Star Data and AI Advisory LLC — Privacy Policy

1) Who We Are and How to Contact Us

Star Data and AI Advisory LLC ("Star Data," "Company," "we," "us," or "our") operates this website and related digital services. We are an Illinois S-corporation specializing in data science and artificial intelligence advisory services. As the data controller, we are responsible for determining how and why personal information is processed through our website and services, unless otherwise specified in this policy.

For all privacy-related inquiries, requests, or concerns, you may contact us at the email at the end of this document. We will address privacy requests in accordance with applicable legal requirements.

This Privacy Policy applies to all personal information we collect through our website, mobile applications, email communications, social media interactions, and any other digital touchpoints where this policy is referenced or linked.

2) Information We Collect and How We Collect It

We collect several categories of information to provide, maintain, and improve our services. This includes both information you voluntarily provide to us and information we automatically collect when you interact with our website and services.

Information You Provide Directly: When you register for an account, make a purchase, subscribe to our newsletter, contact us, or engage with our services, you may provide us with: personal identifiers such as your name, email address, phone number, postal address, and date of birth; professional information including your job title, company name, industry, and business contact details; financial information such as billing address and payment method details (though we do not store complete credit card numbers); account credentials including username and password; communication content such as messages, comments, feedback, reviews, and support inquiries; demographic information such as age range, interests, and preferences; and any other information you choose to provide in forms, surveys, or direct communications.

Automatically Collected Information: When you visit our website or use our services, we automatically collect certain technical and usage information through cookies, web beacons, and similar technologies: device information including IP address, browser type and version, operating system, device identifiers, and screen resolution; usage data such as pages visited, time spent on pages, click-through rates, search queries, referral sources, and exit pages; location information derived from IP address for general geographic region; session information including timestamps, session duration, and interaction patterns; and performance data such as page load times and error reports.

Information from Third Parties: We may receive limited information about you from service providers and business partners, including: payment processors providing transaction status and fraud prevention signals; email service providers delivering engagement metrics and delivery confirmations; analytics services offering aggregated usage insights; customer support platforms facilitating service interactions; and social media platforms when you interact with our content or choose to connect your accounts.

3) How We Use Your Information

We process your personal information for various legitimate business purposes, always in accordance with applicable data protection laws. Our primary uses include providing and improving our services, communicating with users, ensuring security, and fulfilling legal obligations.

Service Provision and Management: We use your information to operate, maintain, and improve our website and services; create and manage user accounts; process transactions and deliver purchased products or services; provide customer support and respond to inquiries; personalize your experience and content recommendations; send transactional communications such as order confirmations, account notifications, and service updates; and fulfill our contractual obligations to you.

Communication and Marketing: With your consent where required by law, we may use your contact information to send you newsletters, promotional materials, and updates about our services; notify you about new products, features, or educational content that may interest you; conduct surveys and gather feedback to improve our services; and invite you to participate in events, webinars, or special programs.

Analytics and Improvement: We analyze usage patterns and user behavior to understand how our services are used; identify areas for improvement and develop new features; measure the effectiveness of our marketing campaigns; conduct research and data analysis to enhance user experience; and generate aggregated, de-identified insights for business intelligence purposes.

Security and Legal Compliance: We process information to detect, prevent, and respond to fraud, abuse, and security threats; enforce our Terms of Service and other policies; comply with applicable laws, regulations, and legal processes; respond to lawful requests from government authorities; and protect the rights, property, and safety of our users, employees, and business.

4) Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your browsing experience, analyze site usage, and provide personalized content. Cookies are small text files stored on your device that help us recognize you on future visits and remember your preferences.

Types of Cookies We Use: Essential cookies that are necessary for basic website functionality and cannot be disabled; performance cookies that help us understand how visitors interact with our website by collecting anonymous usage statistics; functional cookies that remember your preferences and settings to improve your experience; and analytics cookies that provide insights into site traffic and user behavior patterns.

Managing Cookie Preferences: You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific websites. However, please note that disabling certain cookies may limit your ability to use some features of our website. We provide cookie preference management tools where technically feasible.

We do not currently respond to "Do Not Track" signals from browsers, as there is no universal standard for how such signals should be interpreted or implemented.

5) Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your information in certain limited circumstances as described below, always with appropriate safeguards to protect your privacy.

Service Providers and Vendors: We share information with trusted third-party service providers who assist us in operating our website and delivering our services, including: web hosting and cloud storage providers; payment processors and financial service providers; email marketing and communication platforms; customer support and help desk services; analytics and performance monitoring tools; cybersecurity and fraud prevention services; and professional service providers such as legal counsel and accountants. These service providers are contractually bound to protect your information and use it only for the specific purposes we authorize.

Legal Requirements and Protection: We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to: comply with legal obligations, court orders, subpoenas, or government requests; protect and defend our rights, property, and safety or that of our users and the public; enforce our Terms of Service and other agreements; investigate and prevent fraud, security breaches, or other illegal activities; and respond to claims that content violates third-party rights.

Business Transactions: In the event of a merger, acquisition, reorganization, sale of assets, or other business transaction involving Star Data, your personal information may be transferred to the acquiring entity or successor organization. We will provide notice of such transfer and any changes to this Privacy Policy that may result from the transaction.

Aggregated and De-identified Data: We may share aggregated, statistical, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes.

6) International Data Transfers

Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers and service providers may be located. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal information internationally, we implement appropriate safeguards to ensure your information receives adequate protection, including: using Standard Contractual Clauses approved by relevant authorities; ensuring transfers are to countries with adequacy decisions; implementing additional security measures and contractual protections; and complying with applicable cross-border data transfer requirements.

For residents of the European Union, United Kingdom, or other regions with specific data transfer requirements, we ensure that international transfers comply with applicable legal frameworks, including GDPR Article 44-49 and UK-GDPR equivalents.

7) Data Retention Practices

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and protect our legitimate business interests.

General Retention Periods: Account information is retained while your account is active and for up to 7 years after account closure for legal compliance purposes; transaction and purchase records are kept for up to 7 years for tax, accounting, and legal requirements; marketing communications preferences are maintained until you unsubscribe or we no longer have a legitimate basis for processing; technical logs and analytics data are typically retained for 24-36 months; and customer support interactions are kept for up to 3 years to improve service quality and resolve potential disputes.

When personal information is no longer needed, we securely delete or anonymize it using industry-standard data destruction methods. Some information may be retained in aggregated or de-identified form for analytical and research purposes.

8) Security Measures and Data Protection

We implement comprehensive security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security program includes administrative, technical, and physical safeguards appropriate to the sensitivity of the information and the size and complexity of our operations.

Technical Safeguards: We employ encryption for data transmission and storage; secure socket layer (SSL) technology for website connections; firewalls and intrusion detection systems; regular security updates and patch management; access controls and authentication mechanisms; and secure backup and recovery procedures.

Administrative Safeguards: Our team receives privacy and security training; we maintain incident response procedures; conduct periodic security assessments; implement role-based access controls limiting data access to authorized personnel; and maintain vendor management programs with appropriate security standards.

While we strive to protect your personal information, no security system is impenetrable, and we cannot guarantee absolute security. In the event of a data breach that poses a risk to your privacy rights, we will notify affected users and relevant authorities as required by applicable law.

9) Your Privacy Rights and Choices

You have several rights and choices regarding your personal information, depending on your location and applicable privacy laws. We respect these rights and provide mechanisms for you to exercise them.

General Rights: You can update your account information and preferences through your account settings; unsubscribe from marketing emails using the links provided in those emails or by contacting us directly; manage cookie preferences through your browser settings; request information about how we process your personal data; and contact us with questions or concerns about our privacy practices.

Enhanced Rights for Certain Jurisdictions: Residents of California, Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws, as well as individuals in the European Economic Area, United Kingdom, and other GDPR-covered territories, may have additional rights including: the right to access personal information we hold about you; the right to correct inaccurate or incomplete information; the right to delete personal information in certain circumstances; the right to restrict or object to certain processing activities; the right to data portability for information you provided to us; and the right to opt out of the sale of personal information or targeted advertising (where applicable).

To exercise these rights, contact us with the information at the end of this document. We may need to verify your identity before processing requests to protect privacy and security. We will address verified requests as required by applicable law.

10) Children's Privacy Protection

Our website and services are intended for users who are at least 13 years of age. We do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA) and other applicable laws.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our systems without unnecessary delay and will not use such information for any purpose. We will also terminate any account associated with such information.

If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us immediately via email so we may address the situation promptly. We encourage parents and guardians to monitor their children's internet usage and to help enforce this Privacy Policy by instructing their children never to provide personal information without permission.

11) Third-Party Links and External Services

Our website may contain links to external websites, social media platforms, or third-party services that are not owned or operated by Star Data. These links are provided for your convenience and informational purposes only and do not constitute an endorsement of the linked sites or their privacy practices.

This Privacy Policy applies only to our website and services. When you click on links to other websites or interact with third-party services, you will be subject to those parties' privacy policies and terms of service. We strongly encourage you to review the privacy policies of any external sites you visit, as their data collection and use practices may differ significantly from ours.

We are not responsible for the privacy practices, security measures, or content of third-party websites or services, and we disclaim any liability for your interactions with such external parties.

12) Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make changes, we will post the updated policy on this page with a new effective date at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If we make material changes that significantly affect how we collect, use, or share your personal information, we will provide additional notice through email notification to registered users, prominent notice on our website, or other appropriate communication methods. For users with active paid subscriptions or accounts, we will provide at least 30 days' advance notice of material changes.

Your continued use of our website and services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue using our services and may request deletion of your personal information as permitted by applicable law.

13) California Privacy Rights (CCPA/CPRA)

California residents have specific privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.

Categories of Personal Information We Collect: We may collect the following categories of personal information from California residents: identifiers such as name, address, email, IP address, and account credentials; personal information described in Cal. Civ. Code § 1798.80(e) such as contact details and financial information; commercial information including purchase history and preferences; internet or electronic network activity including browsing behavior and site interactions; geolocation data derived from IP addresses; audio, electronic, visual, or similar information when provided; professional or employment-related information; and inferences drawn from any of the above to create profiles about preferences and characteristics.

Your California Privacy Rights: You have the right to request disclosure of specific pieces and categories of personal information we have collected about you; request deletion of personal information we have collected, subject to certain exceptions; request correction of inaccurate personal information; opt out of the sale or sharing of personal information for targeted advertising (note: we do not currently sell personal information); and receive equal service and pricing even if you exercise your privacy rights.

To exercise these rights, contact us or submit a request through our website. We will verify your identity before processing requests and respond within 45 days, with possible extension of 45 additional days for complex requests.

14) European Privacy Rights (GDPR)

For individuals in the European Economic Area, United Kingdom, and other regions where the General Data Protection Regulation (GDPR) or equivalent laws apply, we process your personal information in accordance with these regulations and provide additional rights and protections.

Legal Bases for Processing: We process your personal information based on the following legal grounds: performance of a contract when necessary to provide services you've requested; legitimate interests for business operations, security, and service improvement; consent for marketing communications and non-essential cookies; and legal obligation to comply with applicable laws and regulations.

Your GDPR Rights: You have the right to access your personal information and receive a copy in a structured format; rectify inaccurate or incomplete personal information; erase personal information in certain circumstances; restrict processing when certain conditions are met; object to processing based on legitimate interests; receive personal information in a portable format for transfer to another service; withdraw consent where processing is based on consent; and lodge a complaint with your local data protection authority.

15) State Privacy Laws Compliance

In addition to California and European regulations, we comply with privacy laws in other U.S. states that have enacted comprehensive privacy legislation, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and any other applicable state privacy laws.

Residents of these states generally have rights similar to those described in our California section, including rights to access, correct, delete, and obtain copies of personal information, as well as opt out of targeted advertising and certain types of profiling. The specific rights available may vary by state, and we will honor requests in accordance with applicable state law requirements.

16) Contact Information

For questions, concerns, or requests related to this Privacy Policy or our privacy practices, you may contact us at:

Attn: Privacy Officer

Star Data and AI Advisory LLC

Email: terms@markkhoury.me