πŸ“‹ **TABLE.OF.CONTENTS**

πŸ›‘οΈ **PRIVACY.OVERVIEW**

Effective Date: January 1, 2025

Last Updated: January 1, 2025

πŸ” **OUR.CORE.COMMITMENT**

On-Site LLM is fundamentally designed around data sovereignty and privacy protection. Our local deployment model ensures your sensitive information never leaves your premises or enters external cloud systems.

This Privacy Policy explains how On-Site LLM ("we," "our," or "us") collects, uses, protects, and discloses information when you use our locally-deployed AI services. This policy applies to residents of the United States and Canada and complies with applicable privacy laws in both jurisdictions.

🎯 **SCOPE.AND.APPLICATION**

This policy covers:

  • Information collected through our website and marketing materials
  • Data processed during consultations and demonstrations
  • Information handled during deployment and support services
  • Technical data related to system performance and maintenance

πŸ“Š **INFORMATION.COLLECTION**

πŸ” **WHAT.WE.COLLECT**

Business Contact Information:

  • Name, title, and business contact details
  • Company name and industry information
  • Professional email addresses and phone numbers
  • Preferred communication methods and times

Technical and Consultation Data:

  • Information about your IT infrastructure and requirements
  • Compliance and regulatory needs assessment
  • Project specifications and deployment preferences
  • System performance metrics (post-deployment only)

Website and Marketing Data:

  • Website usage analytics and interaction patterns
  • Form submissions and inquiry details
  • Marketing preference and communication history
  • Device and browser information for website optimization

🚫 **WHAT.WE.DO.NOT.COLLECT**

We do NOT collect, access, or process any of your operational data, client information, or confidential business content. Our locally-deployed AI systems ensure your sensitive data remains entirely within your control.

βš™οΈ **DATA.USAGE.POLICY**

🎯 **PRIMARY.PURPOSES**

We use collected information exclusively for:

  • Service Delivery: Providing consultations, demonstrations, and deployment services
  • Technical Support: Offering ongoing maintenance and system optimization
  • Communication: Responding to inquiries and providing project updates
  • Compliance: Meeting legal and regulatory obligations
  • Improvement: Enhancing our services based on feedback and performance data

πŸ“ˆ **ANALYTICS.AND.OPTIMIZATION**

We may use aggregated, non-identifying information to:

  • Improve our website user experience
  • Develop better service offerings
  • Create industry benchmarks and best practices
  • Enhance our technical support capabilities

πŸ›‘οΈ **DATA.MINIMIZATION.PRINCIPLE**

We collect only the minimum information necessary to provide our services effectively. All data collection is purpose-driven and time-limited.

🚫 **NO.DATA.SHARING.POLICY**

πŸ”’ **ABSOLUTE.COMMITMENT**

We do NOT sell, rent, trade, or otherwise redistribute your personal or business information to third parties. Your data sovereignty is our highest priority.

βš–οΈ **LIMITED.EXCEPTIONS**

Information may only be disclosed in these specific circumstances:

  • Legal Compliance: When required by valid legal process or court order
  • Emergency Protection: To protect against imminent threats to safety or security
  • Business Transition: In the event of a merger or acquisition (with identical privacy protections)
  • Authorized Representatives: To vetted service providers under strict confidentiality agreements

🀝 **SERVICE.PROVIDERS**

When we work with trusted partners (such as specialized technical contractors), they are:

  • Bound by comprehensive confidentiality agreements
  • Authorized to access only information necessary for their specific role
  • Prohibited from using information for any other purpose
  • Required to maintain equivalent security standards

πŸ” **DATA.SECURITY.MEASURES**

πŸ›‘οΈ **TECHNICAL.SAFEGUARDS**

  • Encryption: AES-256 encryption for data at rest and in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and secure protocols
  • Data Isolation: Logical and physical separation of client environments

πŸ“‹ **OPERATIONAL.CONTROLS**

  • Staff Training: Regular privacy and security awareness programs
  • Background Checks: Comprehensive screening for all personnel
  • Incident Response: Documented procedures for security event management
  • Regular Audits: Periodic security assessments and compliance reviews

πŸ”„ **DATA.RETENTION**

  • Business contact information: Retained while relationship is active + 7 years
  • Project documentation: Retained for support purposes + 3 years post-completion
  • Technical logs: Retained for 1 year unless legally required otherwise
  • Marketing data: Retained until you opt-out or withdraw consent

βš–οΈ **LEGAL.COMPLIANCE.FRAMEWORK**

πŸ‡¨πŸ‡¦ **CANADIAN.COMPLIANCE**

PIPEDA (Personal Information Protection and Electronic Documents Act): We comply with all federal privacy requirements for commercial activities across Canada.

Provincial Laws: We adhere to applicable provincial privacy legislation including PIPA (BC/AB), PHIPA (ON), and sector-specific requirements.

πŸ‡ΊπŸ‡Έ **U.S.COMPLIANCE**

State Privacy Laws: We comply with CCPA (California), VCDPA (Virginia), CPA (Colorado), and other applicable state privacy regulations.

Sector-Specific: HIPAA for healthcare, GLBA for financial services, FERPA for education, and SOX for public companies.

πŸ›οΈ **REGULATORY.COMMITMENTS**

Our compliance program includes:

  • Regular privacy impact assessments
  • Data protection officer oversight
  • Cross-border data transfer protections
  • Breach notification procedures
  • Vendor management and due diligence

πŸ‘€ **YOUR.PRIVACY.RIGHTS**

πŸ” **ACCESS.AND.CONTROL**

You have the right to:

  • Access: Request a copy of personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Receive your information in a structured, machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Object to processing based on legitimate interests

πŸ“§ **COMMUNICATION.PREFERENCES**

  • Opt-out of marketing communications at any time
  • Choose preferred communication channels and frequency
  • Update contact information and preferences
  • Request communication in specific languages (English/French)

⏱️ **RESPONSE.TIMEFRAMES**

We respond to privacy rights requests within 30 days (or as required by applicable law). Complex requests may require additional time, with notification provided.

πŸ›οΈ **REGULATORY.COMPLAINTS**

You may file complaints with:

  • Canada: Office of the Privacy Commissioner of Canada or provincial privacy commissioners
  • United States: State attorneys general or relevant sector regulators

πŸ“ž **PRIVACY.CONTACT.INFORMATION**

Data Protection Officer:

Email: [email protected]

Phone: 343-327-2388

Mailing Address:
On-Site LLM Privacy Office
[Your Business Address]
[City, Province/State, Postal/ZIP Code]

Response Commitment: We respond to all privacy inquiries within 2 business days and complete investigations within 30 days.

πŸ”„ **POLICY.UPDATES**

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through:

  • Email notification to active business contacts
  • Prominent website notice for 30 days
  • Direct notification during ongoing service relationships

Continued use of our services after notification constitutes acceptance of updated terms. For significant changes affecting your rights, we may seek explicit consent.