Privacy Policy
Effective Date: May 2, 2025
1. Introduction
Welcome to Plyra ("we," "us," or "our"). This Privacy Policy explains how PLYRA AI LTD ("PLYRA AI LTD," "we," or "us") collects, uses, discloses, retains, and protects personal data when you access or use the Plyra web application at www.plyra.ai (the "Service"). This Policy also describes your rights regarding your data. By using the Service, you consent to the practices described here.
2. Scope & Jurisdictions
We operate globally. This Policy applies to all users of the Service worldwide, including residents of the EU (GDPR), California (CCPA/CPRA), UK, Canada (PIPEDA), Australia, and other regions. We host and process data on DigitalOcean servers in Frankfurt, Germany, and may add other regions in the future under equivalent protections.
3. Who Can Use Plyra
Anyone may register, provided they are at least 16 years old. By registering, you represent you meet this age requirement.
Parents or guardians must supervise any minor's use if local law permits under-16 access.
4. Categories of Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account & Identity | Email, name, username, password (hashed) | You (via form) |
| Authentication & Security | Login logs, IP addresses, device identifiers, two-factor codes | Automatic |
| Payment & Billing | Transactions via Stripe (no card data stored by us), billing address, invoices | Stripe integration |
| User Content & Integrations | Uploaded documents, API credentials, database connection strings (encrypted) | You (via forms) |
| Communications | Support inquiries, chat logs, email correspondence | You & us |
| Usage & Diagnostics | Feature usage, API calls, session duration, error logs | Automatic |
| Analytics & Cookies | Page views, bounce rates, click paths (via Google Analytics and similar) | Automatic |
| Marketing & Advertising | If enabled: email preferences, referrer URLs, ad identifiers | You & third parties |
We do not collect "special category" sensitive data (health, race, biometrics) unless you explicitly upload such content, in which case it remains encrypted and under your control.
5. How We Use Data & Legal Bases
- Performance of Contract: account setup, authentication, payment processing, delivering core Service features, customer support.
- Legitimate Interests: improving, securing, and analyzing the Service (e.g., analytics, fraud detection, system maintenance).
- Consent: where required (e.g., marketing emails, optional cookies).
- Legal Compliance: to respond to lawful requests, subpoenas, litigation.
6. Cookies & Tracking Technologies
We use cookies, web beacons, and similar technologies for:
- Essential/Functional: session management, security.
- Analytics: Google Analytics, et al., to improve Service.
- Performance & Personalization (optional): if you opt in, for tailored content and in-platform messaging.
You may manage cookie preferences via your browser or our upcoming consent tool.
7. Data Sharing & Third-Party Processors
We do not sell personal data. We share data only with:
- Service Providers: Stripe (payments), DigitalOcean (hosting/CDN), Google Analytics (analytics), email/SMS providers, CI/CD services, bug-tracking and monitoring tools.
- Affiliates & Subsidiaries: internal sharing for business operations.
- Legal & Compliance: courts, regulators, or law enforcement when required.
All third parties must adhere to equivalent data protection obligations.
8. International Transfers
Your data may be transferred to and processed in jurisdictions outside your residence, including Germany and other DigitalOcean regions. We rely on EU Standard Contractual Clauses, adequacy decisions, or other legal safeguards.
9. Data Retention & Deletion
- We retain personal and usage data for 30 days by default.
- Support logs, billing records, and legal holds may extend retention to one year or longer as required by law.
- You may request deletion at any time; we'll erase or anonymize your data within 30 days, except to the extent we must retain it for legal compliance or dispute resolution.
10. Security Measures
We implement industry-standard controls, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access, audit logging, and periodic penetration testing.
- Security incident response plans and breach notification procedures.
11. Your Privacy Rights
Depending on your jurisdiction, you may have rights to:
- Access, Portability & Correction of your personal data.
- Deletion ("Right to be Forgotten") except for data we're required to keep.
- Restriction or Objection to processing under certain grounds.
- Opt-out of marketing communications and profiling.
- Data portability to another provider.
To exercise these rights, contact us at [email protected]. We'll respond within applicable statutory timeframes (e.g., 30 days under GDPR/CCPA).
12. Children's Privacy
Plyra is not intended for children under 16. We do not knowingly collect data from minors. If you believe we have such data, contact us for removal.
13. Data Breach Notification
In the event of a qualifying data breach, we will notify affected users and regulators within 72 hours as required by GDPR and similar laws.
14. Changes to This Policy
We may update this Policy. We'll post the revised version at www.plyra.ai/privacy-policy with a new "Effective Date." Continued use after changes constitutes acceptance.
15. Contact & Complaints
Data Protection Contact
PLYRA AI LTD71–75 Shelton Street, Covent Garden, London WC2H 9JQ, UK
📧 [email protected]
If you reside in the EU, you may lodge a complaint with your local supervisory authority.