Skip to main content

Privacy Policy

Overview

At Subgen AI, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy is designed to help you understand how we collect and process your personal data when you use our Services.

Scope

This Privacy Policy does not apply where Subgen AI processes personal data on behalf of a Commercial Customer, as a Data Processor. In such cases, the Data Processing Agreement governs the processing of personal data by Subgen AI in its role as a Data Processor.

1. Definitions

The capitalized terms in this document will have the meanings below:

  • Agreement: The service agreement between You and Subgen AI, which includes (i) the Terms of Use, (ii) applicable Additional Terms, and, where relevant, (iii) the Data Processing Agreement.
  • Data Controller: The entity responsible for decisions regarding Your Personal Data, such as what data to collect, how it is processed, and how long it is retained.
  • Data Processor: The entity processing Personal Data on behalf of the Data Controller under their instructions.
  • Serenity* Platform: The online platform accessible at https://serenitystar.ai in SaaS mode, including all features and services provided therein.
  • Personal Data: Any data that directly or indirectly relates to You.
  • Processing: Any operation performed on Your Personal Data (e.g., collection, use, transfer, deletion).
  • Services: All services provided by Subgen AI through Serenity* Star, including APIs, Agent Builder, and other platform functionalities.
  • You or the Customer: Any individual or entity accessing or subscribing to the Services, referred to in this Policy as "You," "Your," or "Yours."

2. Who is the Data Controller?

2.1. Subgen AI as Data Controller

Subgen AI, registered in the United Kingdom under Company Number 15374966, serves as the Data Controller when processing Your Personal Data in connection with Serenity* Star.

You can contact us:

  • By email: [email protected]
  • By mail: Subgen AI, Attn: Privacy Team, 100 Avebury Boulevard, Milton Keynes, MK9 1FH, United Kingdom

2.2. Subgen AI as Data Processor

If You are a Commercial Customer, Subgen AI may also process Personal Data on Your behalf as a Data Processor. In such cases, these activities are described in the applicable Data Processing Agreement. This Privacy Policy only covers Subgen AI's Processing activities as a Data Controller.

3. What Kind of Personal Data Do We Collect?

3.1. Personal Data We Collect Directly from You

  • Identity, Account, and Contact Data: When You create an account or subscribe to Services.
  • Payment and Billing Information: Collected when You subscribe to Paid Services.
  • Inputs and Feedback: Any data you provide while using our Services.

3.2. Personal Data Generated by Your Use of Our Services

  • Technical Data: Including cookies and security logs, subject to Your consent where required.
  • Outputs: Generated content that may include Personal Data depending on the nature of Your Inputs.

3.3. Personal Data Indirectly Provided to Us

Our AI models are trained on publicly available data, which may incidentally include Personal Data despite efforts to filter it out.

4. Why Do We Use Your Personal Data?

We use your Personal Data for the following purposes:

  • Provide Our Services: To create and manage your account, respond to your Inputs, generate Outputs, and handle support requests.
  • Administration and Security: To manage and secure the platform and communicate with You regarding non-marketing purposes.
  • Develop and Train Models: To improve AI models while ensuring data is anonymized and de-identified.
  • Marketing: To send newsletters and promote Services.
  • Compliance and Dispute Resolution: To comply with legal obligations and manage disputes.

5. How Long Do We Store Your Personal Data?

We retain Personal Data for as long as necessary to achieve the purposes outlined in this Privacy Policy. For example:

  • Account Data: Retained during Your active subscription and up to 1 year post-termination for evidence purposes.
  • User Data: Retained as needed for service functionality or up to 30 days for monitoring abuse, unless You opt out.

6. Who Do We Share Your Personal Data With?

We share Personal Data only with:

  • Authorized team members.
  • Third-party service providers under strict contractual obligations (e.g., Azure, Google Cloud Platform, Stripe).
  • Regulatory authorities or legal bodies as required by law.

We may also share all or part of Your Personal Data with Our providers. Before engaging with any provider, we conduct audits to assess their privacy and security standards .

Our main providers are:

  • Azure
    • Purpose: Cloud Infrastructure
    • Data location: France
  • Google Cloud Platform
    • Purpose: Cloud Infrastructure
    • Data location: Ireland
  • Google Cloud Platform
    • Purpose: Cloud Infrastructure for the US version of Our APIs
    • Data location: United States
  • Sendgrid
    • Purpose: Mailing
    • Data location: United States
  • Stripe
    • Purpose: Payment management
    • Data location: United States

7. Do We Transfer Your Personal Data Outside the EU?

Subgen AI prioritizes providers within the EU but ensures compliance with GDPR standards when engaging non-EU providers. Safeguards, such as the European Commission’s Standard Contractual Clauses, are implemented for international transfers.

8. Your Rights

You have the right to:

  • Access, rectify, delete, or restrict the processing of Your Personal Data.
  • Object to processing or withdraw consent at any time.
  • Data portability and complaint filing with data protection authorities.

9. Google User Data

9.1. Data Accessed from Google

Our application accesses certain Google user data only when the user grants explicit permissions through OAuth. The types of data and their purposes are:

  • Google Calendar (https://www.googleapis.com/auth/calendar) Access to read, create, and modify calendar events to assist in scheduling meetings, reminders, and activity coordination.

  • Google Docs (https://www.googleapis.com/auth/documents) Access to read and manage Google Docs documents, allowing AI agents to process and analyze document content upon user request.

  • Google Sheets (https://www.googleapis.com/auth/spreadsheets) Access to read and manage Google Sheets spreadsheets, enabling AI agents to analyze and work with spreadsheet data upon user request.

  • Google Drive (https://www.googleapis.com/auth/drive) Access to read and manage files in Google Drive, allowing AI agents to process various file types and content upon user request.

We do not request additional scopes that are not related to the core functions of the service. Access occurs only when the user authorizes it and can be revoked at any time from their Google account.

9.2. Use of Google Data

Google data is used exclusively to provide the functionalities requested by the user within Serenity* Star. Examples include:

  • Creating and managing calendar events when requested by the user.
  • Reading and analyzing Google Docs and Sheets to assist in document processing and data analysis.
  • Accessing files in Google Drive to provide contextual assistance and content processing.

We do not use Google data for advertising, marketing, or for sale or redistribution purposes.

9.3. Sharing with Third Parties

We do not share Google user data with third parties outside the service, except as follows:

  • Google Vertex AI: When you use our AI agents, your Google data may be processed by Google's own AI models through the Google Vertex AI API to fulfill your requests. For example, if you ask an agent to check your calendar availability or analyze a document, that information is processed by Google's AI models within Google's infrastructure to generate a response. This ensures your Google data remains within Google's ecosystem.

  • Cloud Infrastructure: Data is processed within our cloud infrastructure providers (e.g., Microsoft Azure), who maintain high security standards and act as data processors under our instruction.

  • Legal Requirements: We may share data only in case of a valid legal requirement from competent authorities.

All third-party providers are bound by strict confidentiality and data protection obligations. We do not sell or use your Google data for any purposes other than providing the services you explicitly request.

9.4. Storage and Protection

  • All data is transmitted via encrypted connections (TLS).
  • Data at rest is stored encrypted (AES-256) on secure servers.
  • Access to data is restricted exclusively to authorized personnel under confidentiality agreements and strict access controls.

9.5. Retention and Deletion

  • We retain Google data only as long as necessary to provide the service requested by the user.
  • If the user revokes Google permissions, our access to that data ends immediately.
  • Users may request deletion of their data at any time by writing to [email protected]. Deletion is performed within a maximum of 30 days.

9.6. User Control

Users can review and revoke permissions granted to the application at any time in the Security → Apps with access to your account section of their Google account. Once access is revoked, the application immediately stops receiving new data.

10. Changes to This Privacy Policy

This Privacy Policy may evolve to reflect changes in our Services or regulations. Please review it regularly.

For questions, contact us at [email protected].