AI Gateway Privacy Policy

AI Gateway Privacy Policy

This Privacy Policy (“Policy”) describes how UAB “Honeygain” (company code 306103177, registered in Lithuania) (hereafter referred to as “Honeygain”, ‘we’, ‘us’, ‘our’) gathers, processes, shares, and retains personal data when you access our services or communicate with us. It applies to users of AI Gateway applications as well as individuals who visit the AI Gateway website. This Policy also explains your rights under applicable data protection and privacy legislation.

1. Types of Information We Collect

AI Gateway designs and operates various applications (the “AI Gateway Applications”) across multiple platforms, including television, mobile devices, and personal computers. We collect only the limited personal data necessary to deliver, maintain, and improve the functionality of the AI Gateway Applications. In addition, we gather certain information from individuals who visit and use the AI Gateway website.

1.1 Information Collected via the AI Gateway Application

When you access or use the AI Gateway Applications, we may collect and process the following categories of personal information:

Account information: Your email address and a securely encrypted password provided during registration.
Device details: Information such as your IP address, device model, operating system version, last activity timestamp, and approximate geographic location.
Usage and performance data: Aggregated information regarding how the application is used, including analytics data, as well as crash reports and error diagnostics generated through analytical tools.

1.2 Information Collected Through the AI Gateway Website

When you access our website or get in touch with us, we may collect and process the following categories of personal information:

Automatically collected information: This includes your IP address, approximate location, browser type, device information, and operating system. Such data is gathered through cookies and similar tracking technologies. For more detailed information about the cookies we use — including their purpose and retention period — please refer to the cookie table provided in Section 7 of this Policy.
Information provided through communications: If you contact us via email or by using the contact form on our website, we may collect your name and/or surname (where provided), email address, the subject and content of your message, the date of submission, any attachments you include, our response, and any subsequent correspondence related to your inquiry.

1.3 No Collection of Children’s Data

We do not knowingly collect or process personal information relating to children under the age of 14, or under any other age threshold that would require parental consent under applicable law.

If we become aware that we have inadvertently obtained personal data from a child without the necessary authorization from a parent or legal guardian, we will take prompt steps to delete or otherwise securely dispose of such information.

If you are a parent or legal guardian and believe that your child has provided personal information to us without your consent or supervision, please contact us immediately so that we can take appropriate measures to cease processing the data and remove any information that may have been collected.

2. Purposes of Processing and Legal Grounds

We process your personal data only where we have a valid legal basis under applicable data protection laws. The purposes for which we use your information, together with the corresponding legal grounds, are outlined below.

2.1 AI Gateway Application

Provision of services: We process registration details and device-related information as necessary to perform our contractual obligations to you.
Service improvement: We analyze aggregated usage data to enhance and optimize the functionality of the Application, based on our legitimate interest in improving our services.
Payment processing: Payment-related information is handled to fulfill contractual requirements and to comply with applicable legal and regulatory obligations.

2.2 AI Gateway Website

Website operation and optimization: Data collected automatically through cookies and similar technologies is processed either on the basis of your consent or our legitimate interest in maintaining the security, performance, and proper functioning of the website.
Handling inquiries: Information submitted through email or contact forms is processed for the legitimate purpose of responding to and managing your requests.

2.3 Legal Compliance and Protection of Rights

We may also process the categories of data described in Sections 1.1 and 1.2 where necessary to comply with legal obligations, such as tax and accounting requirements, to resolve disputes, and to establish, exercise, or defend our legal rights.

3. Data Retention

We keep your personal information only for as long as it is necessary to fulfill the purposes described in this Policy. Once the data is no longer required for those purposes, and provided that no legal or regulatory obligations require us to retain it (such as applicable tax or statutory retention requirements), we will securely delete or anonymize it.

We may retain personal data for longer periods where necessary to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

The main retention periods applied are as follows:

Registration and service-related data: retained for 5 years following the termination of the contractual or other relationship with you.
Communication data: retained for 2 years after your inquiry has been resolved, unless a longer retention period is required for legal reasons.
Usage data: aggregated and anonymized usage information may be stored indefinitely.
Compliance-related data (as described in Section 2.3): retained for 10 years.
Website functionality and analytics data: retained for up to 1 year.

4. Data Disclosure and Transfers

We do not sell your personal information for commercial purposes. Nevertheless, we may disclose your data to certain third parties, both within and outside the European Economic Area (EEA), where such disclosure is necessary to achieve the purposes described above and is permitted under applicable data protection laws.

Below is an overview of the categories of recipients, their location, and the legal safeguards applied where data is transferred outside the EEA:

Hetzner Online GmbH (data hosting and storage provider)
Location: European Union
Transfer mechanism outside the EEA: Not applicable
Google Ireland Ltd (analytics services for website and applications)
Location: European Union
Transfer mechanism outside the EEA: Not applicable
Google LLC (analytics services for website and applications)
Location: United States
Transfer mechanism outside the EEA: European Commission Standard Contractual Clauses
Business partners and clients with whom location data and IP addresses may be shared to enable access to and collection of information from publicly available internet resources (e.g., websites), where such sharing is necessary for the performance of a contract between you and the relevant Module partner, if applicable.
Location: Worldwide
Transfer mechanism outside the EEA: European Commission Standard Contractual Clauses
Public authorities, government bodies, law enforcement agencies, courts, and regulatory institutions where disclosure is required by law or necessary for the establishment, exercise, or defense of legal claims, including proceedings involving an Module partner.
Location: Worldwide
Transfer mechanism outside the EEA: Where applicable, transfers are based on the necessity for the establishment, exercise, or defense of legal claims.

5. Statutory Data Protection Rights

In accordance with applicable data protection legislation, and subject to the relevant conditions, limitations, and exemptions, you may exercise the rights outlined below.

Right of Access (Right to Be Informed)

You have the right to request confirmation as to whether we process personal data relating to you. If so, you may request access to such data and to information about how it is processed. Upon receipt and verification of your request, we will provide details including: the categories of personal data collected, the sources from which the data was obtained, the purposes for collecting or processing the data, the categories of third parties with whom the data is shared, the specific pieces of personal data held about you, and any other information required under applicable law.

Right to Rectification

You may request that we correct or update any inaccurate or incomplete personal data concerning you.

Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data where:

the data is no longer necessary for the purposes for which it was collected or processed;
you withdraw your consent and there is no other legal basis for processing;
you object to the processing and no overriding legitimate grounds exist, or you object to processing for direct marketing purposes;
the data has been processed unlawfully;
deletion is required to comply with a legal obligation;
the data was collected in connection with information society services offered directly to a child based on consent.

Right to Restrict Processing

You may request restriction of processing where:

you contest the accuracy of the personal data;
the processing is unlawful and you oppose deletion, requesting restriction instead;
we no longer require the data for processing purposes, but you need it to establish, exercise, or defend legal claims;
you have objected to the processing, pending verification of legitimate grounds.

Right to Data Portability

Where processing is based on your consent or a contract and carried out by automated means, you may request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, or request that it be transmitted to another data controller where technically feasible.

Right to Object

You may object to the processing of your personal data where it is based on legitimate interests or the performance of a task carried out in the public interest or under official authority, as described in this Policy. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Right to Lodge a Complaint

You have the right to submit a complaint to a supervisory data protection authority, particularly in the EU Member State of your habitual residence, place of work, or where the alleged infringement of the GDPR has occurred.

Right to Non-Discrimination

When exercising your rights under applicable data protection laws, you are entitled to equal treatment. You will not be denied services, charged different prices, or provided with a different level or quality of services solely because you have exercised your statutory rights.

6. No Automated Decision-Making, Including Profiling

We do not carry out decisions based exclusively on automated processing, including profiling, that would produce legal effects or similarly significant consequences for you.

For security and fraud-prevention purposes, however, we use automated systems and algorithms to detect unusual or potentially suspicious activity within our user base. If such systems identify irregularities, the relevant activity is subject to human assessment. Following this review, appropriate measures may be taken, which could include temporary suspension or, in exceptional circumstances, termination of access to our services.

7. Cookies and Similar Tracking Technologies

We use cookies and comparable tracking technologies to gather information from the device you use to access our services. Cookies are small text files containing a unique identifier that a web server places on your browser and that your browser stores on your device. Each time your browser requests content from the server, the identifier is transmitted back to the server.

Cookies generally do not contain information that directly identifies you. However, the data collected through cookies may be associated with personal information that we hold about you. We use these technologies to improve your browsing experience, monitor and analyze website traffic, and ensure the proper operation of our services.

For more detailed information about the specific cookies we use, including their purpose and retention period, please refer to the AI Gateway cookie table provided below.

Cookie Category	Cookie name	Cookie purpose
Necessary	bscookie	This cookie is used to identify the visitor through an application. This allows the visitor to login to a website through their LinkedIn application for example.
	li_gc	Stores the user’s cookie consent state for the current domain.
	ZD-suid	Unique id that identifies the user’s session.
Statistics	_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
	_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
	_gat	Used by Google Analytics to throttle request rate.
	_clck	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.
	_clsk	Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator.
	_cltk	Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator.
	_ga_#	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.
	AnalyticsSyncHistory	Used in connection with data synchronization with third-party analysis service.
	c.gif	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.
	CLID	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.
	collect	Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels.
	ln_or	Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator.
	ZD-buid	A unique id that identifies the user on recurring visits.

When you access our website, we request your consent before placing any non-essential cookies on your device. Strictly necessary cookies, however, are activated automatically, as they are required for the proper functioning and security of the website.

We honor your cookie preferences and provide options to manage or disable cookies at any time. You may also adjust your browser settings to block certain cookies, reject all cookies, or prompt you for approval before accepting them. Please be aware that if you delete or disable cookies, some features or sections of our website may not function correctly or may become inaccessible.

You can manage functionality, targeting, and advertising cookies through your browser settings or via the cookie management tools available on our website.

8. Changes to This Policy

We may revise or update this Policy from time to time at our sole discretion. Any modifications will take effect upon their publication on our website, unless stated otherwise. We encourage you to review this Policy periodically to remain informed about how we process your personal data.

Where material or significant changes are introduced, we will take appropriate measures to notify you in advance. Such notification may be provided via email (where available), prominent notices on our website or within our applications, or through other suitable communication channels depending on the circumstances.

9. Contact us

Contact us If you have any questions about this Policy or how we collect and process your data, please contact our support team at [email protected]