication preferences and settings

Usage Data

  • Pages visited and features used within our platform
  • Time spent, click patterns, and user interactions
  • Browser type, device information, and technical specifications
  • IP address and general location data (country/region)

Content Data

  • Knowledge base content you upload or create
  • API queries and responses for service improvement
  • Training data and model customizations

2. How We Use Your Information

🚀 Service Delivery

  • • Provide and maintain AI knowledge services
  • • Process and respond to your queries
  • • Customize and improve AI responses
  • • Enable collaboration and sharing features

📊 Analytics & Improvement

  • • Analyze usage patterns and performance
  • • Develop new features and capabilities
  • • Optimize AI model accuracy
  • • Conduct research and development

💬 Communication

  • • Send service updates and notifications
  • • Provide technical support and assistance
  • • Share relevant product information
  • • Respond to inquiries and feedback

🔒 Security & Compliance

  • • Detect and prevent fraudulent activity
  • • Ensure platform security and integrity
  • • Comply with legal and regulatory requirements
  • • Protect user rights and safety

3. Information Sharing

🛡️ We do not sell your personal information. We only share data in specific, limited circumstances outlined below.

✅ With Your Consent

When you explicitly authorize us to share information with third parties.

⚖️ Legal Compliance

To comply with legal obligations, court orders, or governmental requests.

🤝 Service Providers

With trusted partners who assist our operations under strict confidentiality agreements.

🔒 Security & Safety

To protect our rights, prevent fraud, or ensure user safety.

4. Data Security

🔐

Encryption

End-to-end encryption for data in transit and at rest using industry-standard protocols.

🛡️

Access Controls

Multi-factor authentication and role-based access controls protect your account.

🔍

Monitoring

Continuous security monitoring and regular audits ensure data protection.

5. Cookies & Tracking

🍪 Essential Cookies

Required for basic site functionality, authentication, and security.

Always Active

📊 Analytics Cookies

Help us understand how you use our platform to improve user experience.

Optional

🎯 Preference Cookies

Remember your settings and preferences for a personalized experience.

Optional

6. Your Rights (GDPR/UK-GDPR)

🇪🇺 GDPR / UK-GDPR Compliance

If you are located in the European Union (EU) or United Kingdom (UK), you have specific rights under the General Data Protection Regulation (GDPR) and UK-GDPR. We are committed to ensuring your rights are respected and easily exercisable.

Legal Basis for Processing: We process your personal data based on your explicit consent, contract performance, legal obligations, legitimate interests, or vital interests as permitted under GDPR Article 6.

👁️

Right to Access (Article 15)

Request a copy of all personal information we hold about you. We will respond within 30 days.

Exercise this right →
✏️

Right to Rectification (Article 16)

Correct or update any inaccurate personal information. We will update your data promptly.

Request correction →
🗑️

Right to Erasure (Article 17)

Request deletion of your personal information (subject to legal requirements). We will process your request within 30 days.

Request deletion →
📦

Right to Data Portability (Article 20)

Export your data in a machine-readable format (JSON or CSV). We will provide your data within 30 days.

Export your data →

Right to Object (Article 21)

Object to processing of your personal information for specific purposes. We will respect your objection.

Object to processing →
📧

Right to Withdraw Consent (Article 7)

Withdraw your consent at any time. Withdrawal does not affect processing that occurred before withdrawal.

Withdraw consent →

How to Exercise Your Rights

You can exercise your GDPR rights through:

  • Dashboard: Log in to your account and visit the GDPR Rights section
  • Email: Send a request to privacy@ektextai.com
  • API: Use our GDPR API endpoints at /api/gdpr

Response Time: We will respond to your request within 30 days as required by GDPR. If your request is complex, we may extend this period by up to 60 days, and we will inform you of the extension.

⚠️ Right to Lodge a Complaint

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:

  • EU: Contact your local Data Protection Authority (DPA)
  • UK: Information Commissioner's Office (ICO) - ico.org.uk

7. Data Retention & Deletion

📅 Retention Periods

We retain your personal information only as long as necessary to provide our services and comply with legal obligations. Account data is typically retained for the duration of your subscription plus 30 days, unless longer retention is required by law.

GDPR Compliance: Under GDPR Article 17 (Right to Erasure), you can request deletion of your data. We will process deletion requests within 30 days, subject to legal requirements that may require longer retention.

🗑️ Data Deletion Requests

When you request data deletion:

  • We will delete your personal data within 30 days of your request
  • We may retain certain data for up to 30 days after deletion request for security and fraud prevention
  • Some data may be retained longer if required by law (e.g., financial records, legal obligations)
  • We will notify you when your data has been fully deleted

8. International Transfers & Data Residency

🌍 Data Storage Locations

Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through appropriate safeguards such as standard contractual clauses and adequacy decisions.

Current Data Storage: We store your data in secure cloud infrastructure. For EU/UK users, we offer data residency options to keep your data within the EU/UK region.

🇪🇺 EU/UK Data Residency

If you are located in the EU or UK, you can request that your data be stored within the EU/UK region to comply with GDPR/UK-GDPR data residency requirements.

  • Request EU/UK data residency through your account settings
  • We will ensure your data is stored in EU/UK-approved data centers
  • Cross-border transfers are only made with your explicit consent or under approved mechanisms

9. Breach Notification (GDPR Article 33-34)

🚨 Our Commitment

In the event of a data breach that may affect your personal data, we are committed to:

  • Notify Supervisory Authority: Within 72 hours of becoming aware of the breach (GDPR Article 33)
  • Notify Affected Users: Without undue delay if the breach poses a high risk to your rights and freedoms (GDPR Article 34)
  • Provide Details: Information about the nature of the breach, affected data, and mitigation steps
  • Take Immediate Action: Contain the breach and prevent further unauthorized access

📧 How We Notify You

If a breach affects your personal data, we will notify you via:

  • Email to your registered email address
  • In-app notification if you are logged in
  • Public announcement if the breach affects multiple users

What to Do: If you receive a breach notification, please review your account for any suspicious activity, change your password if necessary, and contact us if you have concerns.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information promptly.

11. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

Privacy Questions?

If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us.

📧

General Inquiries

info@ektextai.com
🔒

Privacy & GDPR Requests

privacy@ektextai.com
🏢

Company

MarvelSoft IT Services

DSO, Dubai, UAE