GDPR

Introduction

Pluro.ai is committed to ensuring compliance with the General Data Protection Regulation (GDPR) to protect the personal data of its users and customers. This document outlines our policies, procedures, and commitments to data privacy and security.

Scope

This GDPR compliance document applies to all personal data processed by Pluro.ai, including data collected, stored, and transmitted through its systems, services, and platforms. It also applies to third parties processing data on our behalf.

Personal Data We Collect

Pluro.ai may collect the following types of personal data:

  • User Identification Data: Names, email addresses, phone numbers.
  • Technical Data: IP addresses, cookies, and device information.
  • Usage Data: Logs of system usage, preferences, and interactions with our services.
  • Sensitive Data: Only collected if explicitly required and with consent (e.g., accessibility preferences).

Purpose of Data Processing

We process data for the following purposes:

  • Providing and improving our services.
  • Ensuring accessibility compliance for our users.
  • Sending notifications and updates related to service functionality.
  • Analyzing performance to enhance user experience.
  • Complying with legal and regulatory obligations.

Lawful Basis for Processing

We process personal data based on one or more of the following lawful bases:

  • Consent: Explicit consent provided by the user.
  • Contractual Necessity: To fulfill obligations under service agreements.
  • Legal Obligations: Compliance with regulatory requirements.
  • Legitimate Interests: Improving service performance while respecting user rights.

Data Subject Rights

Pluro.ai respects the rights of data subjects under the GDPR, including:

  • Right to Access: Users can request copies of their data.
  • Right to Rectification: Users can correct inaccurate data.
  • Right to Erasure: Users can request deletion of their data.
  • Right to Restriction of Processing: Users can limit data usage.
  • Right to Data Portability: Users can receive data in a transferable format.
  • Right to Object: Users can object to specific data uses.

Users can manage their personal data, including deletion or updates, directly through their personal dashboard within the Pluro.ai system. Requests requiring additional assistance can be submitted via our Support Team at support@pluro.ai.

Data Security Measures

  • To safeguard data, Pluro.ai implements:

    • Encryption: AES-256 encryption for data at rest and TLS for data in transit, including HTTPS encryption for all web traffic and encrypted storage for customer configuration data in AWS shared storage systems.
    • Access Controls: Role-based permissions and multi-factor authentication (MFA).
    • Auditing and Monitoring: Continuous monitoring for security breaches and activity logs to detect unauthorized access.
    • Incident Response Plan: A structured plan to address data breaches, assess impacts, and notify authorities and affected users within 72 hours.

Penetration Testing and Security Audits

Pluro.ai conducts regular penetration testing and security audits to identify and mitigate vulnerabilities in our systems. These tests are performed by certified security professionals to ensure the highest level of protection against cyber threats. Results are analyzed, and any identified risks are promptly addressed.

Consent Management

  • Transparent consent forms and banners for cookies.
  • Users can withdraw consent at any time through their personal dashboard.
  • Logs are maintained to track and document user consents.

Third-Party Processors

Pluro.ai partners with third-party service providers to deliver its services. All third parties are contractually bound by Data Processing Agreements (DPA) to comply with GDPR.

Data Retention Policy

  • Data is retained only for the duration necessary to fulfill its purpose or as required by law.
  • Users are informed of retention periods during data collection.
  • Data can be deleted upon request.

Data Breach Response Plan

In case of a data breach:

  1. Assessment and containment of the breach.
  2. Notification to authorities within 72 hours.
  3. Communication with affected users.
  4. Implementation of corrective measures.

Data Protection Officer (DPO)

Pluro.ai has appointed Shlomi as the interim Data Protection Officer (DPO) to oversee GDPR compliance and act as the contact point for regulatory authorities and data subjects. For inquiries, contact our DPO at support@pluro.ai.

Disclaimer

This document is provided for informational purposes only and does not constitute legal advice. While Pluro.ai makes every effort to ensure the accuracy and completeness of the information provided, it cannot guarantee that all details will remain current or applicable in all situations. Users are encouraged to consult with legal counsel for specific advice regarding GDPR compliance and data protection obligations.

Pluro.ai reserves the right to update or modify this document as necessary to reflect changes in laws, regulations, or internal policies.

Conclusion

Pluro.ai is dedicated to upholding the highest standards of data protection and privacy. Our policies and practices are continuously reviewed to ensure compliance with GDPR and other data privacy regulations.

For additional information, contact us at support@pluro.ai.