Effective Date: January 1, 2025
Last Updated: January 1, 2025

This Privacy Policy describes how Occidental Dynamics, LLC ("Occidental Dynamics," "we," "us," or "our"), a Limited Liability Company organized under the laws of the State of Wyoming, collects, uses, discloses, and protects personal information and customer data in connection with our vertically-integrated AI SaaS platform, products, services, APIs, and related infrastructure (collectively, the "Services"). We are committed to protecting your privacy and maintaining the security of your data in accordance with applicable data protection laws and regulations.

1. Company Information

Legal Entity: Occidental Dynamics, LLC is a pass-through Limited Liability Company organized under Wyoming law with foreign ownership. We operate internationally, generating revenue from sources both within and outside the United States.

Privacy Contact: privacy@occidentaldynamics.com

2. Information We Collect

We collect various types of information to provide, maintain, and improve our AI SaaS Services:

2.1 Account Information

• Name, email address, company name, and job title
• Billing information (credit card details, billing address)
• Account credentials and authentication data
• Communication preferences and subscription settings

2.2 Usage Data and API Logs

• API requests, responses, and usage metrics (timestamps, endpoints, request/response sizes)
• Model inference logs (input prompts, generated outputs, model parameters)
• Compute resource utilization (GPU hours, memory usage, processing time)
• Feature usage patterns and service interaction data
• Error logs and debugging information

2.3 Customer Data and Model Training Data

• Data you upload or submit to our Services for processing, analysis, or storage
• Training datasets provided for custom model fine-tuning (only with explicit opt-in)
• Model weights and parameters from custom fine-tuning projects
• Feedback and annotations provided for model improvement

2.4 Technical and Device Information

• IP addresses, browser type, operating system, and device identifiers
• Cookies, web beacons, and similar tracking technologies
• Referral URLs and navigation paths through our Services
• Session duration and interaction timestamps

2.5 Communications

• Support tickets, customer service inquiries, and correspondence
• Survey responses and feedback submissions
• Marketing communications preferences and engagement data

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery and Operations

• Providing access to our AI/ML platform, APIs, and SaaS applications
• Processing API requests and generating model outputs
• Managing user accounts, authentication, and access controls
• Delivering custom model fine-tuning and deployment services
• Providing technical support and customer service

3.2 Model Improvement and Analytics

• Improving our AI/ML models and algorithms (only with explicit opt-in for training data usage)
• Analyzing usage patterns to enhance service performance and user experience
• Conducting research and development on our proprietary AI infrastructure
• Monitoring system performance and optimizing compute resource allocation

3.3 Billing and Payment Processing

• Processing subscription fees and usage-based charges
• Generating invoices and maintaining billing records
• Detecting and preventing fraudulent transactions

3.4 Communications and Marketing

• Sending service updates, security alerts, and administrative messages
• Providing customer support and responding to inquiries
• Sending marketing communications (with your consent, where required)

4. Data Storage and Security

We implement industry-leading security measures to protect your data:

4.1 Infrastructure Security

• Proprietary AI Infrastructure: Data processed on our NVIDIA H100 and A100 GPU clusters with hardware-level security features
• Data Isolation: Multi-tenant architecture with strict data isolation between customers
• Encryption: TLS 1.3+ for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)

4.2 Compliance and Certifications

• SOC 2 Type II certified infrastructure
• GDPR-compliant data processing and storage
• CCPA/CPRA compliance for California residents
• Regular security audits and penetration testing

4.3 Data Residency Options

Enterprise customers can request specific data residency options, including dedicated infrastructure in preferred geographic regions to meet regulatory requirements.

5. AI/ML-Specific Privacy Provisions

5.1 Model Training Opt-In Policy

By default, we do NOT use your Customer Data to train or improve our foundation models. Model training on customer data requires explicit opt-in consent. You maintain full control over whether your data is used for model improvement purposes.

5.2 Inference Logs and Model Outputs

We retain inference logs (API requests and model outputs) for up to 30 days for debugging, support, and service improvement purposes. Enterprise customers can request shorter retention periods or immediate deletion of inference logs.

5.3 Custom Model Fine-Tuning

For custom model fine-tuning services, you retain ownership of your training data and the resulting fine-tuned model weights. We do not use your fine-tuning data to improve our base models without explicit permission.

6. International Data Transfers and Cross-Border Processing

As a company with international operations, we may transfer and process data across borders:

6.1 Data Transfer Mechanisms

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers from the EEA to the United States
• Adequacy Decisions: We rely on adequacy decisions where available for international transfers
• Data Processing Agreements: Enterprise customers receive comprehensive DPAs addressing international transfers

6.2 Cross-Border Service Delivery

Our AI SaaS platform serves customers globally. Data may be processed in multiple jurisdictions to optimize performance and ensure service availability. We maintain appropriate safeguards for all international data transfers.

7. Data Retention and Deletion

7.1 Retention Periods

• Account Data: Retained for the duration of your subscription plus 90 days after termination
• API Logs: Retained for 30 days (customizable for Enterprise customers)
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• Customer Data: Deleted within 30 days of account termination or upon request

7.2 Data Deletion Requests

You may request deletion of your data at any time by contacting privacy@occidentaldynamics.com. We will process deletion requests within 30 days, subject to legal retention requirements.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

8.1 GDPR Rights (EU/EEA Residents)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Restrict Processing: Request limitation of data processing

8.2 CCPA/CPRA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale or sharing of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment
• Right to Correct: Request correction of inaccurate personal information

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@occidentaldynamics.com. We will respond to your request within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns:

9.1 Types of Cookies

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand usage patterns and improve our Services
• Preference Cookies: Remember your settings and preferences

9.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our Services.

10. Third-Party Service Providers

We engage trusted third-party service providers to support our operations:

• Payment Processors: For secure payment processing (PCI DSS compliant)
• Cloud Infrastructure Providers: For hosting and compute resources
• Analytics Providers: For usage analytics and service improvement
• Customer Support Tools: For providing technical support

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify. We conduct due diligence on all service providers to ensure they meet our security and privacy standards.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery (as required by GDPR)
• Provide details about the nature of the breach, data affected, and remediation steps
• Notify relevant regulatory authorities as required by applicable law
• Take immediate action to contain the breach and prevent future incidents

12. Children's Privacy (COPPA Compliance)

Our Services are not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@occidentaldynamics.com.

13. Enterprise Customer Provisions

Enterprise customers receive additional privacy protections:

• Data Processing Agreements (DPAs): Comprehensive DPAs addressing GDPR Article 28 requirements
• Business Associate Agreements (BAAs): HIPAA-compliant BAAs for healthcare customers
• Custom Data Residency: Dedicated infrastructure in preferred geographic regions
• Enhanced Security Controls: Additional security measures including dedicated encryption keys
• Audit Rights: Right to audit our data processing practices

14. Compliance with Privacy Regulations

We maintain compliance with major privacy regulations:

• GDPR: EU General Data Protection Regulation for EU/EEA data subjects
• CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act
• EU AI Act: Compliance with emerging AI regulations including transparency and risk management requirements
• HIPAA: Health Insurance Portability and Accountability Act (for healthcare customers with BAAs)
• FINRA: Financial Industry Regulatory Authority requirements (for financial services customers)
• SOC 2 Type II: Annual audits of our security, availability, and confidentiality controls

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email at least 30 days before taking effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Team: privacy@occidentaldynamics.com
Legal Team: legal@occidentaldynamics.com

---

By using Occidental Dynamics' Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.