Privacy Policy

Our commitment to protecting your privacy and data rights in our AI-driven services.

Privacy Policy

Amysoft Digital Technologies
A DBA of Caruso Carpe Diem, LLC

Effective Date: January 22, 2025
Last Updated: September 22, 2025

1. Introduction and Our Commitment to Privacy

Welcome to Amysoft Digital Technologies ("Amysoft," "we," "us," or "our"). We are an AI-driven software development agency specializing in agentic large language model workflows. This Privacy Policy explains how we collect, use, protect, and share information when you visit our website at https://www.amysoft.tech or use our services.

We are committed to:

  • Transparency in our data practices and AI operations
  • Privacy by Design in all our products and services
  • User control over personal information
  • Ethical AI development with human oversight

This Policy complies with applicable U.S. state privacy laws including those of California (CCPA/CPRA), Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Montana, Oregon, Texas, Utah, and Virginia, as well as international frameworks where applicable.

2. Information We Collect

2.1 Information You Provide Directly

Account and Contact Information:

  • Name, email address, phone number
  • Company name, job title, business address
  • Account credentials (username, encrypted password)
  • Professional information (LinkedIn profile, portfolio)

Communication Data:

  • Messages, inquiries, and support requests
  • Feedback, testimonials, and reviews
  • Survey responses and consultation notes
  • Meeting recordings (with consent)

Transaction Information:

  • Billing name and address
  • Payment method details (processed by secure third-party providers)
  • Purchase history and invoices
  • Contract and service agreement details

2.2 Information Collected Automatically

Device and Technical Information:

  • IP address and approximate location
  • Browser type, version, and language settings
  • Operating system and device type
  • Screen resolution and device identifiers
  • Time zone and locale preferences

Website Interaction Data:

  • Pages visited and content viewed
  • Click patterns and navigation paths
  • Search queries on our site
  • Referring URLs and exit pages
  • Date, time, and duration of visits

Cookies and Tracking Technologies:

  • Session cookies (temporary)
  • Persistent cookies (preferences and authentication)
  • Analytics cookies (Google Analytics, with anonymized IPs)
  • Performance monitoring data
  • AI interaction logs and patterns

2.3 AI-Specific Data Collection

AI Service Interaction Data:

  • Prompts and queries submitted to our AI systems
  • AI-generated responses and outputs
  • Model performance metrics
  • Error logs and debugging information
  • User feedback on AI outputs

AI Training and Improvement Data:

  • Anonymized interaction patterns
  • Aggregated usage statistics
  • Model performance benchmarks
  • Quality assessment metrics

Important Note: We do NOT use client data or user interactions for training our AI models without explicit, separate consent.

3. How We Use Your Information

3.1 Primary Purposes

Service Delivery:

  • Provide and maintain our AI-driven services
  • Process transactions and manage accounts
  • Respond to inquiries and support requests
  • Customize services to your specifications

Communication:

  • Send service updates and important notices
  • Provide technical support and customer service
  • Share relevant industry insights (with consent)
  • Notify about security or privacy changes

Improvement and Development:

  • Enhance website functionality and user experience
  • Develop new features and services
  • Conduct internal analytics and research
  • Fix bugs and improve system performance

3.2 AI-Specific Uses

Automated Processing:

  • Generate AI-powered insights and recommendations
  • Automate routine support inquiries (with human review available)
  • Optimize service delivery through pattern recognition
  • Detect and prevent fraudulent activities

Model Enhancement (Only with Consent):

  • Improve AI accuracy and relevance
  • Reduce bias and enhance fairness
  • Develop new AI capabilities
  • Conduct ethical AI research

3.3 Legal and Compliance Uses

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect rights, property, and safety
  • Enforce our terms of service and agreements
  • Investigate potential violations

4. AI Transparency and Automated Decision-Making

4.1 Our AI Systems

We use artificial intelligence and machine learning technologies to power our services. Here's what you should know:

Types of AI Processing:

  • Natural language processing for understanding queries
  • Pattern recognition for service optimization
  • Predictive analytics for performance improvement
  • Automated content generation (clearly disclosed)

Human Oversight:

  • All significant decisions include human review options
  • You can request human intervention at any time
  • Critical decisions are never fully automated
  • Regular audits ensure AI accuracy and fairness

4.2 Your Rights Regarding Automated Processing

You have the right to:

  • Know when AI is being used to process your data
  • Request human review of automated decisions
  • Opt-out of certain automated processing
  • Receive explanations of AI-driven outcomes
  • Challenge decisions that significantly affect you

4.3 AI Ethics and Bias Monitoring

We are committed to ethical AI practices:

  • Regular bias testing across demographic groups
  • Implementation of NIST AI Risk Management Framework
  • Transparent documentation of AI limitations
  • Continuous monitoring for discriminatory outcomes
  • Prompt correction of identified biases

5. Data Sharing and Third-Party Disclosure

5.1 Service Providers

We share data with carefully selected service providers:

Cloud Infrastructure:

  • Amazon Web Services (USA) - hosting and storage
  • Cloudflare (Global) - security and performance
  • Google Cloud Platform (USA) - backup and disaster recovery
  • VULTR Cloud Platform (USA) - Hosting and storage

Business Operations:

  • Stripe (USA) - payment processing
  • SendGrid (USA) - transactional emails
  • Zendesk (USA) - customer support
  • DocuSign (USA) - contract management

Analytics and Monitoring:

  • Google Analytics (USA) - website analytics
  • Datadog (USA) - performance monitoring
  • Sentry (USA) - error tracking

AI/LLM (Large Language Models):

  • Anthropic - research, planning, communication and code generation
  • OpenAI - research, planning, communication and code generation
  • xAI - research, planning, communication and code generation
  • Perplexity - research, planning, communication and code generation
  • Deep.ai - Media, images, video, audio generation

5.2 Business Transfers

Your information may be transferred if we:

  • Merge with or are acquired by another company
  • Sell or transfer business assets
  • Undergo reorganization or bankruptcy
  • Form strategic partnerships or joint ventures

5.3 Legal Requirements

We may disclose information when required by:

  • Court orders or subpoenas
  • Law enforcement requests
  • National security requirements
  • Protection of legal rights

5.4 We Do NOT:

  • Sell your personal information to third parties
  • Share data for third-party marketing without consent
  • Transfer data to countries without adequate protections
  • Use your data for purposes incompatible with this policy

6. Data Retention and Deletion

6.1 Retention Periods

We retain your information only as long as necessary:

  • Active Account Data: Duration of relationship plus 3 years
  • Transaction Records: 7 years for tax/legal compliance
  • Communication Logs: 2 years from last interaction
  • Website Analytics: 26 months (industry standard)
  • AI Interaction Data: 12 months (unless you consent to longer)
  • Security Logs: 24 months for incident investigation
  • Marketing Data: Until consent withdrawn or 3 years of inactivity

6.2 Deletion Practices

When retention periods expire or upon valid deletion requests:

  • Personal data is permanently deleted or anonymized
  • Backups are purged within 90 days
  • AI models trained on deleted data are updated
  • Third-party processors are instructed to delete
  • Deletion confirmation is available upon request

7. Your Privacy Rights

7.1 Universal Rights

Regardless of location, you have the right to:

  • Access: Request copies of your personal information
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request removal of your information
  • Portability: Receive data in a machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Opt-out of certain processing activities

7.2 State-Specific Rights

California Residents (CCPA/CPRA):

  • Right to know categories and specific pieces of data
  • Right to opt-out of "sale" or "sharing" of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate information

Colorado, Connecticut, Utah, and Virginia Residents:

  • Right to opt-out of targeted advertising
  • Right to opt-out of profiling for consequential decisions
  • Right to appeal privacy rights decisions

Nebraska Residents:

  • Universal opt-out signal recognition (Global Privacy Control)
  • Broad definition of "sale" including valuable consideration

Other State Residents:

Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Montana, Oregon, and Texas residents have similar rights under their respective state laws.

7.3 Exercising Your Rights

How to Submit Requests:

Response Timeline:

  • Acknowledgment: Within 3 business days
  • Initial Response: Within 30 days
  • Complex Requests: Up to 90 days with notice

Verification Process:

We verify identity through:

  • Email confirmation for basic requests
  • Government ID for sensitive data requests
  • Account authentication for existing users
  • Authorized agent documentation where applicable

8. Children's Privacy (COPPA Compliance)

8.1 Age Restrictions

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

8.2 Mixed Audience Considerations

If our services may appeal to mixed audiences:

  • Age screening before data collection
  • Parental consent for users under 13
  • Enhanced protections for users 13-17
  • No targeted advertising to minors
  • Separate consent for AI training use

8.3 Parental Rights

Parents/guardians may:

  • Review their child's information
  • Request deletion of child's data
  • Revoke consent for future collection
  • Contact us at parents@amysoft.tech

9. Cookie Policy and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies:

  • Authentication and security
  • Load balancing and performance
  • Preference storage
  • Session management

Analytics Cookies (With Consent):

  • Google Analytics (anonymized IPs)
  • Performance monitoring
  • A/B testing tools
  • Heatmap analysis

AI Enhancement Cookies:

  • Interaction pattern analysis
  • Service personalization
  • Model performance tracking
  • User experience optimization

9.2 Managing Cookies

Your Cookie Choices:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize by category
  • Use Global Privacy Control signals

How to Control Cookies:

  • Browser settings menu
  • Our cookie preference center
  • Third-party opt-out tools
  • Do Not Track signals (honored)

9.3 Third-Party Tracking

We use limited third-party tracking for:

  • Security and fraud prevention
  • Essential service functionality
  • Aggregated analytics (with consent)
  • Performance optimization

10. Data Security

10.1 Security Measures

We implement comprehensive security including:

Technical Safeguards:

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • Multi-factor authentication
  • Regular security audits
  • Intrusion detection systems

Organizational Measures:

  • Access controls and least privilege
  • Employee security training
  • Incident response procedures
  • Vendor security assessments
  • Regular penetration testing

AI-Specific Security:

  • Model access controls
  • Training data encryption
  • Adversarial attack prevention
  • Output filtering and validation
  • Prompt injection protection

10.2 Data Breach Response

In the event of a security incident:

  • Immediate containment and investigation
  • Notification within 72 hours (where required)
  • Detailed incident report provided
  • Remediation and prevention measures
  • Credit monitoring offered if appropriate

11. International Data Transfers

11.1 Transfer Mechanisms

When transferring data internationally:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where available
  • Consent for specific transfers
  • Binding Corporate Rules (where applicable)

11.2 Your Rights for International Transfers

You may:

  • Request information about transfer safeguards
  • Obtain copies of transfer agreements
  • Object to certain transfers
  • Withdraw consent where applicable

12. Privacy by Design

12.1 Our Approach

Privacy is embedded in everything we do:

  • Data minimization by default
  • Purpose limitation enforcement
  • Privacy impact assessments
  • Security from the ground up
  • Transparent data practices

12.2 AI Development Principles

Our AI systems are built with:

  • Differential privacy techniques
  • Federated learning where possible
  • Homomorphic encryption research
  • Explainable AI frameworks
  • Regular fairness audits

13. Changes to This Privacy Policy

13.1 Update Notifications

We may update this policy to reflect:

  • Legal or regulatory changes
  • New features or services
  • Improved privacy practices
  • User feedback and concerns

13.2 Material Changes

For material changes:

  • 30-day advance notice via email
  • Prominent website announcement
  • Opportunity to object or delete account
  • Grandfathering of existing agreements where possible

14. Contact Us

14.1 Privacy Inquiries

For privacy-related questions or requests:

Privacy Office:
Amysoft Digital Technologies
Attn: Privacy Officer
2028 S. HWY 53, Suite 3-110
La Grange, Kentucky, USA 40031

Email: inquiries@amysoft.tech
Online Form: https://www.amysoft.tech/privacy-contact

14.2 Response Commitment

We commit to:

  • Acknowledge inquiries within 3 business days
  • Provide substantive responses within 30 days
  • Escalate complex issues appropriately
  • Maintain confidentiality of all communications

14.3 Supervisory Authorities

You may also contact:

  • Your state's Attorney General
  • Federal Trade Commission (FTC)
  • For GDPR: Your local Data Protection Authority

15. Additional Disclosures

15.1 California Privacy Rights Metrics (CCPA)

For the period January 1 - December 31, 2024:

  • Requests Received: [To be updated annually]
  • Requests Completed: [To be updated annually]
  • Average Response Time: [To be updated annually]
  • Requests Denied: [To be updated annually]

15.2 Do Not Sell or Share

We do NOT sell personal information as defined under CCPA and other state laws. We do NOT share personal information for cross-context behavioral advertising.

15.3 Financial Incentives

We do not currently offer financial incentives for personal information collection.

15.4 Accessibility

This Privacy Policy is available in:

  • Screen-reader compatible format
  • Large print upon request
  • Alternative languages upon request

Version History:

  • Version 1.0 - January 15, 2024 - Initial Policy
  • Version 2.0 - September 22, 2025 - Comprehensive AI/LLM Policy

Legal Entity:
Amysoft Digital Technologies is a DBA of Caruso Carpe Diem, LLC, a limited liability company organized under the laws of Kentucky, USA.

© 2025 Amysoft Digital Technologies. All rights reserved.