This Privacy Policy describes how Garnet AI Limited ("Garnet AI," "we," "us," or "our") collects, uses, discloses, and protects personal data when you visit or use https://www.garnetai.net/ (the "Website") or any of our related services (collectively, the "Service"). By accessing the Website or using the Service, you consent to the collection and use of information as described herein.
When you register for an account, subscribe to our services, or contact support, we collect personal data such as your name, email address, company name, billing address, telephone number, and payment information.
We collect information about how you use the Service and Website, including pages viewed, features accessed, session duration, and technical data (e.g., IP address, browser type, device identifiers) to monitor and improve our Service.
We use personal data to:
If you are located in the European Economic Area ("EEA"), our lawful bases for collecting and using personal data under the General Data Protection Regulation ("GDPR") depend on the personal data concerned and the specific context in which we collect it. We rely on the following lawful bases:
We may share personal data with vendors, consultants, and other third-party service providers who perform services on our behalf, such as payment processing (e.g., Stripe), hosting and infrastructure (e.g., Amazon Web Services), analytics (e.g., Google Analytics), email delivery (e.g., SendGrid), customer support (e.g., Zendesk), and AI platform providers (e.g., OpenAI). These service providers are contractually obligated to only use your personal data in connection with the services they perform for us and to maintain confidentiality.
We may disclose personal data when required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to (a) protect our or others' rights, property, or safety; (b) enforce our Terms; or (c) investigate fraud.
In the event of a merger, acquisition, reorganization, sale of assets, or similar transaction involving all or part of our business, personal data may be transferred to the acquiring entity.
We may share aggregated or de-identified data with third parties for marketing, advertising, research, or other purposes.
We retain personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal, accounting, or reporting obligations. When determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process it. After the retention period ends, we either delete or anonymize personal data or, if this is not possible (for example, because your personal data has been stored in backup archives), then we securely store your personal data and isolate it from any further processing.
Depending on your jurisdiction, you may have the right to access, correct, update, or delete your personal data.
If you are in the EEA, you can request a copy of your personal data in a structured, commonly used, and machine-readable format.
You may have the right to restrict or object to certain processing activities.
Where we rely on consent as a lawful basis for processing, you can withdraw that consent at any time (but this will not affect the lawfulness of processing prior to withdrawal).
If you are located in the EEA and believe we have infringed your rights under the GDPR, you have the right to lodge a complaint with a supervisory authority in your member state.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act, including the right to know what personal data is collected, the right to request deletion of personal data, and the right to opt out of the sale of personal data.
To exercise any of these rights, please contact us as described in Section 12 below.
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. For example, we use encryption (TLS) to protect data in transit and store data in secure facilities with access controls. However, no security measure is 100% secure, and we cannot guarantee the absolute security of your personal data.
The Service may contain links to third-party websites, products, or services that are not owned or controlled by Garnet AI. We are not responsible for the privacy practices or content of those third parties. We recommend that you review the privacy policies of each third-party service you use.
Our Service is not directed to children under 16 years of age, and we do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take reasonable steps to promptly delete such data.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If the changes are material, we will provide prominent notice (e.g., via email or a notice on the Website) before the changes take effect and update the "Last Updated" date at the top of this policy. Your continued use of the Service after such changes constitutes your acceptance of the revised Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: rusha@garnetai.net
© 2025 Garnet AI Limited. All rights reserved.