Privacy Policy

1. Introduction

Eyecosystems, Inc. ("Eyecosystems," "we," "us," or "our") operates the Eyecosystems accessibility data platform at eyecosystems.com and associated subdomains (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Platform.

We are committed to protecting personal information and processing it responsibly and in compliance with applicable data protection laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and, where applicable, the EU General Data Protection Regulation (GDPR).

By using the Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Platform.

---

2. Information We Collect

Information You Provide Directly

• Account information: Name, email address, job title, organization name, and password when you register for an account or request API access.
• Contact and inquiry data: Information you submit through our contact form, demo request form, or city hub waitlist (email address, city, message content).
• Payment information: Billing name, address, and payment card details, processed securely through our third-party payment processor. We do not store full card numbers.
• Correspondence: Records of communications you send to us, including support requests and feedback.

Information Collected Automatically

• Usage data: Pages visited, features accessed, API endpoints called, query parameters, and interaction timestamps.
• Device and technical data: IP address, browser type and version, operating system, referring URLs, and general geographic location derived from IP address.
• Cookies and similar technologies: Session cookies necessary for authentication, and analytics cookies to understand aggregate usage patterns. See our cookie settings for details.

Information From Third Parties

• If you access the Platform through a government procurement portal or enterprise SSO provider, we may receive basic profile information consistent with the access granted.
• We do not purchase or receive personal data from data brokers.

---

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Platform: Authenticating users, processing API requests, delivering accessibility data, and maintaining your account.
• Communications: Responding to inquiries, sending product updates, usage reports, and service notifications. You may opt out of non-essential communications at any time.
• Billing and payments: Processing subscriptions, invoices, and refunds.
• Analytics and improvement: Understanding how the Platform is used in aggregate to improve performance, fix bugs, and develop new features. We do not sell individual usage profiles.
• Legal compliance and safety: Complying with legal obligations, enforcing our Terms of Service, and protecting the rights and safety of our users and third parties.

We process your data on the following legal bases (where GDPR applies): contract performance, legitimate interests, legal obligation, and consent where explicitly obtained.

---

4. Data Sharing

We do not sell your personal information. We may share information in the following limited circumstances:

• Service providers: We share data with vetted third-party vendors who assist with hosting, payment processing, analytics, and customer support, under data processing agreements that restrict their use of your information.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify affected users before personal information becomes subject to a different privacy policy.
• Legal requirements: We may disclose information if required to do so by law, court order, or valid governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of Eyecosystems, our users, or the public.
• With your consent: We will share information for any other purpose with your explicit consent.

Aggregated, de-identified accessibility data derived from the verification network may be shared publicly or with research partners and does not identify any individual.

---

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

• Account data: Retained for the duration of your account and for up to 3 years following account closure, unless a longer period is required by law.
• API usage logs: Retained for up to 12 months for billing verification and abuse prevention.
• Waitlist and inquiry data: Retained until you opt out or withdraw consent, or for up to 2 years from submission if no account is created.
• Payment records: Retained for 7 years for tax and accounting compliance.

When data is no longer required, we securely delete or anonymize it in accordance with our data destruction policies.

---

6. Security

We implement technical and organizational measures designed to protect your personal information against unauthorized access, loss, destruction, or alteration. These include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest
• Access controls and least-privilege principles for internal systems
• Regular security reviews and dependency audits
• Incident response procedures with user notification protocols

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulators as required by law.

---

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to certain legal exceptions.
• Portability: Request a machine-readable export of your data (where technically feasible).
• Opt-out of sale: We do not sell personal information. If this practice changes, you will have the right to opt out.
• Non-discrimination: You will not receive degraded service for exercising your privacy rights.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

California residents may exercise rights under the CCPA/CPRA. EU and UK residents may exercise rights under the GDPR/UK GDPR. To make a request, contact us at the address below. We will respond within 30 days (or 45 days where an extension is permitted by law).

---

8. Contact Us

If you have questions or concerns about this Privacy Policy, or wish to exercise your rights, please contact us:

• Email: privacy@eyecosystems.com
• Mail: Eyecosystems, Inc., Attn: Privacy, Jacksonville, FL, United States

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date above and, where appropriate, by direct notice to registered users. Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.