Privacy Policy

1. Information We Collect

IRONHELIX AI TECHNOLOGIES CO. - SMC LIMITED (trading as IRONHELIX) collects information necessary to provide Data Architect and related services. We collect:

• Account data: Name, email, company name, job title
• Usage data: Feature usage, session duration, schema operations (for service improvement and support)
• Payment data: Processed exclusively by third-party payment processors (e.g., Paddle); we do not store full card numbers
• Technical data: IP address, browser type, device information, logs
• Support communications: Emails and tickets sent to support@ironhelix.ai

2. Data Storage and Retention

Data is stored in secure, geographically distributed data centers. Retention periods:

• Account data: Retained while account is active; deleted within 30 days of account closure
• Audit logs: Retained for 12 months (enterprise: configurable)
• Payment records: Retained as required by tax and financial regulations (typically 7 years)
• Support tickets: Retained for 24 months after resolution

3. Third-Party Services

We use the following categories of third-party services. Each is bound by data processing agreements:

• Payment processing: Paddle or similar; processes payments; we receive transaction identifiers only
• Hosting & infrastructure: Vercel, AWS, or equivalent; stores application and database data
• Email: Domain-based email (support@ironhelix.ai, legal@ironhelix.ai); transactional and support communications
• Analytics (optional): Aggregated, anonymized usage metrics for product improvement

We do not sell personal data. We do not use customer data for model training without explicit consent.

4. Security Controls

We implement industry-standard security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls (RBAC) for all platform access
• Audit logging of schema changes and administrative actions
• Regular security assessments and penetration testing
• SOC 2 Type II and ISO 27001 aligned practices

5. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data (subject to legal retention)
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing where legally applicable
• Withdraw consent: Where processing is consent-based

To exercise these rights, contact privacy@ironhelix.ai. We will respond within 30 days.

6. International Transfers

Data may be transferred to and processed in countries outside your residence. We use Standard Contractual Clauses (SCCs) and other approved mechanisms to ensure adequate protection under GDPR and similar regulations.

7. Children's Privacy

Data Architect is a B2B enterprise tool. We do not knowingly collect data from individuals under 18. Our services are not directed to minors.

8. Changes

We may update this policy. Material changes will be posted here with an updated date. Continued use after changes constitutes acceptance.