Privacy Policy

Effective Date: August 6, 2025

This Privacy Policy explains how Ultraviolet ("we," "us," or "our") collects, uses, and protects your personal data when you use the Prism AI SaaS platform ("Platform"). We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. WHO WE ARE

Ultraviolet is a company registered in Serbia with headquarters at Bulevar Arsenija Carnojevica 103, 11000 Belgrade, Serbia. As the data controller under the General Data Protection Regulation (GDPR), we determine the purposes and means of processing your personal data in connection with our Prism AI platform and related services.

2. WHAT DATA WE COLLECT

We collect and process the following categories of personal data:

2.1 Account and Identity Data

Full name
Email address
Company name and business information
Phone number (if provided)
Profile picture (if uploaded)
Account preferences and settings

2.2 Authentication and Security Data

Username and encrypted passwords
API keys and access tokens
Login timestamps and session data

2.3 Technical and Usage Data

IP addresses and geolocation data
Device information (browser type, operating system, device ID)
Platform usage statistics and analytics
API calls, requests, and response times
Error logs and debugging information
Feature usage patterns and user interactions

2.4 Commercial and Billing Data

Subscription plans and billing history
Invoicing details and tax information
Purchase history and transaction records

2.5 Communication Data

Support tickets and correspondence
Email communications and responses
Chat logs and support interactions
Feedback, surveys, and testimonials
Marketing communication preferences

3. HOW WE USE YOUR DATA

We process your personal data for the following purposes:

3.1 Service Provision and Platform Operations

Create and manage user accounts
Authenticate users and maintain security
Provide access to the Prism AI platform
Process and deliver AI/ML services
Maintain platform infrastructure and databases
Monitor system performance and availability
Backup and disaster recovery operations

3.2 Customer Support and Communication

Respond to support requests and technical issues
Provide customer service and assistance
Send service-related notifications and updates
Communicate about account changes or security issues
Conduct user training and onboarding

3.3 Billing and Financial Management

Manage subscription plans and billing cycles
Generate invoices and billing statements
Maintain financial records for accounting purposes
Comply with tax and regulatory requirements

3.4 Platform Improvement and Analytics

Analyze usage patterns and user behavior
Improve platform features and functionality
Conduct performance optimization
Develop new services and capabilities
Generate anonymized statistics and reports

3.5 Security and Fraud Prevention

Detect and prevent unauthorized access
Monitor for suspicious activities
Investigate security incidents
Implement access controls and authentication
Maintain audit logs and compliance records

3.6 Legal Compliance and Regulatory Requirements

Comply with applicable laws and regulations
Respond to legal requests and court orders
Maintain records for regulatory audits
Report incidents as required by law
Protect our legal rights and interests

3.7 Marketing and Business Development (with consent)

Send promotional materials and newsletters
Conduct market research and surveys
Organize events and webinars
Develop case studies and testimonials

4. LEGAL BASES FOR PROCESSING

Under GDPR Article 6, we process your personal data based on the following legal grounds:

4.1 Contractual Necessity (Article 6(1)(b))

Processing is necessary for the performance of our contract with you, including:

Account creation and management
Platform access and service delivery
Billing and invoicing
Customer support and technical assistance
Service-related communications

4.2 Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate business interests, which include:

Platform security and fraud prevention
Service improvement and optimization
Business analytics and reporting
Network and information security
Internal administration and record-keeping
Protecting our legal rights and interests

We have conducted a legitimate interest assessment (LIA) to ensure our interests do not override your fundamental rights and freedoms.

4.3 Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations, including:

Tax and accounting requirements
Regulatory compliance (financial services, data protection)
Court orders and legal proceedings
Anti-money laundering (AML) and know-your-customer (KYC) requirements
Data breach notification obligations

4.4 Consent (Article 6(1)(a))

Where we have obtained your explicit consent for:

Marketing communications and newsletters
Non-essential cookies and analytics
Testimonials and case studies
Market research and surveys

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to enhance your experience:

5.1 Essential Cookies (No consent required)

Session cookies for authentication and security
Login state management
Security tokens and CSRF protection

5.2 Analytics Cookies (Consent required)

Website usage analytics and user behavior tracking
Performance monitoring and optimization
Product insights and feature usage analysis

Cookie Management: You can manage your cookie preferences through your browser settings or our cookie consent banner.

6. DATA SHARING AND RECIPIENTS

We do not sell your personal data. We may share data with the following categories of recipients:

6.1 Service Providers and Processors

Cloud hosting and infrastructure providers
Analytics and monitoring tools
Email and communication services
Customer support platforms

6.2 Legal and Regulatory Requirements

Law enforcement agencies when required by law
Regulatory bodies for compliance purposes
Tax authorities for reporting obligations
Data protection authorities in case of investigations

6.3 Data Processing Agreements

All third-party processors are bound by GDPR-compliant data processing agreements with strict security and confidentiality requirements.

7. DATA TRANSFERS OUTSIDE THE EU

Your data may be processed or stored in the EU or other jurisdictions with adequate protection standards. When we transfer data outside the European Economic Area (EEA), we ensure protection through:

European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Additional technical and organizational safeguards
Binding Corporate Rules where applicable

8. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Active accounts: Data retained while your account is active
Closed accounts: Data retained for up to [X] years after account closure for legal and operational obligations
Financial records: Retained for statutory periods required by tax and accounting laws
Analytics data: May be anonymized and retained indefinitely for statistical purposes
Legal claims: Data retained as necessary to establish, exercise, or defend legal claims

9. YOUR RIGHTS UNDER GDPR

Under the GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

Request confirmation of whether we process your data and obtain a copy of your personal data.

9.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data without undue delay.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data when it is no longer necessary or if you withdraw consent.

9.4 Right to Restriction of Processing (Article 18)

Request limitation of processing in certain circumstances (e.g., while verifying accuracy).

9.5 Right to Data Portability (Article 20)

Receive your data in a structured, commonly used format and transmit it to another controller.

9.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

9.8 Right to Lodge a Complaint (Article 77)

Lodge a complaint with your local data protection authority if you believe your rights have been violated.

To exercise your rights, contact us at:
[email protected]

We will respond to your request within one month, which may be extended by two additional months in complex cases.

10. SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, including:

Encryption of data in transit (TLS/SSL) and at rest
Access control and authentication mechanisms
Regular security audits and vulnerability assessments
Employee training on data protection and security
Incident response and breach notification procedures
Regular backup and disaster recovery testing
Network security and firewall protection

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

Update the "Effective Date" at the top of this policy
Notify you via email to your registered email address
Display a prominent notice on the Platform
Request your consent if required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

12. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: [email protected]

Postal Address:
Ultraviolet
Bulevar Arsenija Carnojevica 103
11000 Belgrade, Serbia