Privacy Policy

Huffman AI Solutions LLC ("Company," "we," "us," or "our") provides AI-powered business infrastructure and automation services ("Service") to businesses and entrepreneurs under three engagement models: Subscription-based service, Profit Sharing partnerships, and Equity partnerships.

This Privacy Policy explains:

• What information we collect
• How we use and protect that information
• Your rights regarding your information
• How we comply with privacy laws
• Special considerations for different engagement models

By using the Service, you consent to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use the Service.

1. Introduction

Huffman AI Solutions LLC ("Company," "we," "us," or "our") provides AI-powered business infrastructure and automation services ("Service") to businesses and entrepreneurs under three engagement models: Subscription-based service, Profit Sharing partnerships, and Equity partnerships.

This Privacy Policy explains what information we collect, how we use and protect that information, your rights regarding your information, how we comply with privacy laws, and special considerations for different engagement models.

By using the Service, you consent to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account and Business Information:

• Name, email address, phone number, and title
• Company name, business type, and business address
• Business tax ID and incorporation details (Equity and Profit Sharing models)
• Payment information (processed by third-party payment processor)
• Business bank account or financial information (Profit Sharing and Equity models only)

Service Configuration and Access:

• Email account credentials (via OAuth — we do not store your password)
• Calendar/scheduling system access
• CRM, accounting, or business system integration credentials (with your authorization)
• API keys and authentication tokens
• Communication preferences and workflow settings

2.2 Information Collected Automatically Through the Service

Business Communications:

• Email messages (subject, body, attachments, sender, recipients, timestamps)
• Email metadata (folders, labels, read/unread status)
• Chat, messaging, or communication platform data
• Documents and shared files (if integrated)

Operational Data:

• Calendar events and scheduling information
• Task and project management data
• Business contacts and customer information
• Sales pipeline and transaction data
• Performance metrics and analytics

For Profit Sharing and Equity Models — Additional Data:

• Financial statements and revenue/profit data
• Customer lists and transaction details
• Business metrics and key performance indicators
• Strategic plans and business projections
• Operational and staffing information

Diagnostic and Usage Data:

• Service usage patterns (features used, frequency, access times)
• Error logs and diagnostic information
• Performance metrics and improvement tracking
• System activity and access logs

2.3 Information We Do NOT Collect

• Location data (unless specifically authorized for location-based services)
• Biometric data
• Phone call recordings or video recordings (unless you authorize third-party integrations)
• Personal social media accounts (unless you connect them via OAuth)
• Government-issued ID numbers (except where required for financial reporting, Profit Sharing/Equity models)

3. How We Use Your Information

3.1 To Provide the Service (All Models)

• Operational Automation: Process communications, schedule tasks, manage workflows
• AI Assistance: Generate recommendations, draft communications, provide insights
• Customization: Train AI to understand your business practices and communication style (your data only)
• Integration Support: Connect to your business systems (CRM, accounting, etc.)
• Monitoring and Reporting: Track service performance and provide metrics

3.2 For Financial and Business Purposes (Profit Sharing and Equity Models)

• Financial Calculation: Calculate profit sharing percentages or equity valuations
• Business Operations: Manage business processes and optimize workflows
• Performance Tracking: Monitor business metrics and KPIs
• Compliance Reporting: Prepare financial reports and tax documentation
• Strategic Planning: Provide business insights and recommendations

3.3 To Improve the Service

• Analyze usage patterns to improve features (anonymized and aggregated)
• Debug errors and optimize performance
• Develop new capabilities based on user needs
• Conduct A/B testing and user research (with your consent)

3.4 To Communicate With You

• Send service updates, feature announcements, and maintenance notices
• Provide customer support and technical assistance
• Send billing and payment notifications
• Request feedback and conduct user research (opt-in only)
• For Equity partners: Provide regular business updates and performance reports

3.5 To Comply With Legal Obligations

• Respond to subpoenas, court orders, or legal processes
• Investigate fraud, security incidents, or violations of our Terms of Service
• Comply with data protection laws and tax regulations
• Maintain required business and financial records

4. How We Share Your Information

4.1 Service Providers

AI and Processing Services:

• Anthropic (Claude API): We send business content and context to Claude for AI processing. Anthropic's privacy policy: https://www.anthropic.com/legal/privacy
• Anthropic does not train on our API usage data for other clients
• For Equity and Profit Sharing models: We may send anonymized business data for performance analysis

Hosting and Infrastructure Providers:

• Cloud hosting (AWS, Google Cloud, or similar) for secure data storage and processing
• All providers are contractually required to protect your data and use it only for Service delivery
• Standard data processing agreements (DPA) are in place

Payment and Financial Processing:

• Payment processors (Stripe, etc.) for billing (your full credit card numbers are never stored by us)
• Payment processors do NOT receive your confidential business data
• For Profit Sharing/Equity: Financial reporting services may process anonymized aggregate data only

Third-Party Integrations (With Your Authorization):

• CRM systems, accounting software, communication platforms, etc.
• Only when you explicitly authorize the integration
• Integration is controlled by your settings and can be revoked at any time

4.2 Legal Requirements and Law Enforcement

We may disclose information if required by:

• Valid court orders, subpoenas, or legal processes
• Requests from law enforcement or regulatory agencies (with proper legal process)
• Investigation of fraud, security breaches, or violations of our Terms of Service
• Tax compliance and financial reporting requirements

4.3 Business Transfers and Acquisitions

If Huffman AI Solutions is acquired, merged, or sells assets:

• Your information may be transferred to the new owner
• We will notify you before your information becomes subject to a different privacy policy
• For Equity partnerships: Transfer of equity stake requires separate written agreement

4.4 With Your Explicit Consent

We may share information with third parties when you explicitly authorize us to do so:

• Business integrations and connections
• Authorized vendor relationships
• Specific reporting or advisory services
• You can revoke consent at any time

4.5 Confidentiality Agreements

Any third-party recipient of your information is contractually bound to:

• Maintain confidentiality of your business data
• Use data only for the stated purpose
• Implement security measures equal to ours
• Report any unauthorized access immediately

5. Data Security and Protection

5.1 Security Measures

We implement industry-standard security practices:

• Encryption in Transit: TLS 1.3 for all data in transit over the internet
• Encryption at Rest: AES-256 encryption for stored data in databases and backups
• Access Controls: Role-based access restrictions for Company personnel with need-to-know
• Authentication: Multi-factor authentication (MFA) for administrative access
• OAuth: We use OAuth for email/calendar access and do not store your passwords
• Regular Audits: Periodic security reviews, vulnerability assessments, and penetration testing
• Incident Response: Documented procedures for handling security breaches
• Data Minimization: We collect only the information necessary to provide the Service

5.2 Special Considerations for Equity Partnerships

For Equity partnerships involving significant business data or decision-making:

• Company personnel have operational access to confidential business systems as required
• All personnel are bound by strict confidentiality and non-disclosure agreements
• Access is logged and monitored
• You retain ownership and control of your business data
• Company may use anonymized insights to improve service offerings

5.3 Your Responsibility

You are responsible for:

• Keeping your login credentials confidential and secure
• Using strong, unique passwords
• Enabling multi-factor authentication (MFA) if available
• Notifying us immediately of any unauthorized access
• Maintaining your own backups of critical business data
• Complying with your own security policies and procedures

5.4 Limitations on Security

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security against all threats. You use the Service at your own risk.

6. Data Retention

6.1 Active Accounts (All Models)

We retain your data for as long as your account is active and as necessary to provide the Service.

6.2 Subscription Model — Account Cancellation

After you cancel your Subscription:

• Operational data is deleted within 90 days of cancellation
• Backup copies are deleted within 30 days after initial deletion
• You may request immediate deletion by emailing data-privacy@huffmansolutionsai.com
• We will export your data to you upon request

6.3 Profit Sharing Model — Partnership Termination

After a Profit Sharing partnership ends:

• Operational data is deleted per the terms of your Profit Sharing Agreement
• Financial/audit data is retained per legal and tax requirements (typically 7 years)
• You may request export of your business data
• Data related to final accounting and settlement is retained for dispute resolution period

6.4 Equity Partnership Model — Termination

After an Equity partnership ends:

• Data retention is governed by your Equity Agreement
• Operational data may be retained longer to support business transition
• Financial records are retained per legal and tax requirements (typically 7 years)
• You retain ownership of all your business data
• Company may retain anonymized insights and methodologies for future use

6.5 Legal and Regulatory Retention

We may retain certain data longer if required by:

• Legal obligations (tax records, financial reporting, regulatory filings)
• Dispute resolution, litigation holds, or audit requirements
• Fraud prevention and security investigations
• Typical retention: 7 years for financial and tax records, 3 years for security logs

6.6 Anonymized and Aggregated Data

We may retain anonymized, aggregated data indefinitely for:

• Service improvement and analytics
• General benchmarking (without identifying your business)
• Research and methodology development
• This data cannot be re-identified to your specific business

7. Your Privacy Rights and Data Subject Requests

7.1 Right to Access and Portability

You have the right to:

• Request a copy of all personal/business information we hold about you
• Export your data in a machine-readable format (JSON, CSV, or other standard format)
• Receive data within 30 days of your request
• Request data in a format suitable for transfer to another service provider

7.2 Right to Correction

You have the right to:

• Correct inaccurate or incomplete information
• Request that we update information to reflect current status
• Receive confirmation of corrections within 30 days

7.3 Right to Deletion ("Right to be Forgotten")

You have the right to request deletion of your information, subject to:

• Legal retention requirements (tax records, financial documents, typically 7 years)
• Active dispute resolution or litigation holds
• For Equity partnerships: Data governance terms in your Equity Agreement
• We will delete deletable information within 30 days and confirm in writing

7.4 Right to Restrict Processing

You have the right to:

• Request restriction of certain data processing activities
• Note: Restrictions may limit our ability to provide certain Service features
• Some data may need to continue for legal compliance or contract fulfillment

7.5 Right to Object

You have the right to object to:

• Processing of your data for marketing or promotional purposes
• Use of your data for automated decision-making (where applicable)
• Certain analytics or performance tracking (subject to Service limitations)

7.6 Right to Withdraw Consent

You have the right to:

• Withdraw consent for data processing at any time
• Cancel your account to stop all Service-related data processing
• Withdrawal does not affect past processing (data already used cannot be "un-used")

7.7 How to Exercise Your Rights

Email your request to: data-privacy@huffmansolutionsai.com

Include your name and account information, the specific right you're requesting (access, deletion, correction, etc.), and details about the data in question.

We will respond within 30 days (or as required by applicable privacy law).

No fee: We do not charge for exercising your rights (except for excessive or repetitive requests).

8. International Data Transfers and Regional Compliance

8.1 Data Storage Location

Your data is primarily stored in the United States (AWS or similar US-based cloud providers).

8.2 GDPR Compliance (European Economic Area & United Kingdom)

If you are located in the EEA or United Kingdom:

• We process your data under legitimate business interest (providing the Service you requested)
• You have extended rights under GDPR, including those listed in Section 7
• Data transfers from the EEA to the US are protected by Standard Contractual Clauses (SCCs) with our cloud providers, adequacy determinations where available, and your explicit consent for specific processing activities (if required)
• You have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we've violated your rights
• For EU users: Contact data-privacy@huffmansolutionsai.com for EU representative inquiries

8.3 CCPA Compliance (California Residents)

If you are a California resident:

• You have the right to know what personal/business information we collect and how we use it
• You have the right to request deletion of your information (with exceptions for legal obligations)
• You have the right to opt-out of the "sale" of information (we do NOT sell your data)
• You have the right to limit our use of sensitive information
• You have the right to non-discrimination for exercising your CCPA rights
• You may exercise your rights by emailing data-privacy@huffmansolutionsai.com

8.4 PIPEDA Compliance (Canadian Users)

If you are a Canadian resident:

• We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA)
• You have rights including access, correction, deletion, and limited use of your information
• Data may be transferred to the US for processing and storage
• You may contact our Privacy Officer at data-privacy@huffmansolutionsai.com

8.5 Other Jurisdictions

For other jurisdictions with data protection laws (Australia, Singapore, etc.): we comply with applicable local privacy laws, your rights are determined by your local jurisdiction, and you may contact data-privacy@huffmansolutionsai.com for jurisdiction-specific questions.

9. Children's Privacy

The Service is NOT intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we discover that we have collected information from a child under 18, we will delete it immediately and notify you. If you believe we may have collected information from a minor, please contact us at data-privacy@huffmansolutionsai.com.

10. Cookies and Tracking Technologies

10.1 What We Use

Our website and Service may use:

• Essential Cookies: Required for login, security, authentication, and core functionality
• Session Cookies: To maintain your session during use of the Service
• Analytics Cookies: To understand how users interact with our website and Service (Google Analytics, similar tools)
• Preference Cookies: To remember your settings and preferences
• No Advertising Cookies: We do not use cookies for targeted advertising or tracking across the internet

10.2 Your Choices

Most browsers allow you to block or delete cookies, set preferences for which cookies to allow, and enable "Do Not Track" (though not all websites honor this).

Note: Disabling essential cookies may prevent you from using the Service.

10.3 Third-Party Cookies

Third-party services (e.g., Google Analytics) may set their own cookies. Review their privacy policies:

• Google: https://policies.google.com/privacy
• Other services: Check their individual privacy policies

11. Third-Party Links and Services

Our Service or website may contain links to third-party websites and integrations (CRM providers, accounting software, LinkedIn, etc.).

We are not responsible for the privacy practices of third-party services. Please review their privacy policies before clicking on external links, authorizing integrations with your accounts, or providing them with your information.

12. Data Breach Notification

If we experience a data breach that compromises your information, we will:

• Investigate the breach promptly and thoroughly
• Notify affected users within 72 hours of discovery (where required by law)
• Provide details about what information was compromised, steps we are taking to address it, and your rights and recommended protective actions
• Report to regulatory authorities where legally required
• Maintain documentation of the breach response

You may also contact us immediately if you suspect a breach: security@huffmansolutionsai.com

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as our Service evolves or laws change.

Process for updates:

• Changes will be posted on this page with an updated "Last Updated" date
• Material changes will be communicated via email at least 30 days in advance
• We will request explicit consent for material changes affecting your privacy rights
• Continued use of the Service after changes take effect constitutes acceptance

For Equity and Profit Sharing partners, material changes to privacy practices may require written agreement.

14. Data Processing Addendum and Standard Contractual Clauses

For business customers (especially Profit Sharing and Equity partners), we provide:

• Data Processing Addendum (DPA): Detailing how we process your data
• Standard Contractual Clauses (SCCs): For international data transfers (EEA to US)
• Business Associate Agreement (BAA): If your Service involves protected health information (PHI)

Contact legal@huffmansolutionsai.com to request these agreements.

15. Contact Information

Response Time: We aim to respond to all privacy requests within 30 days (required by most privacy laws).

16. Supervisory Authority Contact (EU/UK/Canada)

If you are located in the European Economic Area, United Kingdom, or Canada and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:

• Europe (EEA): Your national Data Protection Authority (DPA)
• United Kingdom: Information Commissioner's Office (ICO) — https://ico.org.uk
• Canada: Office of the Privacy Commissioner of Canada (OPC) — https://www.priv.gc.ca