Privacy Policy
Last updated: 8 April 2026
1. INTRODUCTION
This Privacy Policy (“Policy”) describes how Aradyne Limited LTD (“Aradyne”, “we”, “us”, or “our”), a company registered in the Republic of Cyprus under registration number HE 486706, collects, uses, discloses, and protects personal data in connection with the PeakSpitz AIERP platform (the “Service”). Aradyne is the data controller with respect to the personal data described in Sections 3 and 4 of this Policy, and acts as a data processor on behalf of Subscribers with respect to Subscriber Data, as described in the Data Processing Addendum.
This Policy applies to: (i) visitors to our website at peakspitz.com and its subdomains; (ii) individuals who create an account or subscribe to the Service; (iii) Users and Authorized Parties who access the Service under a Subscriber’s account; and (iv) individuals who contact us for support, sales, or other inquiries.
2. DATA CONTROLLER
The data controller for the processing described in this Policy is:
Aradyne Limited LTD, Orfeos 3a, Nicosia 1070, Cyprus. For privacy inquiries, contact: [email protected].
3. PERSONAL DATA WE COLLECT
3.1 Account and Registration Data.
When you create an account or subscribe to the Service, we collect: name, email address, company name, job title, billing address, telephone number, and payment information (processed by our third-party payment processor; we do not store full payment card numbers).
3.2 Service Usage Data.
We automatically collect data about how you use the Service, including: IP address, browser type and version, device identifiers, operating system, pages visited, features used, timestamps, session duration, and referral URLs.
3.3 Operational Telemetry Data.
We collect system performance metrics, error logs, API call metadata, and feature-usage statistics for the purpose of improving, maintaining, and operating the Service, including training machine learning models that form part of the Service. Telemetry data does not contain Subscriber Data or Personal Data and cannot reasonably be used to identify any individual. Subscribers may opt out of non-essential telemetry collection by written notice to [email protected], as described in Section 7.5 of the Subscription Terms of Service.
3.4 Support and Communications Data.
When you contact us, we collect: your name, email address, the content of your communication, and any attachments or files you provide.
3.5 Cookies and Similar Technologies.
We use strictly necessary cookies to operate the Service and, with your consent, analytics cookies to understand usage patterns. We do not use advertising or tracking cookies. You may manage cookie preferences through your browser settings or our cookie consent mechanism. For details, see Section 8 of this Policy.
4. HOW WE USE PERSONAL DATA
We process personal data for the following purposes and on the following legal bases under Article 6(1) of the GDPR:
Purpose | Data Categories | Legal Basis |
Providing and operating the Service | Account data, usage data | Performance of contract (Art. 6(1)(b)) |
Billing and payment processing | Account data, payment data | Performance of contract (Art. 6(1)(b)) |
Customer support | Account data, communications data | Performance of contract (Art. 6(1)(b)) |
Service improvement and analytics | Usage data, telemetry data | Legitimate interest (Art. 6(1)(f)) |
AI model improvement (non-personal telemetry only) | Telemetry data (anonymised) | Legitimate interest (Art. 6(1)(f)) |
Security, fraud prevention, and abuse detection | Usage data, IP addresses, logs | Legitimate interest (Art. 6(1)(f)) |
Legal compliance and regulatory obligations | All categories as required | Legal obligation (Art. 6(1)(c)) |
Marketing communications (with consent) | Account data | Consent (Art. 6(1)(a)) |
Where we rely on legitimate interest, we have conducted a balancing test and determined that our interests do not override the rights and freedoms of data subjects.
5. AI ASSISTANT AND AUTOMATED PROCESSING
5.1 AI Processing Transparency.
The Service includes an AI Assistant that processes data to provide recommendations, analysis, and other AI-generated outputs. Aradyne does not use Personal Data or Subscriber Data to train, fine-tune, or improve machine learning models without the explicit written consent of the Subscriber, as set forth in Section 9.1(iii) of the Data Processing Addendum.
5.2 Automated Decision-Making.
The AI Assistant does not make decisions that produce legal effects or similarly significant effects on individuals without human oversight. Where the AI Assistant is used to support decision-making, the Subscriber is responsible for implementing appropriate human oversight measures as described in Section 6 of the Subscription Terms of Service.
5.3 EU AI Act Classification.
Aradyne has assessed the AI Assistant under Regulation (EU) 2024/1689 (the EU AI Act) and classified it as a low-risk AI system. Aradyne maintains documentation of this classification. Under the EU AI Act, Aradyne is the “provider” and the Subscriber is the “deployer” of the AI Assistant, with respective obligations as set forth in Section 6.2 of the Subscription Terms of Service.
6. DATA SHARING AND RECIPIENTS
We share personal data with the following categories of recipients, each bound by written data protection agreements imposing obligations equivalent to this Policy and the Data Processing Addendum:
6.1 Sub-processors.
We use approved sub-processors for cloud infrastructure, AI inference, and transactional email services. The current list of sub-processors is set forth in Annex 3 of the Data Processing Addendum, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), OVH, Cerebras, Deepinfra, Mistral AI, Apple, Brevo/Mailjet, and Green Cloud.
6.2 Professional Advisors.
We may share personal data with our legal, accounting, and insurance advisors to the extent necessary for the provision of their professional services to Aradyne.
6.3 Law Enforcement and Regulators.
We may disclose personal data where required by applicable law, regulation, court order, or governmental request, or where disclosure is necessary to protect Aradyne’s legal rights or to comply with a legal obligation.
6.4 No Sale or Sharing of Personal Data.
Aradyne does not sell or “share” (as defined under the California Consumer Privacy Act) personal data to or with third parties. Aradyne does not use personal data for targeted advertising.
7. INTERNATIONAL DATA TRANSFERS
Personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, in connection with the sub-processors listed in Annex 3 of the Data Processing Addendum. Such transfers are subject to appropriate safeguards, including: (i) adequacy decisions issued by the European Commission; (ii) Standard Contractual Clauses (SCCs) approved by the European Commission; or (iii) other mechanisms recognised under the GDPR, as described in Section 6 of the Data Processing Addendum.
8. COOKIES AND SIMILAR TECHNOLOGIES
8.1 Strictly Necessary Cookies.
These cookies are essential for the operation of the Service and cannot be disabled. They include session cookies for authentication, security tokens, and load-balancing cookies.
8.2 Analytics Cookies.
With your consent, we use analytics cookies to understand how the Service is used, measure performance, and identify areas for improvement. You may withdraw consent at any time through the cookie consent mechanism on our website.
8.3 No Advertising Cookies.
We do not use advertising cookies, tracking pixels, or similar technologies for the purpose of targeted advertising or behavioural profiling.
9. DATA RETENTION
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods are as follows:
Account and registration data: retained for the duration of the subscription and for a period of thirty (30) days following termination, after which it is deleted unless retention is required by law.
Service usage data: retained in identifiable form for up to twelve (12) months, after which it is anonymised and retained indefinitely for analytics purposes.
Operational telemetry data: retained in anonymised form indefinitely for Service improvement.
Support and communications data: retained for the duration of the subscription and for up to twenty-four (24) months following termination.
Subscriber Data processed on behalf of the Subscriber: retained and deleted in accordance with the Data Processing Addendum and Section 9.3 of the Subscription Terms of Service.
10. DATA SECURITY
Aradyne implements appropriate technical and organisational measures to protect personal data, including: encryption in transit (TLS 1.2 or higher) and at rest (AES-256); role-based access controls with multi-factor authentication; intrusion detection and prevention systems; regular vulnerability assessments and penetration testing; documented incident response procedures; and regular security audits. These measures are described in detail in Annex 2 of the Data Processing Addendum.
11. YOUR RIGHTS
11.1 Rights Under the GDPR.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR: (i) the right to access your personal data; (ii) the right to rectification of inaccurate or incomplete data; (iii) the right to erasure (“right to be forgotten”); (iv) the right to restriction of processing; (v) the right to data portability; (vi) the right to object to processing based on legitimate interest; (vii) the right to withdraw consent at any time; and (viii) the right to lodge a complaint with a supervisory authority (in Cyprus, the Office of the Commissioner for Personal Data Protection).
11.2 Rights Under US State Privacy Laws.
If you are a resident of California or another US state with applicable privacy legislation, you have additional rights including: the right to know what personal data is collected and how it is used; the right to request deletion of personal data; the right to opt out of the sale or sharing of personal data (noting that Aradyne does not sell or share personal data); and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact [email protected].
11.3 How to Exercise Your Rights.
To exercise any of the rights described above, contact us at [email protected]. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law. We may request verification of your identity before processing your request.
12. CHILDREN’S PRIVACY
The Service is not directed at individuals under the age of 16 (or such higher age as applicable in the relevant jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete such data.
13. PROHIBITED INPUT DATA
Subscribers and Users shall not submit to the Service any of the following categories of data: (i) special categories of personal data within the meaning of Article 9 of the GDPR; (ii) financial account credentials or payment card numbers subject to PCI DSS; (iii) government-issued identification numbers; (iv) data subject to HIPAA or equivalent health data protection legislation; or (v) data classified under any governmental security classification scheme. For the complete prohibition, see Section 6.9 of the Subscription Terms of Service and Section 3.6 of the Acceptable Use Policy.
14. CHANGES TO THIS POLICY
We may update this Policy from time to time. We will notify Subscribers of material changes by providing at least thirty (30) days’ prior written notice. The “Last Updated” date at the top of this Policy indicates the date of the most recent revision. Continued use of the Service after the effective date of any changes constitutes acceptance of the revised Policy.
15. CONTACT US
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us at:
Aradyne Limited LTD
Orfeos 3a, Nicosia 1070, Cyprus
Email: [email protected]
For complaints regarding the processing of your personal data, you may also contact the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus at www.dataprotection.gov.cy.
16. GOVERNING LAW AND JURISDICTION
This Privacy Policy is governed by the laws of the Republic of Cyprus and the GDPR. Any disputes arising from or in connection with this Policy shall be submitted to the exclusive jurisdiction of the courts situated in Limassol, Cyprus, without prejudice to the right of data subjects to lodge complaints with a supervisory authority.