AI Gateway Module Privacy Policy
This Privacy Policy (“Policy”) describes how UAB “Honeygain” (“company code 306103177, registered in Lithuania) (hereafter referred to as “Honeygain”, ‘we’, ‘us’, ‘our’) gathers, uses, shares, and retains personal data when users activate and use the AI Gateway Module within a third-party application that integrates the AI Gateway Module (the “Host Application”).
Further details regarding installation and use of the AI Gateway Module are available in the AI Gateway Module Terms of Service.
If you have any questions about this Policy or our data processing practices, please contact us at [email protected]
1. Information We Collect
When you access a Host Application that includes the AI Gateway Module, we may process certain categories of personal data to operate, secure, and improve the Module. The types of data may include:
Account and registration details
Information submitted to access Module-related features, such as your email address and encrypted password.
Device and technical data
Information about the device running the Host Application, including IP address, operating system version, device type/model, last activity timestamp, and approximate location (city and country).
Aggregated usage and analytics data
Information regarding interactions with the Host Application and Module, such as usage statistics, performance metrics, crash logs, and diagnostic reports. These analytics may be collected through third-party tools (e.g., Google Analytics, Meta Analytics) and are used exclusively to evaluate performance and enhance service reliability.
Host Application identification data
Metadata identifying the Partner or Host Application associated with the AI Gateway Module installation on your device. This allows us to attribute Module activity appropriately.
Connectivity information
Basic network-related data, such as Wi-Fi status or general connection availability, necessary for enabling Module functionality.
Support and communication data
If you contact us via email or support channels, we process information such as your name (if provided), email address, message content, subject line, attachments, and our correspondence with you. This data is used solely to manage and respond to your request.
Children’s Privacy
We do not intentionally collect personal data from children under 14 years of age, or from minors requiring parental consent under applicable laws. The AI Gateway Module is neither designed for nor targeted at children.
If we discover that personal data has been collected from a child without proper authorization, we will promptly delete it. Parents or legal guardians who believe their child has provided personal data without consent should contact us immediately so appropriate measures can be taken.
2. Purposes of Processing
We process the personal data described above for the following purposes:
Provision of Module services
To deliver, operate, and support the AI Gateway Module within Host Applications, including technical integration and communication related to service availability.
Maintenance, optimization, and security
To monitor performance, resolve technical issues, prevent fraud and misuse, safeguard infrastructure, authenticate users, and ensure overall system integrity.
Legal and regulatory compliance
To comply with applicable laws and regulations, fulfill record-keeping and reporting obligations, enforce the AI Gateway Module Terms of Service, and establish, exercise, or defend legal claims.
Marketing communications
Where permitted by law, to inform users about services, features, or special offers. You may opt out of marketing messages at any time.
3. Legal Grounds for Processing
We rely on the following legal bases to process your personal data:
Contractual necessity
Processing required to perform a contract with you, including delivering Module functionality and providing support services.
Legitimate interests
Processing necessary to operate and improve our services, maintain platform security, respond to user inquiries, enhance functionality, and conduct proportionate marketing activities.
Consent
Where required (e.g., direct marketing), we rely on your consent. You may withdraw consent at any time without affecting prior lawful processing.
4. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law.
Retention periods include:
Service-related data: 5 years after termination of the contractual or business relationship
Communication records: 2 years following resolution of the inquiry (unless legally required longer)
Usage data: Aggregated and anonymized data may be stored indefinitely
Compliance-related data: 10 years
Website analytics and functionality data: Up to 1 year
Data is deleted once it is no longer needed and no legal retention obligation applies.
5. Data Sharing
We do not trade or sell your personal information for commercial purposes. Nevertheless, we may disclose your data to selected third parties, both inside and outside the European Economic Area (EEA), when it is required to fulfill the purposes outlined above and in compliance with applicable legal requirements.
Recipients/ categories of recipients | Location of the recipient | Legal basis for transferring data outside the EEA |
Hetzner Online GmbH (data storage providers) | EU | – |
Google Ireland Ltd (web and application usage analytics providers) | EU | – |
Google LLC (web and application usage analytics providers) | US | |
Our business partners, clients with whom we may share your location and IP data in order to enable them to access and collect data from public internet resources (e.g., various websites) (such data sharing is necessary for the performance of the contract between you and AI Gateway). | Worldwide | In cases where we transfer data outside the EEA, we rely on, Standard Contractual Clauses by the European Commission |
State, governmental, law enforcement institutions, courts, and regulatory authorities (when we are obliged to disclose information by law; when we exercise our legal rights to defend our interests in legal processes to which AI Gateway is a party). | Worldwide | In cases where we transfer data outside the EEA, we rely on the condition that the transfer is necessary for the establishment, exercise, or defense of legal claims. |
6. Statutory Data Protection Rights
In accordance with applicable data protection laws, and subject to the relevant conditions, restrictions, and exceptions set out therein, you are entitled to exercise the rights described below.
Right | When is this right applicable? |
Right of access, right to know about the personal information collected, disclosed | When you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing. Once we receive and verify your request, we will disclose to you the categories of data we collected about you, the categories of sources for the data we collected about you, our business or commercial purposes for collecting that personal information, the categories of third parties with whom we share that data, the specific pieces of data we collected about you and other information that we are obliged to provide under the applicable laws. |
Right to rectification | When you seek to obtain from us the rectification of inaccurate personal data concerning you. |
Right to erasure (‘right to be forgotten”) | – When personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; – when you withdraw consent on which the processing is based and there is no other legal ground for the processing; – when you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; – where the personal data have been unlawfully processed; – where the personal data have to be erased for compliance with a legal obligation; – where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent. |
Right to restriction of processing | – Where the accuracy of the personal data is contested by you; – where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; – where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; – where you have objected to processing. |
Right to data portability | Where you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means. |
Right to object | Where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, as explained in Section 3 of this Policy, or where you object to the collection of your personal data for direct marketing purposes. |
Right to withdraw consent | Where the processing is based on consent, as explained in Section 3 of this Policy, and you seek to withdraw it at any time. |
Right to lodge a complaint | Where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR. |
Right not to receive discriminatory treatment while exercising rights | When you exercise your rights enshrined in applicable laws, you also have the right to non-discrimination. For example, because you exercised your rights under applicable laws, you will not be denied any services, charged with a different price, provided a different quality of goods and services etc. |
7. No Automated Individual Decision-Making, Including Profiling
We do not carry out decisions that are based exclusively on automated processing, including profiling, which would have legal or similarly significant effects on you. That said, for security and fraud-prevention purposes, we apply algorithm-based systems to detect irregular or suspicious activity within our user base. If such systems identify potential anomalies, the relevant cases are reviewed by a human. Following this review, actions may be taken, including temporary suspension or, in exceptional circumstances, termination of services.
8. Cookies and Similar Tracking Technologies
We use cookies and related technologies to gather information from the device through which you access our services. Cookies are small text files containing a unique identifier that a web server sends to your browser and that are stored on your device. Each time your browser requests content from the server, the identifier is transmitted back to the server.
While cookies generally do not directly identify individuals, the information they collect may be associated with personal data we hold about you. We use cookies and comparable technologies to improve functionality, enhance user experience, analyze website traffic, and support service performance.
For more information about the specific cookies we use, their purposes, and retention periods, please refer to the AI Gateway Module cookie list provided below.
Essential cookies are activated automatically, as they are necessary for the proper operation of our website. Nevertheless, we honor your choices regarding non-essential cookies, and you may manage or disable them at any time through our website settings. You can also adjust your browser preferences to refuse certain or all cookies, or to request your consent before cookies are placed on your device. Please be aware that removing existing cookies or blocking future ones may limit your access to certain sections or features of the website. Functionality, targeting, and advertising cookies can likewise be controlled through your browser configuration.
9. Changes to This Policy
We may update or modify this Policy from time to time at our discretion. Any revisions will take effect immediately once they are published. We encourage you to review our website periodically to ensure you are familiar with the most current version of this Policy. In the event of material changes, we will make reasonable efforts to inform you in advance. Such notice may be provided via email (where applicable), through on-site or in-app notifications, or by other appropriate means depending on the circumstances.
