Privacy Policy

Effective Date: March 2026

1. Data Controller

Kiloma Advanced Solutions Ltd.

• Address: Tel Aviv-Jaffa, Israel
• Email: privacy@fortai.eu
• Data Protection Officer: privacy@fortai.eu

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name
• Assessment Data: AI system descriptions, use cases, deployment contexts
• Communication: Support messages, feedback, survey responses

2.2 Automatically Collected Information

• Technical Data: IP address, browser type, device information
• Usage Data: Pages visited, features used, time spent
• Analytics: Aggregated usage patterns for service improvement

3. How We Use Your Information

• Service Provision: Deliver AI Act compliance assessments and reports
• Personalization: Customize your experience and recommendations
• Communication: Send service updates, security notices, and support responses
• Improvement: Enhance our services and develop new features
• Legal Compliance: Meet regulatory obligations and protect legal rights

4. Legal Basis for Processing

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Service improvement and business operations
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information in these limited circumstances:

• Service Providers: Trusted partners who assist in service delivery
• Legal Requirements: When required by law or legal process
• Business Transfers: In connection with mergers or acquisitions
• Protection: To protect rights, safety, or security

6. Your Rights

Under GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for consent-based processing

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit and at rest
• Regular security assessments and monitoring
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

8. Data Retention

We retain personal data only as long as necessary for:

• Providing our services
• Meeting legal obligations
• Resolving disputes
• Enforcing agreements

Assessment data is typically retained for 2 years unless you request earlier deletion.

9. International Transfers

If we transfer your data outside the EEA, we ensure appropriate safeguards through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Other approved transfer mechanisms

10. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or applicable law. We will notify you of significant changes via email or prominent notice on our website.

11. Contact Us

For questions about this privacy policy or to exercise your rights:

• Email: privacy@fortai.eu
• Subject Line: Privacy Request
• Response Time: Within 30 days

You also have the right to lodge a complaint with your local data protection authority.