Data Compliance & Protection

Enrich Labs, Inc. ("we," "us," or "our") is committed to handling personal data responsibly and in compliance with applicable data protection laws. This page describes how we approach data compliance, the regulatory frameworks we align with, and the rights available to individuals whose data we process.

Data Protection Principles

We adhere to the following core principles when processing personal data:

• Lawfulness, fairness, and transparency: We process data only with a valid legal basis and communicate clearly about how data is used
• Purpose limitation: Data is collected for specified, legitimate purposes and not processed in ways incompatible with those purposes
• Data minimization: We collect only the data that is necessary for the stated purpose
• Accuracy: We take reasonable steps to keep personal data accurate and up to date
• Storage limitation: Data is retained only for as long as necessary to fulfill its purpose
• Integrity and confidentiality: We protect data with appropriate technical and organizational measures

GDPR Compliance

For individuals in the European Economic Area (EEA) and the United Kingdom, we align our practices with the General Data Protection Regulation (GDPR). Our measures include:

• Identifying a lawful basis for all personal data processing activities
• Providing clear and accessible privacy notices
• Honoring data subject rights including access, rectification, erasure, restriction, portability, and objection
• Implementing appropriate safeguards for international data transfers as required by applicable law

CCPA / CPRA Compliance

For residents of California, we comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This includes:

• Disclosing the categories of personal information we collect and the purposes for which it is used
• Honoring requests to know, delete, and correct personal information
• Providing the right to opt out of the sale or sharing of personal information
• Not discriminating against individuals who exercise their privacy rights
• Limiting the use of sensitive personal information to what is necessary

Data Processing and Storage

We are transparent about where and how data is processed:

• Data is primarily processed and stored in the United States
• We use reputable cloud service providers that maintain industry-standard security certifications
• Where data is transferred internationally, we ensure appropriate safeguards are in place as required by applicable law
• Data processing agreements are in place with all third-party processors

Sub-Processor Management

We carefully vet and manage third-party sub-processors:

• Sub-processors are selected based on their security and compliance posture
• Contractual obligations require sub-processors to protect data in accordance with our standards
• We maintain an up-to-date list of sub-processors and notify customers of material changes
• Regular reviews are conducted to ensure ongoing compliance

Data Subject Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at info@enrichlabs.ai. We will respond to your request within the timeframe required by applicable law.

Data Breach Notification

In the event of a personal data breach:

• We maintain procedures to detect, investigate, and report breaches
• Supervisory authorities will be notified within 72 hours where required by GDPR
• Affected individuals will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms
• All breaches are documented and reviewed to improve our security measures

Data Retention and Deletion

We retain personal data only as long as necessary:

• Retention periods are defined based on the purpose of processing and legal requirements
• When data is no longer needed, it is securely deleted or anonymized
• Customers can request deletion of their data at any time, subject to applicable legal obligations

Contact Us

For questions about our data protection practices or to submit a data-related request, please contact us at: info@enrichlabs.ai