Privacy Policy

1. Personal Data We Collect

We collect personal data in the following ways, ensuring minimal collection and purpose limitation as core privacy principles.

Information You Provide

We collect information that you voluntarily provide when using our Services, including:

• Account information such as your name, email address, contact details, phone number, professional affiliations, and demographic data (e.g., age range, location for research opt-ins).
• Content you submit, including inputs, interactions, responses, uploaded materials like medical scans, lab simulations, research hypotheses, or AI prompts in MatrixLab and Virtual Labs.
• Communication data when you contact us, provide feedback, participate in research-related activities, or join beta testing for Medical AI systems.

For example, if you upload a virtual lab experiment dataset, we may store it alongside your user ID to personalize future simulations. We never require sensitive data like biometric scans unless explicitly needed for Medical AI features, and even then, with your affirmative consent.

Information Collected Automatically

When you use our Services, we automatically collect certain data, including:

• Usage data such as your interactions, decisions, behavioral patterns, session duration, feature usage frequency, and AI model outputs you engage with.
• Technical data such as IP address, device type, browser information, operating system, screen resolution, and geolocation (approximated to city level for analytics).
• Log data including timestamps, session activity, system interactions, error reports, and performance metrics.

These are gathered via standard web technologies like server logs and analytics tools. For instance, in Virtual Labs, we track how users navigate simulation interfaces to refine user experience without identifying individuals unless linked to an account.

Private Information Handling

Private information—such as health data, financial details, or personally identifiable information (PII) beyond basic contact details—is treated with heightened care. We classify private information into categories: sensitive (e.g., medical history in AI diagnostics), confidential (e.g., research IP), and standard PII. Collection occurs only with explicit, granular consent, often via opt-in checkboxes. Private information is encrypted at rest and in transit using AES-256 standards, and access is role-based (e.g., researchers see anonymized aggregates only). We conduct Privacy Impact Assessments (PIAs) before processing any private information, documenting risks like re-identification and mitigation strategies such as pseudonymization.

2. How We Use Personal Data

We use personal data for the following purposes, always aligned with legitimate interests, consent, or contractual necessity:

• To provide, operate, and maintain our Services, such as generating personalized Virtual Lab simulations or Medical AI insights.
• To improve user experience and optimize platform performance through A/B testing and usability analytics.
• To conduct research on human reasoning, learning, and decision-making, aggregating data for non-commercial studies.
• To develop, train, and enhance AI systems and virtual lab environments, using de-identified datasets.
• To ensure security, detect misuse, and prevent fraudulent or harmful activity via anomaly detection algorithms.
• To communicate with users regarding updates, improvements, or important notices, like new Medical AI features.

Uses are logged with audit trails for accountability. For example, usage data from MatrixLab interactions might inform AI model fine-tuning, but only after stripping identifiers.

3. Research and AI Development

Explicity Foundation operates as a research-driven organization. As part of our mission, data collected through user interactions may be used for analytical and scientific purposes. This includes:

• Studying patterns of human decision-making and problem-solving in virtual environments.
• Improving simulation environments and AI systems for accuracy in medical diagnostics.
• Advancing research in healthcare, virtual experimentation, and intelligent systems.

By using our Services, you acknowledge and agree that your interactions may contribute to research, analysis, and system development. Participants can opt out via settings, and all research outputs are peer-reviewed for ethics. We publish anonymized findings in journals, crediting aggregate user contributions where appropriate.

4. Sharing and Disclosure of Data

We do not sell personal data. We may share data only in limited and necessary circumstances:

• With trusted service providers (such as hosting via AWS, analytics via Google Analytics, and infrastructure providers), bound by Data Processing Agreements (DPAs).
• When required to comply with applicable laws, regulations, or legal processes, such as subpoenas or DPDP notices in India.
• To protect the safety, rights, and integrity of our users, systems, and organization, e.g., reporting threats to authorities.

All third-party providers are required to handle data responsibly and in accordance with applicable privacy standards like ISO 27001. No sharing occurs for marketing.

Preventing Deceptive Use of AI

To combat deceptive AI applications, we implement strict controls on data sharing. For instance, outputs from Medical AI are watermarked to prevent misuse in deep fakes. Sharing is gated by user consent and purpose checks.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, including providing and maintaining our Services, conducting research, and meeting legal, regulatory, and security requirements. Retention periods may vary depending on the type of data and its use. Automated deletion tools enforce these, with notifications before purging.

6. Data Protection and Security

We implement appropriate technical, administrative, and organizational safeguards to protect personal data from unauthorized access, misuse, alteration, or loss. These include layered defenses like multi-factor authentication (MFA), end-to-end encryption, regular penetration testing (quarterly by certified firms), and zero-trust architecture. We use AI-driven threat detection to flag anomalies in real-time.

Safety Practices

Safety practices include firewalls, intrusion detection systems (IDS), data loss prevention (DLP) tools, and employee training on phishing. For Medical AI, we apply differential privacy to obscure individual contributions in training data. While we strive to maintain a high level of security, no system can guarantee absolute protection. Users are encouraged to exercise caution when sharing sensitive information, such as using strong passwords and avoiding public Wi-Fi for uploads.

In the event of a breach, we notify affected users within 72 hours (per GDPR) and regulators as required, detailing impacts and remedies.

7. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

• Improve functionality and user experience (essential cookies).
• Analyze usage patterns and platform performance (analytics cookies, e.g., Google Analytics).
• Maintain session preferences and system efficiency (performance cookies).

You can manage or disable cookies through your browser settings or our consent banner. Categories include:

• Strictly necessary: Always active.
• Preferences: Remember language/region.
• Statistics: Anonymized usage.
• Marketing: None used.

For detailed lists, see our Cookie Policy link in the footer.

8. Deep Fakes and AI-Generated Content Protections

Given our focus on advanced AI, we address risks from deep fakes—synthetic media mimicking real individuals, often for misinformation. Our Services:

• Embed invisible watermarks and metadata in all AI-generated images/videos (e.g., C2PA standards).
• Use detection algorithms to flag potential deep fakes in user uploads.
• Prohibit deceptive use via Terms of Service, with automated moderation.

Users can verify outputs via our "Authenticity Checker" tool, which analyzes provenance. We collaborate with initiatives like the Deepfake Detection Challenge for ongoing improvements.

9. Bias, Election Integrity, and Fair AI Practices

AI bias can undermine trust, especially in high-stakes areas like elections. We mitigate this through:

• Diverse training datasets audited for representation (e.g., gender, ethnicity, geography).
• Bias detection pipelines measuring metrics like demographic parity.
• Election-specific safeguards: No political data collection; geo-fencing high-risk periods to limit targeted content.

For Medical AI, bias audits ensure equitable diagnostics across demographics. Independent reviews occur biannually, with results public.

10. User Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal data, including:

• The right to access your personal data (downloadable reports).
• The right to request correction or deletion (processed within 30 days).
• The right to restrict or object to certain data processing activities (e.g., research opt-out).
• Rights to data portability and withdraw consent.

Requests can be made by contacting us directly at privacy@explicityfoundation.org. We verify identity via email/token and respond free of charge (up to twice yearly).

11. Children's Privacy and Child Safety

Our Services are not intended for children under the age of 13. If you are under 18, you must have permission from a parent or legal guardian to use our Services. We comply with COPPA (US), UK Age-Appropriate Design Code, and DPDP child protections.

Child Safety Measures

• Age gates at registration (self-declaration + device signals).
• No personalized ads or behavioral tracking for minors.

Introducing Parental Controls

Parents/guardians can create family accounts to monitor activity, set time limits, approve uploads, and review AI interactions. Controls include content filters (e.g., block sensitive Medical AI topics), usage reports, and one-click pause. Setup requires verified parental identity (e.g., credit card micro-charge). Violations trigger account suspension.

Safety practices include age-appropriate design reviews and reporting hotlines.

12. Preventing Deceptive Use of AI (Expanded)

Beyond sharing, we proactively prevent deceptive AI use:

• Input/output filters block harmful prompts (e.g., election misinformation).
• Rate limiting on high-risk features.
• User reporting tools with rapid response (under 24 hours).

Our AI Risk Governance Framework integrates these, with ethical red-teaming.

13. International Data Transfers

Data may be processed in the US, EU, and India. We use Standard Contractual Clauses (SCCs), adequacy decisions, and Binding Corporate Rules for transfers, ensuring equivalent protections.

14. Third-Party Links and Services

Services may link to external sites; we are not responsible for their privacy practices. We recommend you review their policies before engaging.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. We will notify users of significant updates where appropriate via email or in-app banners. Continued use of our Services after updates constitutes acceptance of the revised policy. Minor edits (e.g., contact info) do not trigger notices.