Giatros AI Global Privacy Policy
Last Updated: October 26, 2023
At Giatros AI (giatrosai.com), we recognize that health-related information is among the most sensitive types of data. This Privacy Policy outlines our commitment to data volatility, user privacy, and global regulatory compliance (including GDPR and CCPA).
1. SCOPE AND CONSENT
By using Giatros AI, you consent to the collection and processing of your data as described in this policy. This service is designed for a global audience, and we provide uniform high-standard privacy protections regardless of your geographic location.
2. INFORMATION WE COLLECT
2.1 Information Provided by You:
Queries: The text, health data, and questions you input into our multi-model interface.
Account Information: Email addresses and names if you choose to create a registered account.
2.2 Automatically Collected Information:
Technical Metadata: IP addresses (anonymized), browser type, device identifiers, and operating system.
Usage Patterns: Interaction timestamps and session duration to optimize model performance.
3. DATA PROCESSING & MULTI-MODEL ARCHITECTURE
Giatros AI operates as a synthesis engine. To provide comprehensive educational information, your queries are processed across a proprietary architecture:
Orchestration Layer: Our system receives and sanitizes your query.
Third-Party LLMs: Your query is sent to three distinct Large Language Model (LLM) providers. We utilize API-based processing where, by contract, your data is not used to "train" the underlying third-party models.
Anonymization: We strive to strip personally identifiable information (PII) from queries before they are sent to third-party model providers.
4. DATA RETENTION & PRIVACY-FIRST PERSISTENCE POLICY
Unlike traditional platforms, Giatros AI is built on a principle of Data Minimization and Privacy-First Persistence. We do not engage in long-term profiling or data harvesting.
4.1 User-Initiated Deletion (Deletion Flags):
When you select the option to delete your data, our system immediately applies a "Deletion Flag." This flag:
Instantly restricts any further access to the data.
Signals the database to prioritize the physical erasure of the record.
4.2 Encrypted Storage:
All data is stored using industry-standard AES-256 encryption at rest. We do not utilize "volatile" or "unstable" storage; your data is persistent and secure until you choose to delete it.
4.3 Instant Purge:
When you select the "Delete My Account" or "Clear All Chats" option, our systems perform a cryptographic erasure of the associated records, ensuring that the data is unrecoverable.
5. YOUR GLOBAL PRIVACY RIGHTS
We extend the following rights to all users globally:
Right to Erasure ("Right to be Forgotten"): You may delete your data at any time via the user interface.
Right to Access: You may request a report of the data currently associated with your account.
Right to Data Portability: You may request your data in a structured, machine-readable format.
Right to Object: You may opt-out of specific data processing activities, though this may limit service functionality.
6. CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
We do not "sell" your personal information. We do not share your health queries with data brokers or advertisers. For the purposes of CCPA, Giatros AI acts as a service provider that processes data solely to fulfill your request for information.
7. GENERAL DATA PROTECTION REGULATION (GDPR)
For users in the European Union:
- Legal Basis: We process data based on your explicit consent to provide educational AI responses.
- Data Subject Rights: We honor all GDPR rights, including the right to access, rectification, and erasure (Right to be Forgotten).
- Data Transfer: Data may be processed in jurisdictions outside the EEA. We ensure these transfers are protected by standard contractual clauses or equivalent safeguards.
8. HIPAA ALIGNMENT & COMPLIANCE (US)
For users in the United States and global users concerned with medical data standards:
- Security Rule: We implement administrative, physical, and technical safeguards that align with HIPAA Security Rule requirements.
- Data Minimization: We sanitize queries and minimize the storage of Protected Health Information (PHI).
- BAA Implementation: We prioritize partners and infrastructure providers who offer Business Associate Agreements (BAAs) to ensure a compliant chain of custody for health data.
9. SECURITY MEASURES
We implement industry-standard security protocols, including:
Encryption: All data is encrypted using TLS 1.3 in transit and AES-256 at rest.
Access Control: Strict internal policies prevent our staff from accessing user queries except for essential technical troubleshooting.
9. CHILDREN’S PRIVACY
Giatros AI is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will execute a server purge of that data immediately.
10. CONTACT US
If you have questions about this policy or wish to exercise your data rights, please contact our Data Protection Officer:
Email: hello@giatrosai.com