Data Privacy Policy

Data Privacy Policy

This Data Privacy Policy outlines Takara’s commitment to protecting personal information collected from users and clients. It details how data, including personal details, usage patterns, and client-provided information for AI development, is collected, used, and secured, emphasizing compliance with UK GDPR. The policy covers data security measures, retention periods, user rights regarding their data, and the processes for exercising those rights. It also addresses data processing agreements with clients, third-party processors, data breach response, and the use of cookies. Takara is transparent about its data handling practices and committed to maintaining user privacy.

1. Information Collection and Use

Information We Collect

We may collect the following types of information:

  • Personal Identification Information: Name, email address, phone number, billing address, and payment details.
  • Usage Data: Information on how you interact with our services, including access times, pages viewed, and features used.
  • Device Information: Device type, operating system, browser type, IP address, and mobile device identifiers.
  • Client-Provided Data: Datasets, documents, or other information provided by our clients for the purpose of our AI consulting services.

How We Use Your Information

We use your information for the following purposes: -To provide and maintain our services

  • To process transactions
  • To send you service-related communications
  • To improve our services
  • To respond to your inquiries
  • To comply with legal obligations
  • For AI Development and Training: Client-provided data may be used to develop, train, optimize, or evaluate AI models as part of our consulting services

2. Data Handling

Data Security

We deploy systems entirely on Amazon Web Services (AWS), adhering to the AWS Well-Architected Framework and AWS security best practices. Our security measures include:

  • Implementation of AWS’s robust security controls, including Virtual Private Clouds (VPCs), Security Groups, and Network Access Control Lists
  • Use of AES-256 encryption for data at rest via AWS’s native encryption services
  • Data in transit protection through TLS/SSL encryption
  • AWS IAM (Identity and Access Management) with role-based access controls and the principle of least privilege
  • Multi-factor authentication for all administrative access
  • Regular security assessments and audits of our AWS architecture
  • Real-time monitoring and logging using AWS CloudWatch and AWS CloudTrail
  • Automated security patching and updates for all infrastructure components
  • Regular backups with versioning to prevent data loss
  • For client-provided AI training data, we implement additional segregation controls through separate AWS accounts or isolated environments

Data Retention

We retain different types of data for specific periods:

  • Transaction Data: Retained for 7 years to comply with financial regulations.
  • Usage Logs: Retained for 90 days for security and analytics purposes.
  • Marketing Preferences: Retained until you opt out or request deletion.
  • Client-Provided Data for AI Development: Retained according to terms specified in our consulting agreement with each client. By default, this data is retained for the duration of the project plus 90 days, unless otherwise agreed upon in writing.

3. User Rights

Under the General Data Protection Regulation (GDPR) and UK data protection laws, you have rights over your personal data, including the right to access, correct, or delete your information. To exercise any of these rights, please email us at privacy@takara.ai. We will:

  • Verify your identity through our verification process (typically requiring account credentials or personal identifiers)
  • Respond to your request within 30 days
  • Extend this period by up to an additional 60 days if necessary, with notification

4. Client Data Processing

As an AI consulting firm, we often act as a data processor on behalf of our clients. In such cases:

  • Processing Agreement: We enter into a formal data processing agreement that details the scope, purpose, and duration of processing.
  • Data Minimization: We work with clients to ensure only necessary data is provided for AI development.
  • Anonymization and Pseudonymization: Where appropriate, we implement anonymization or pseudonymization techniques to protect individual privacy when processing data for AI model training.
  • Specialized Handling: Client data used for AI training is segregated from other data and subject to enhanced security controls.
  • Return or Deletion: Upon project completion, client data is either returned or deleted according to the terms of our agreement, unless retention is required for model maintenance or agreed upon in writing.

5. Third-Party Services

We work with the following categories of third-party service providers:

  1. Cloud Hosting Services (e.g. AWS): Store and process your data on secure servers.
  2. Payment Processors (e.g. Stripe): Process your payment information.
  3. Analytics Providers (e.g. Google Analytics): Help us understand service usage patterns.
  4. Email Service Providers (e.g. Salesforce, Mailchimp): Facilitate email communications.
  5. Customer Support Tools (e.g., Atlassian JIRA, Notion, GitHub): Manage project activities. We have executed Data Processing Agreements with each provider, ensuring they adhere to strict data protection standards and only process your data according to our instructions. These services are selected for their functionality and industry-standard security measures, but we encourage you to review their respective privacy policies for more details on how they handle your data.

Data Storage and Security

We take appropriate measures to protect your personal data. Any data we collect is stored securely and processed in compliance with applicable data protection laws. We ensure that any third-party services we use comply with high privacy and security standards, including GDPR requirements where applicable.

6. General Provisions

Data Breaches

In the event of a data breach that risks your rights and freedoms, we will:

  1. Investigate and contain the breach promptly
  2. Notify affected individuals within 72 hours where feasible
  3. Provide clear information about the nature of the breach and steps we’re taking
  4. Notify relevant supervisory authorities as required by applicable law
  5. Take measures to mitigate potential adverse effects
  6. For client-provided data, notify the client according to the terms of our data processing agreement

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information. These are used for enhancing your experience, improving our website’s functionality, and supporting our marketing efforts. This includes cookies set by Google Analytics and Google Tag Manager for analytics purposes.

Changes to This Privacy Policy

We reserve the right to update or change our Privacy Policy at any time and without prior notice. Your continued use of our service after any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Data Privacy Policy.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@takara.ai.

Last modified: October 15, 2024