DATA TREATMENT Policy

 

My-Caddy.ai Treatment Policy

Last Updated: September 15, 2025

This Data Treatment Policy outlines the terms and conditions under which we use the data and metadata generated by the use of licenses/memberships purchased for Caddy (the "Product") via My-Caddy.ai.

Please read this policy carefully. By purchasing a license/membership for the Product, you agree to be bound by the terms of this Data Treatment Policy. This policy is incorporated by reference into our Terms of Service and End-User License Agreement (EULA).

1. Overview

AltDigital is committed to protecting the integrity, confidentiality, and responsible use of data entrusted to the CADDY platform. This policy describes how we collect, process, and retain your data—including user-uploaded files, chatbot interactions, and account-specific information—across the entire lifecycle of your engagement with CADDY.

2. Use of Generative AI

To enhance platform functionality and user experience, we employ generative AI technologies. These technologies, including models provided by third-party services like OpenAI, may be used to process the following types of data:

  • Uploaded Artifacts: Any documents, files, or materials you submit during the due diligence process or other uses within the platform.

  • Chatbot Interactions: All questions, prompts, and responses exchanged with CADDY’s chatbot service.

By using these features, you consent to the processing of your data by these generative AI systems. This includes the secure transmission of your data to third-party providers for analysis and to generate responses, as necessary to provide the service.

3. Tenant Closure and Data Retention

When a tenant account is closed or abandoned—defined as a failure to renew the subscription within a 14-day grace period—AltDigital reserves the right to process your tenant data and metadata to improve its products and services.

  • Opt-Out Mechanism: Tenant administrators may opt out of post-closure data processing. This can be done by selecting the checkbox labeled “Exclude this tenant from post-closure data harvesting” in the administration interface.

  • Data Minimization and Anonymization: Any data that is processed after closure will be subject to strict minimization protocols. We will make every reasonable effort to ensure that personally identifiable information (PII) and sensitive organizational identifiers are excluded from this process. Metadata may be retained and analyzed in an aggregated form.

  • Irrevocable Destruction: All tenant data, including backups and derived artifacts, will be permanently destroyed within 90 days of confirmed closure or abandonment.

4. Metadata Usage

We may collect and analyze metadata associated with your account activity, including timestamps, usage patterns, file types, and interaction logs. This metadata is used to improve platform performance, reliability, and the overall user experience.

5. Data Security and Third-Party Providers

We implement robust technical, administrative, and organizational security measures to protect your data from unauthorized access, loss, or misuse. This includes the use of encryption for data in transit and at rest, as well as strict access controls to limit employee access. While we strive to protect your information, no security system is completely impenetrable, and we cannot guarantee the absolute security of your data.

We may engage third-party companies and individuals to facilitate our services ("Service Providers"). These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

6. Your Data Protection Rights

Subject to applicable laws, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.

  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.

  • Right to Erasure: You have the right to request that we erase your personal data under certain conditions.

  • Right to Object: You have the right to object to our processing of your personal data.

  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization or directly to you, under certain conditions.

To exercise any of these rights, please contact us at legal@altdigital.ai.

7. Transparency and Auditability

Enterprise clients may submit a formal request for:

  • A summary log of data processing activities associated with their tenant.

  • A description of AI model interactions involving their data.

  • Confirmation of data destruction following tenant closure.

AltDigital may support third-party audits or compliance reviews upon mutual agreement and subject to our confidentiality terms.

8. Handling of Sensitive Data During Support

We understand the highly sensitive nature of the data you entrust to the CADDY platform. To ensure the utmost integrity and confidentiality of this information, our support process is designed with intentional limitations and strict controls.

When you require technical assistance, we do not have "always-on" access to your raw, unencrypted data. Instead, our process operates on a "grant-and-revoke" basis.

  • On-Demand Access: If a support issue requires us to access your data, we will first ask for your explicit, temporary authorization. This access is granted solely for the purpose of resolving your specific issue.

  • Limited Scope: Our team will primarily use a dedicated, auditable admin interface. This tool allows us to troubleshoot and support you without direct, unfettered access to the underlying database.

  • Revocation: Once the support request is resolved, all temporary access to your data is immediately and automatically revoked.

This process ensures that our support team only interacts with your data when absolutely necessary and for a strictly limited duration. It is a fundamental part of our commitment to protecting your privacy and maintaining the security of your most sensitive business information.

9. Changes to This Policy

We may update our Policy from time to time. We will notify you of any material changes by posting the new policy on this page or by other appropriate means. You are advised to review this Policy periodically for any changes. The date of the last update will be clearly noted at the top of the policy.