Privacy Policy

1. INTRODUCTION

This Privacy Policy explains how Avanta Systems ("we," "us," "our") collects, uses, shares, and protects personal data when you use the AI Extension platform ("Platform" or "Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. WHO WE ARE (DATA CONTROLLER)

3. WHAT PERSONAL DATA WE COLLECT

We collect different types of personal data depending on how you use the Platform:

3.1 Account and Registration Data

When you create an account, we collect:

• Full name
• Email address
• Company name (optional)
• Password (encrypted)
• Billing information (processed by Stripe - see Section 6)

3.2 Platform Usage Data

When you use the Platform, we collect:

• Loxone configuration files (.loxone XML) you upload
• Project data (project names, descriptions, metadata)
• Templates you create
• Function lists generated
• AI queries and prompts you submit
• Exported documents (PDFs, Word, Excel files)
• Files and data you store on the Platform

3.3 AI Interaction Data

When you use AI features, we process:

• Your prompts and queries to the AI
• AI-generated responses and content
• Context from your projects used in AI queries
• Feedback you provide on AI outputs

3.4 Technical and Analytics Data

We automatically collect:

• IP address
• Browser type and version
• Device information (operating system, device type)
• Login timestamps and session duration
• Pages visited and features used
• Error logs and diagnostic data
• Cookies and similar tracking technologies (see Section 9)

4. HOW WE USE YOUR PERSONAL DATA (LEGAL BASIS)

We process your personal data for the following purposes and legal bases:

4.1 To Provide the Service (Contractual Necessity)

Legal Basis: Performance of our contract with you (Terms and Conditions)

• Create and manage your account
• Provide access to Platform features
• Process Loxone configuration files
• Generate AI-powered documentation
• Enable template creation and project management
• Export documents in requested formats
• Provide customer support

4.3 To Improve the Platform (Legitimate Interest)

Legal Basis: Our legitimate interest in improving our services

• Analyze usage patterns to improve features
• Identify and fix bugs and errors
• Develop new features and enhancements
• Optimize platform performance
• Conduct internal research and analytics

Note: We balance this interest against your privacy rights. You can object to this processing (see Section 12).

4.6 To Send Marketing Communications (Consent)

Legal Basis: Your explicit consent

• Product updates and new features
• Educational content and tutorials
• Promotional offers and discounts

You can withdraw consent at any time by clicking "unsubscribe" in our emails or contacting privacy@ai-extension.com

5. AI-POWERED FEATURES AND DATA PROCESSING

5.1 AI Service Provider

We use Anthropic Claude (via Anthropic API) to provide AI-powered features, including:

• Generating customer-friendly function descriptions
• Creating project documentation
• Answering technical questions about configurations
• Translating technical data into plain language

5.3 Data Used for AI Training

IMPORTANT: Under Anthropic's Commercial API Terms, your data submitted via the API is NOT used to train AI models.

Anthropic processes your API requests solely to provide responses and does not use your prompts or outputs for model training or improvement.

For full details, see Anthropic's Commercial Terms and Privacy Policy at: https://www.anthropic.com/legal

5.5 Anthropic's Data Processing Location

Anthropic may process data in the United States and other locations worldwide. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection for transfers outside the EU/EEA.

6. HOW WE SHARE YOUR PERSONAL DATA

We do NOT sell your personal data to third parties. We only share your data with the following categories of recipients:

6.1 Sub-Processors (Service Providers)

We use trusted third-party service providers to help us operate the Platform. These sub-processors are contractually obligated to protect your data and use it only for the purposes we specify.

Note: We will notify you of any changes to this list of sub-processors. You can object to new sub-processors by contacting privacy@ai-extension.com within 30 days of notification.

7. INTERNATIONAL DATA TRANSFERS

7.1 EU/EEA Data Transfers

Your data is primarily stored within the European Union. However, some of our sub-processors (e.g., Anthropic, Stripe, Vercel) may process data outside the EU/EEA, including in the United States.

7.2 Safeguards for International Transfers

For data transfers outside the EU/EEA, we use the following safeguards approved by the European Commission:

Standard Contractual Clauses (SCCs): We have executed SCCs with all sub-processors that process data outside the EU/EEA. SCCs are contractual commitments that require these providers to protect your data according to EU standards.

8. HOW LONG WE KEEP YOUR PERSONAL DATA

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Platform. They help us recognize you, remember your preferences, and analyze how you use the Platform.

9.2 Types of Cookies We Use

9.4 Managing Cookie Preferences

You can control cookies through your browser settings. Most browsers allow you to block all cookies, accept only first-party cookies, delete existing cookies, or receive notifications before cookies are stored.

Note: Blocking strictly necessary cookies will prevent the Platform from functioning properly.

12. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

12.1 Right of Access

What it means: You can request a copy of all personal data we hold about you.

How to exercise: Email privacy@ai-extension.com with subject "Data Access Request"

Response time: Within 30 days (may be extended by 2 months for complex requests)

12.2 Right to Rectification

What it means: You can request corrections to inaccurate or incomplete data.

How to exercise: Update your profile in Platform settings, or email privacy@ai-extension.com

12.3 Right to Erasure ("Right to be Forgotten")

What it means: You can request deletion of your personal data in certain circumstances.

How to exercise: Delete your account in Platform settings, or email privacy@ai-extension.com

12.5 Right to Data Portability

What it means: You can receive your data in a structured, commonly used, machine-readable format and transmit it to another service.

Format: JSON or CSV

12.8 Right to Lodge a Complaint

What it means: If you believe we have violated your privacy rights, you can lodge a complaint with a supervisory authority.

QUICK REFERENCE: YOUR PRIVACY RIGHTS

Response Time: Within 30 days for all requests
Contact: privacy@ai-extension.com

18. CONTACT US

For any privacy-related questions, concerns, or to exercise your rights:

19. ACKNOWLEDGMENT

BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT:

1. You have read and understood this Privacy Policy
2. You consent to the collection, use, and sharing of your personal data as described
3. You understand your rights under GDPR
4. You understand how to exercise those rights
5. You understand that we use AI services (Anthropic Claude) that may process data outside the EU
6. If you upload client data, you are the Data Controller and have obtained necessary legal basis
7. You understand our cookie usage and can manage preferences

If you do not agree with this Privacy Policy, you must not use the Platform.