Privacy Policy

1. Introduction

NonSilo ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Data Controller

NonSilo is the data controller responsible for your personal information. For any privacy-related inquiries, you can contact us at:

Privacy Contact: legal@nonsilo.com

3. Information We Collect

3.1 Personal Information

• Account Information: First name, last name, email address, and any other information you provide during registration
• Profile Information: Organization affiliation, role, professional details, and profile preferences
• Communication Data: Messages, chat content, voice recordings (if using voice features), and translations
• Authentication Data: Magic link tokens, authentication sessions, and security credentials
• Organization Data: Information about organizations you create or join, including documents, descriptions, and UNSPSC classifications

3.2 Usage Information

• Activity Data: Pages visited, features used, search queries, projects viewed, and user interactions
• Communication Patterns: Chat participation, message frequency, channel memberships, and collaboration activities
• Preferences: Language preferences, notification settings, and customization choices
• Device Information: Browser type, operating system, device identifiers, and IP addresses
• Performance Data: Error logs, system performance metrics, and service analytics

3.3 Technical Information

• Cookies and Similar Technologies: Session cookies, preference cookies, analytics cookies, and local storage data
• Log Files: Server logs, access times, request paths, and response codes
• Location Data: General location information derived from IP addresses (not precise geolocation)
• Third-Party Integration Data: Information obtained through integrations with external service providers and government data sources

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, operate, maintain, and improve the Service, including account management and authentication
• Communication Features: To enable real-time translation, chat functionality, and multi-language collaboration
• AI Enhancement: To enrich organization profiles using AI analysis of publicly available information
• Project Integration: To sync and display Ukraine reconstruction projects from the DREAM API
• Personalization: To customize your experience, remember your preferences, and provide relevant content
• Analytics and Improvement: To analyze usage patterns, measure Service effectiveness, and identify areas for improvement
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and illegal activities
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

• Contractual Necessity: Processing is necessary to perform our contract with you (providing the Service)
• Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the Service, ensuring security, and analyzing usage
• Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)
• Legal Obligation: Processing is necessary to comply with legal obligations

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

• Service Providers: We share data with trusted third-party service providers who assist us in operating the Service, including providers for authentication, cloud storage, AI-powered features, database management, and infrastructure services
• Collaboration Partners: Information you choose to share in chats or collaboration workspaces is visible to other participants
• Public Information: Organization profiles and project information may be publicly visible as part of the ReBuild Ukraine initiative
• Legal Requirements: We may disclose your information if required by law, legal process, or governmental request
• Business Transfers: In connection with any merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Third-Party Services

The Service integrates with various third-party service providers to deliver our features, including authentication services, cloud infrastructure, AI-powered features, database services, and government data sources. Each of these providers has their own privacy policies and data practices.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Types of cookies we use:

• Essential Cookies: Required for the Service to function, including authentication and security cookies
• Preference Cookies: Remember your settings and preferences (e.g., language selection stored in x-nonsilo-locale cookie)
• Analytics Cookies: Help us understand how users interact with the Service and monitor performance
• Functional Cookies: Enable enhanced functionality and personalization

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Service.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit using industry-standard TLS/SSL protocols
• Encryption of data at rest in our databases and storage systems
• Access controls and authentication mechanisms to limit data access to authorized personnel only
• Regular security assessments, monitoring, and error tracking
• Secure authentication using magic links and robust session management

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account data is retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
• Chat messages and communications are retained as long as the chat channel exists or until deleted by authorized users
• Log files and analytics data are typically retained for 90 days unless required for security investigations
• Legal and compliance records are retained as required by applicable law (typically 3-7 years)

11. Your Rights (GDPR and Data Protection)

If you are located in the EEA, UK, or other jurisdictions with data protection laws, you have the following rights:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal information
• Right to Erasure: Request deletion of your personal information under certain circumstances
• Right to Restriction: Request restriction of processing of your personal information
• Right to Data Portability: Request transfer of your data to another service provider in a structured, machine-readable format
• Right to Object: Object to processing of your personal information for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your information

To exercise these rights, please contact us at privacy@nonsilo.com. We will respond to your request within 30 days as required by GDPR.

12. International Data Transfers

Your information may be transferred to and maintained on servers and databases located outside of your country, state, or jurisdiction where data protection laws may differ. By using the Service, you consent to the transfer of your information to countries outside your country of residence.

When we transfer personal data from the EEA to other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

13. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

If we discover that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information from our servers.

14. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR and applicable data protection laws.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy.

17. Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.