Privacy Policy

Privacy Policy for SmileAi

 

Introduction

Welcome to https://smileai.io. We understand that online privacy is important to the users of our Site, especially when conducting business. This statement governs our privacy policies with respect to users of the Site (“Visitors”) who visit without transacting business and Visitors who register to transact business on the Site and make use of the various services offered by This APP (collectively, “Services”) (“Authorized Customers”).

 

Personal Identification Information

Refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, including, but not limited to, name, address, phone number, email address, IP address, location, and browser. Personal Identification Information does not include information collected anonymously (that is, without identification of the individual user) or demographic information not connected to an identified individual.

 

What Personal Identification Information is collected?

We may collect basic user profile information from all of our Visitors. We collect the following additional information from our Authorized Customers: the names, addresses, phone numbers, email addresses, IP addresses, locations, and browsers of Authorized Customers, the nature and size of the business, and the nature and size of the advertising inventory that the Authorized Customer intends to purchase.

 

What organizations are collecting the information?

In addition to our direct collection of information, our third-party service vendors (such as credit card companies, clearinghouses, and banks) who may provide such services as credit, insurance, and escrow services may collect this information from our Visitors and Authorized Customers. We do not control how these third parties use such information, but we do ask them to disclose how they use personal information provided to them by Visitors and Authorized Customers. Some of these third parties may be intermediaries that act solely as links in the distribution chain and do not store, retain, or use the information provided to them.

 

How does the Site use Personal Identification Information?

We use Personal Identification Information to customize the Site, make appropriate service offerings, and fulfill buying and selling requests on the Site. We may email Visitors and Authorized Customers about research or purchase and selling opportunities on the Site or information related to the subject matter of the Site. We may also use Personal Identification Information to contact Visitors and Authorized Customers in response to specific inquiries, or to provide requested information.

 

With whom may the information be shared?

Personal Identification Information about Authorized Customers may be shared with other Authorized Customers who wish to evaluate potential transactions with other Authorized Customers. We may share aggregated information about our Visitors, including the demographics of our Visitors and Authorized Customers, with third-party vendors.

 

How is Personal Identification Information stored?

Personal Identification Information collected by This APP is securely stored and is not accessible to third parties or employees of This APP except for use as indicated above.

 

What choices are available to Visitors regarding collection, use and distribution of the information?

Visitors and Authorized Customers may opt out of receiving unsolicited information or being contacted by us and/or our vendors and affiliated agencies by responding to emails as instructed or by contacting us.

 

Are Cookies Used on the Site?

Cookies are used for a variety of reasons. We use Cookies to obtain information about the preferences of our Visitors and the services they select. We also use Cookies for security purposes to protect our Authorized Customers. For example, if an Authorized Customer is logged on and the site is unused for more than 10 minutes, we will automatically log the Authorized Customer off.

 

How does This APP use login information?

This APP uses login information, including, but not limited to, IP addresses, ISPs, and browser types, to analyze trends, administer the Site, track a user’s movement and use, and gather broad demographic information.

 

Which partners or service providers have access to Personal Identification Information from Visitors and/or Authorized Customers on the Site?

This APP has entered into and will continue to enter into partnerships and other affiliations with a number of vendors. Such vendors may have access to certain Personal Identification Information on a need to know basis for evaluating Authorized Customers for service eligibility. Our privacy policy does not cover their collection or use of this information. Disclosure of Personal Identification Information to comply with law. We will disclose Personal Identification Information in order to comply with a court order or subpoena or a request from a law enforcement agency to release information. We will also disclose Personal Identification Information when reasonably necessary to protect the safety of our Visitors and Authorized Customers.

 

How is Personal Identification Information kept secure?

All of our employees are familiar with our security policy and practices. The Personal Identification Information of our Visitors and Authorized Customers is only accessible to a limited number of qualified employees who are given a password in order to gain access to the information. We audit our security systems and processes on a regular basis. Sensitive information, such as credit card numbers or social security numbers, is protected by encryption protocols, in place to protect information sent over the Internet. While we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering, and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be liable to Visitors or Authorized Customers for any such occurrences.

 

How can Visitors correct any inaccuracies in Personal Identification Information?

Visitors and Authorized Customers may contact us to update Personal Identification Information about them or to correct any inaccuracies by emailing us.

 

Can a Visitor delete or deactivate Personal Identification Information collected by the Site?

We provide Visitors and Authorized Customers with a mechanism to delete/deactivate Personal Identification Information from the Site's database by contacting us. However, because of backups and records of deletions, it may be impossible to delete a Visitor's entry without retaining some residual information. An individual who requests to have Personal Identification Information deactivated will have this information functionally deleted, and we will not sell, transfer, or use Personal Identification Information relating to that individual in any way moving forward.

 

What happens if the Privacy Policy changes?

We will let our Visitors and Authorized Customers know about changes to our privacy policy by posting such changes on the Site. However, if we are changing our privacy policy in a manner that might cause disclosure of Personal Identification Information that a Visitor or Authorized Customer has previously requested not be disclosed, we will contact such Visitor or Authorized Customer to allow such Visitor or Authorized Customer to prevent such disclosure.

 

Links

https://smileai.com.br contains links to other websites. Please note that when you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.

 

What is GDPR?

GDPR stands for General Data Protection Regulation. A new law enforced by the EU to protect the end-user's personal data. This law imposes several aspects of data security. Here we want to give a guideline on how we protect your data, what our responsibility is, and what your responsibility is. We strongly suggest you read all our documentation or another article on GDPR and decide if you want to use our application or not. We are not responsible for any negligence or failure to protect data on your side or any third party. Take your time to read the documentation and act wisely, stay safe.

 

Definition of Personal Data

Any data owned by an individual is their personal data. It can be someone's name, image, email address, physical address, social media post, location, computer IP address, etc. The ownership of the user's personal data is absolute. This means that where and how the data is saved, it belongs only to the user. The data collector or data user (Facebook, YouTube) cannot show, save, share or perform any other activity with the user's personal data without the user's explicit or implicit permission. If a user gives permission to use their data in a specific type of action (data storage, data display, etc.), it may be used by the app administrator. To visualize this, consider a hypothetical situation. You post a status on social media. Here you gave implicit permission to show the post to your public or private contacts. The app administrator is not responsible for any abusive comments on your post made by your contacts. This means that if you made your data public, then it is your responsibility. But the app administrator is responsible for any data sharing with third parties. If any data is shared, it must be stated explicitly in advance. So, we see how uploading and displaying data depends on both the administrator and the app user. More details you will get by reading the full documentation.

 

Developer Responsibility

The safeguarding of the user's personal data in the application's back-end is the developer's responsibility. The developer is responsible for how user data (name, phone number, email, etc.) and other information (such as user interaction records with the application) are stored in the database and on the server. We will detail how the data you send directly (name, email, etc.) and indirectly (browser name, computer IP, etc.) is saved in the database and on the server. Once any data is uploaded to the server, the security of the data depends on the server's security and, sometimes, on the application's administrator. The user will be notified about all temporary (cookie and session) and permanent (data saved in the database) data saving. The user will have the option to permanently delete all their personal data after account deletion or service cancellation. We guarantee that we do not keep user activity records or any other backdoor to extract user data. At some point, access to the cpanel and other credentials of the application administrator are needed by the developer to support and maintain the application for a short period before the application goes fully online. We strongly recommend that the application administrator change these credentials once the work is done. The developer cannot be held responsible for any credential leakage in this regard. The developer also cannot be held responsible for any inadvertent security failure in the application. After all, data shared online is always at risk of leaking. Therefore, we strongly suggest that you do not share any data that might compromise any other individual.

 

Application Administrator Responsibility

The Application Administrator has unrestricted access to the user's personal data. The administrator can access the database, server logs, and any other information within the administrator's reach. The application administrator can view and copy the data saved in the database and on the server. The application administrator can share the user's personal data with third parties. How the user's data is used must be announced by the application administrator explicitly before user registration. The administrator must not allow anyone to extract data openly or disguised as research, fill out the form, or any other means. The application administrator enjoys more privileges in the application. Therefore, the administrator has the greatest responsibility to maintain the user's personal data.

 

User Responsibility

Everything depends on the user. If the user does not send data, there will be no data breach. But this is not an option. The user's main priority is to read all the documentation of the developer and the application administrator and then send the data. The secure maintenance of the user's credential is the user's sole responsibility. The password and username can be encrypted in the database, but a dictionary word or highly predictable password for a specific user can easily give access to the user's account to a hacker. Change your credentials if there is any suspicious activity by an unauthorized person or if you share your credentials with someone for some unavoidable reason. Always think before sending.

 

Our Action on GDPR

• Collect the minimum data possible. Tell the user the necessity or collection of specific data.

• Apply HTTPS

• Destroy all sessions and cookies after logout.

• Do not track user activity for commercial purposes.

• Inform users of any logs that save the IP and location of the computer.

• Clear terms and conditions.

• Inform the user about any data sharing with third parties.

• Create clear policies on data breaches.

• Delete data upon cancellation of subscription or account deletion.

• Fix web vulnerabilities.

 

GDPR Supported Features

• Goodbye, App: After canceling your subscription or deleting your account, we give the option to delete all your existing data or data related to your account. Note that this action is irreversible. The moment you say yes to delete all your data, it will be erased from the database and server forever. You can back up the data before deleting in case you re-subscribe or register again.

• Secrecy is my right: We encrypt most of your personal data in the database. If something bad happens (data breach), the hacker will get an encrypted hash, not your personal data in plain text. Therefore, your secrecy will remain intact even in case of a data breach. Note that some data cannot be encrypted because we need to show it when logging into the account (such as username). We will hide all your personal data as much as possible.

• **No cookies and session saving:** We will give the option to save or not save the cookie and session. Even if you save the cookie and session, they will be destroyed after logout. We strongly suggest you do not save your credential in the browser. Memorize your credential or use tools like LastPass to manage your credential.

• Destroy footprints: We do not save or track any of your activities for commercial purposes. We may store your login time or IP for security purposes only. When you delete your account, every part of your data will be deleted from the server.

• Social engineering is bad: We do not log any of your personal activities in the application. Logging the user's personal activity, analyzing it, and trying to sell a product or motivate the user to seek a certain thought based on the analyzed data is becoming a negligence. We do not do such things.

• Notify me: Be notified about all your activity related to your account (account creation, password change) via email. We suggest you change your credential if anything unusual occurs.

• Policy Update Notification: You will be notified of any privacy policy or disclaimer updates. Read your email on this matter and decide your action. Feel free to inquire about this matter.

• Connect without worries: We apply HTTPS everywhere. Data sniffing is not possible in this case. Even if possible, the sniffer will get an encrypted hash. Therefore, feel safe to use our application.

• No data collection: We do not collect any user data. No backdoor, no hidden option to collect data. Once the application is uploaded to the server, we cannot enter the application without the application administrator's password. Therefore, do not worry about any hidden data leaks.

• Data breach policy: We have implemented all security measures to carefully store your data in the database (data encryption, MySQLi, SQL injection prevention, input verification, etc.). But we are not responsible for server data breaches. Because it is the full responsibility of the application administrator and the server administrator to protect your data from breaches. Any weak or highly predictable password of the application administrator or server administrator can compromise the database. Any inherent failure in database configuration can leak the database (MongoDB security failure). Any server security failure can lead to data leakage. Contact your application administrator regarding this matter.