Back to Afilo

Privacy Policy

Last updated: January 30, 2025

1. Introduction

TechSci, Inc. (operating the Afilo platform) ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise software platform and services.

Contact Information:
TechSci, Inc. (operating the Afilo platform)
1111B S Governors Ave STE 34002
Dover, DE 19904, United States
Email: privacy@techsci.io
Phone: +1 302 415 3171

🚫2. Geographic Restrictions and EU Exclusion

IMPORTANT: TechSci, Inc. (operating the Afilo platform) does NOT conduct business with, nor provide services to, individuals or entities located in the European Union (EU) or European Economic Area (EEA).

This exclusion applies to the following 27 EU member states:

  • • Austria
  • • Belgium
  • • Bulgaria
  • • Croatia
  • • Cyprus
  • • Czech Republic
  • • Denmark
  • • Estonia
  • • Finland
  • • France
  • • Germany
  • • Greece
  • • Hungary
  • • Ireland
  • • Italy
  • • Latvia
  • • Lithuania
  • • Luxembourg
  • • Malta
  • • Netherlands
  • • Poland
  • • Portugal
  • • Romania
  • • Slovakia
  • • Slovenia
  • • Spain
  • • Sweden

We do not knowingly collect, process, or store personal data from individuals located in the EU/EEA.

GDPR Non-Applicability: As we do not operate in or target EU/EEA markets, the General Data Protection Regulation (GDPR) does not apply to our services.

Your Representation: By accessing our services, you represent and warrant that you are not located in the EU/EEA and are not subject to EU data protection laws.

We reserve the right to refuse service to any user if we determine they are located in the EU/EEA.

3. Permitted Operating Regions

Primary Market: TechSci, Inc. (operating the Afilo platform) is headquartered in Dover, Delaware, United States and primarily serves customers in the United States.

International Markets: We also provide services to customers in the following approved regions:

  • Canada
  • United Kingdom (post-Brexit)
  • Australia
  • New Zealand
  • Singapore
  • Japan
  • Other non-EU countries where legally permitted

We comply with applicable data protection laws in our operating jurisdictions:

  • United States: HIPAA, CCPA (California), COPPA, CAN-SPAM Act
  • Canada: PIPEDA (Personal Information Protection and Electronic Documents Act)
  • United Kingdom: UK GDPR and Data Protection Act 2018
  • Australia: Privacy Act 1988
  • Other Jurisdictions: Respective local data protection laws

4. HIPAA Compliance for Healthcare Customers

Business Associate Agreement (BAA): For customers who are Covered Entities or Business Associates under HIPAA, Afilo acts as a Business Associate and will execute a BAA.

PHI Protection: We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI) in accordance with 45 CFR §§ 164.308, 164.310, and 164.312.

Our HIPAA Safeguards Include:

  • Encryption: All PHI encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access Controls: Role-based access controls (RBAC) ensure only authorized personnel access PHI
  • Audit Logs: Comprehensive audit trails track all PHI access and modifications
  • Breach Notification: We notify affected customers within 60 days as required by HIPAA Breach Notification Rule
  • Subcontractors: Any subcontractors with PHI access execute BAAs and comply with HIPAA

To request a Business Associate Agreement, contact:hipaa@techsci.io

5. Information We Collect

Account Information:

  • Name, email address, company name, job title, phone number
  • Account credentials (passwords are hashed and never stored in plain text)
  • Profile information and preferences

Billing Information:

  • Payment information processed by Stripe (we do NOT store full credit card numbers)
  • Billing address and tax identification
  • Transaction history and invoices

Usage Data:

  • IP address, browser type, device information
  • Pages visited, features used, time spent
  • API calls, queries, and system interactions

Cookies and Tracking:

  • Essential cookies for authentication and session management
  • Analytics cookies (Google Analytics, Vercel Analytics)
  • Performance and optimization cookies

Communications:

  • Support tickets, emails, chat logs
  • Feedback, surveys, and testimonials
  • Marketing communications preferences

6. How We Use Your Information

  • Provide and improve services: Deliver platform functionality, implement new features
  • Process payments: Handle subscriptions, invoicing, and billing
  • Customer support: Respond to inquiries, troubleshoot issues, provide assistance
  • Security and fraud prevention: Detect and prevent security threats, unauthorized access
  • Legal compliance: Meet regulatory requirements, respond to legal requests
  • Marketing: Send product updates, newsletters (with opt-out option for non-essential communications)
  • Analytics: Understand usage patterns, improve user experience, optimize performance

7. Legal Bases for Processing

Contractual Necessity: Processing necessary to provide services under our agreement with you

Legitimate Interests: Improve services, ensure security, prevent fraud

Legal Obligations: Tax compliance, law enforcement requests, regulatory requirements

Consent: Marketing communications, optional features (you may withdraw consent anytime)

8. Data Sharing and Disclosure

We do NOT sell your personal information to third parties.

Service Providers:

We share data with trusted service providers who assist in delivering our services:

  • Stripe: Payment processing (PCI DSS Level 1 certified)
  • Vercel: Application hosting and deployment
  • Neon: PostgreSQL database services
  • AWS/Azure: Cloud infrastructure
  • Clerk: Authentication services
  • Resend: Email service provider
  • Upstash: Redis for rate limiting and caching
  • Analytics Providers: Google Analytics, Vercel Analytics

Legal Disclosures:

We may disclose information if required by:

  • Law, regulation, or court order
  • Government or law enforcement request
  • Protection of our rights, property, or safety
  • Investigation of fraud, security threats, or policy violations

Business Transfers:

In the event of merger, acquisition, or sale of assets, your information may be transferred. You will be notified via email and given the opportunity to delete your data.

[Content continues - this is part 1 of the Privacy Policy. Full policy spans 20+ sections including Data Retention, Security, Your Privacy Rights (CCPA, PIPEDA, UK GDPR), International Data Transfers, and more.]

← Back to HomepageEnterprise Portal →