Privacy, Security, and Data Protection Policy

1. Introduction

Legacy Edge Private Limited is committed to protecting your privacy and ensuring the security of your personal data. We provide custom AI product development, Voice AI solutions, enterprise consulting, SaaS development, and MVP solutions with a 95% success rate and enterprise-grade security. We understand the critical importance of data protection in AI development and enterprise software solutions.

2. Scope

This policy applies to all users of our services, including:

• Enterprise clients and their staff using our custom AI products
• End users interacting with AI solutions we develop
• SaaS and MVP platform users
• Consulting clients and stakeholders
• Website visitors and prospects
• Third-party service providers and integration partners

3.1 Types of Data Collected

We collect the following types of data:

• Client Project Data: Business requirements, technical specifications, project communications, and custom AI solution configurations.
• Enterprise User Data: Names, roles, contact information, and account credentials for accessing custom AI products and SaaS platforms.
• AI Interaction Data: Voice interactions, conversation logs, user inputs, and AI response analytics from deployed solutions.
• Operational Data: System logs, performance metrics, usage statistics, error reports, and deployment analytics.
• Payment & Contract Data: Billing information, payment records, contracts, and invoicing data processed through secure third-party providers.
• Personal Identifiable Information (PII): Names, emails, phone numbers, company affiliations, and job titles of clients and end users.
• Technical Integration Data: API keys, system configurations, integration parameters, and deployment environments.

3.2 Legal Basis for Processing

We process personal data based on the following lawful grounds under GDPR:

• Performance of Contract: To deliver custom AI product development, Voice AI solutions, SaaS platforms, consulting services, and enterprise integrations as specified in client agreements.
• Legitimate Interest: To enhance AI accuracy, improve solution performance, provide technical support, detect security threats, and optimize our development processes and methodologies.
• Consent: For marketing communications, newsletter subscriptions, case study participation, and optional data analytics that benefit service improvement.
• Legal Obligation: To comply with data protection regulations, financial reporting requirements, contract law, and industry-specific compliance standards.

3.3 Storage and Processing of Names, Emails, and Phone Numbers

Who Stores This Data?

• Legacy Edge: Stores and processes names, emails, and phone numbers to provide AI-powered services, manage user accounts, and facilitate customer interactions.
• Key Clients (Healthcare Partners): May access and store customer details for reservation management and personalized service.
• Technology Providers (Deepgram, ElevenLabs, Open AI and other third-party service providers): May process names, emails, and phone numbers as part of AI interaction processing and communication facilitation.

Where is This Data Stored?

• Stored securely on EU-based cloud servers managed by Legacy Edge.
• Processed by Legacy Edge and integrated third-party providers with GDPR-compliant data agreements.

Data Retention

• Personal information is retained for service continuity and deleted upon request or after a period of inactivity.
• Any personal data shared with partners and Healthcare Partners is subject to their respective privacy policies.

3.4 Handling of Voice Data and Protection Against Impersonation Risks

Why We Store Voice Data

• Voice interactions are stored temporarily to improve AI performance.
• Ensure accuracy and provide customer support.
• Voice recordings are not used for authentication or identification purposes.

Protection Against Impersonation Risks

• Limited Retention: Voice data is stored and then automatically deleted or anonymized.
• No Biometric Processing: We do not use voice data to create biometric voiceprints or any authentication models.
• Access Restrictions: Only authorized personnel with role-based access can retrieve stored voice interactions.
• Anonymization & Encryption: All voice data is encrypted and, where possible, anonymized to prevent misuse.

User Control

• Users can request immediate deletion of their voice interactions by contacting our support team.
• Users have the right to opt-out of voice data retention, although this may limit certain service functionalities.

4. Data Storage & Security Measures

4.1 Storage Locations

We store data within EU-based secure cloud servers to ensure compliance with GDPR regulations.

We implement industry-standard security measures to protect personal data, including:

• End-to-End Encryption: All voice interactions and stored data are encrypted
• Access Control: Role-based access and multi-factor authentication (MFA) for authorized personnel.
• Anonymization & Pseudonymization: Where possible, personal data is anonymized to minimize risk.
• Data Minimization: We only collect and retain necessary data.
• Regular Security Audits: We conduct annual penetration testing and real-time monitoring for security threats.

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

5. Data Retention & Deletion

• Voice recordings and transcriptions are stored for service improvement purposes and are automatically deleted or anonymized thereafter.
• User account data is maintained while the service remains active and is deleted upon request or after 12 months of inactivity.
• Names, emails, and phone numbers are retained and securely deleted or anonymized when they are no longer necessary.
• Legal and compliance data is preserved as mandated by law.

6. User Rights under GDPR

Under GDPR, individuals have the following rights:

• Right to Access – Request a copy of personal data we hold.
• Right to Rectification – Correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten") – Request deletion of personal data.
• Right to Restrict Processing – Limit how we use personal data.
• Right to Data Portability – Request data in a structured format.
• Right to Object – Opt-out of certain processing activities.
• Right to Withdraw Consent – Revoke previously given consent.

Requests can be made via support@legacyedge.io, and we will respond within 30 days as per GDPR requirements.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Provide personalized content and experiences
• Measure the effectiveness of our marketing campaigns

You can control cookie settings through your browser preferences. However, disabling cookies may affect website functionality.

9. International Data Transfers

As a company registered in India, we may transfer your data internationally. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Binding Corporate Rules where applicable
• Your explicit consent when required

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes through:

• Email notifications to registered users
• Prominent notices on our website
• Updated "Last Modified" date

7. Data Sharing & Third-Party Processors

We do not sell personal data. We share limited data with:

• Cloud Storage & Infrastructure Providers – (e.g., AWS, Google Cloud, Microsoft Azure) for secure data hosting.
• Payment Processors – (e.g., Stripe, PayPal) to handle financial transactions.
• AI Service Providers – (e.g., speech-to-text APIs, Deepgram, Open AI, Eleven Labs) to improve AI functionality.
• Key Clients (Healthcare Partners) – who require user data to manage reservations and customer interactions.

All third-party processors are GDPR-compliant and have Data Processing Agreements (DPAs) in place.

8. Cookies & Tracking

We use cookies and tracking technologies to enhance user experience and optimize our services.

• Essential Cookies – Required for core functionalities.
• Analytics Cookies – Used to improve AI performance and user experience (opt-in required).
• Marketing Cookies – Only used with explicit consent.

9. Data Breach Response Plan

In case of a data breach:

• Immediate Containment – Isolate affected systems and assess the impact.
• User Notification – Inform affected users within 72 hours (as per GDPR requirements).
• Regulatory Notification – Report to relevant authorities if required.
• Remediation & Prevention – Implement corrective measures and security updates.

11. Policy Updates

We may update this policy periodically to reflect regulatory changes and service enhancements. Users will be notified of significant updates via this website.