Privacy Policy

Huaren.ai ("we", "our", or "us") is committed to protecting the privacy of individuals who interact with our services. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access our enterprise AI automation services, lifestyle AI tools, or visit our website.

This Policy applies to all users of Huaren.ai services globally, with additional provisions for users in Canada and the United States as outlined in the Jurisdictional Clauses section.

Enterprise & Business Services

When you engage our Enterprise AI solutions — including business process automation, AI integration, web development, or analytics — we may collect:

• —Business contact information: name, title, company, email address, phone number
• —Organisation data: company size, industry sector, registered address
• —Operational data: workflow configurations, system integration credentials (stored encrypted), business process documentation you share with us
• —Usage analytics: feature engagement, session data, performance metrics within your deployed AI systems
• —Communications: emails, meeting notes, and support correspondence

Lifestyle & Community Services

When you use our Lifestyle AI tools — including smart living assistants, cultural content, language learning, or travel services — we may collect:

• —Account information: name, email address, preferred language, cultural background (optional)
• —Preference data: daily routine patterns, content interests, language learning progress
• —Interaction data: queries submitted to AI assistants, feedback ratings, saved content
• —Device & technical data: IP address, device type, browser type, operating system, time zone
• —Location data (with consent): general region for localised content and travel services

AI Interaction Data

Conversations and queries submitted to our AI systems may be used, in anonymised and aggregated form, to improve model quality and safety. You may opt out of this in your account settings. We do not use personal AI conversation data to train commercial third-party models.

We use the information we collect for the following purposes:

• —Service delivery: provisioning and operating the AI services you have subscribed to
• —Personalisation: tailoring AI assistant responses, content recommendations, and interface settings to your preferences
• —Communication: sending service updates, security alerts, invoices, and support responses
• —Improvement: analysing aggregated usage patterns to enhance performance, accuracy, and feature development
• —Security: detecting, preventing, and responding to fraud, abuse, and security incidents
• —Legal compliance: meeting our obligations under applicable laws and regulations

Our AI systems are designed to assist — not to replace — human judgment. Outputs generated by Huaren.ai AI models are probabilistic in nature and should be reviewed before reliance in high-stakes decisions.

Model Behaviour & Bias

We implement ongoing bias auditing and red-team testing on our AI systems. Despite these safeguards, AI outputs may occasionally reflect unintended biases. We maintain a responsible disclosure programme — if you identify potentially biased or harmful outputs, please report them to our safety team.

Data Retention in AI Systems

• —Conversation logs: retained for 90 days by default, configurable to 0 days (no logging) on Enterprise plans
• —Personalisation profiles: retained for the duration of your account, deletable on request
• —Anonymised training data: retained indefinitely in aggregated form; individual contributions are irreversibly anonymised prior to use
• —Business operational data: retained for the duration of your service agreement plus 7 years for legal compliance

Third-Party AI Models

Some features may leverage third-party foundational AI models (e.g., large language models from external providers). In such cases, data submitted to those systems is governed by both this Policy and the respective third-party privacy terms. We select partners who maintain data processing agreements consistent with our standards.

We may share your information with:

• —Service providers: cloud infrastructure, payment processors, analytics partners — bound by data processing agreements
• —Professional advisors: lawyers, auditors, and insurers under confidentiality obligations
• —Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred with appropriate notice
• —Legal authorities: where required by law, court order, or to protect our legal rights

We do not share personal information with unrelated third parties for their marketing purposes.

Canada — PIPEDA & Provincial Laws

For users located in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation (PIPA in Alberta and British Columbia; Quebec Law 25).

• —You have the right to access your personal information and request corrections
• —You may withdraw consent for non-essential data processing at any time
• —Cross-border data transfers to the United States are conducted under standard contractual clauses
• —Quebec residents may request disclosure of automated decision-making logic affecting them

United States — State Privacy Laws

For users in applicable US states (including California under CCPA/CPRA, Virginia under VCDPA, and Colorado under CPA), the following rights apply:

• —Right to Know: request disclosure of personal information collected about you in the past 12 months
• —Right to Delete: request deletion of your personal information, subject to legal exceptions
• —Right to Opt Out: opt out of the sale or sharing of personal information (we do not sell data)
• —Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights
• —Right to Correct: request correction of inaccurate personal information

We implement industry-standard security measures proportionate to the sensitivity of your data:

• —Encryption at rest (AES-256) and in transit (TLS 1.3)
• —Role-based access controls with principle of least privilege
• —Regular penetration testing and vulnerability assessments
• —SOC 2 Type II alignment for Enterprise deployments
• —Incident response plan with 72-hour breach notification capability

No system is entirely immune to security risks. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

Depending on your jurisdiction, you may have the right to:

• —Access a copy of the personal information we hold about you
• —Correct inaccurate or incomplete information
• —Request deletion of your personal information
• —Object to or restrict certain processing activities
• —Receive your data in a portable, machine-readable format
• —Withdraw consent where processing is based on consent
• —Lodge a complaint with your applicable data protection authority

To exercise any of these rights, contact us via the form below. We will verify your identity and respond within 30 days (or as required by applicable law).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (if you have an account) or by posting a prominent notice on our website at least 14 days before the changes take effect.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Policy.