Privacy Policy

Introduction

Last Updated: December 1, 2025

Lesos AI ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with us for AI consulting services.

By accessing our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our services.

Information We Collect

Personal Information

When you engage with our services, we may collect personal information that you voluntarily provide, including but not limited to:

• Name and contact information (email address, phone number)
• Company name and job title
• Billing and payment information
• Project requirements and business objectives
• Communications and correspondence with our team

Usage Data

We automatically collect certain information when you visit our website, including:

• IP address and browser type
• Pages visited and time spent on pages
• Referring website addresses
• Device information and operating system
• Cookies and similar tracking technologies

AI & Data Usage

When providing AI consulting and development services, we take the following measures to protect your data:

• Client data is processed only within dedicated, isolated environments
• We do not aggregate client data across different projects or clients
• Custom models developed for clients remain their exclusive property
• Training data is never shared with third parties without explicit authorization
• All AI systems are developed with privacy-by-design principles

Any use of your data for model improvement, research, or development purposes requires explicit written consent through a separate data processing agreement.

Security Measures

We implement industry-standard security measures to protect your information, including:

Encryption

• All data in transit is encrypted using TLS 1.3
• Data at rest is encrypted using AES-256 encryption
• End-to-end encryption for sensitive communications

Access Controls

• Role-based access control (RBAC) for all systems
• Multi-factor authentication (MFA) required for team access
• Regular access reviews and audit logging
• Principle of least privilege for all data access

Infrastructure Security

• SOC 2 Type II compliant infrastructure
• Regular penetration testing and security audits
• 24/7 security monitoring and incident response
• Secure development lifecycle (SDLC) practices

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

Specifically:

• Project data is retained for the duration of our engagement plus 90 days
• Contact information is retained until you request removal
• Financial records are retained for 7 years as required by law
• Website analytics data is anonymized after 26 months

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data to another service
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.