Privacy Policy

Effective Date: April 30, 2026

View previous versions

At First AI Corp. ("Justee", "we", "us", or "our"), accessible from justee.ai, we are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you use our website, applications, and services (collectively, the "Services"). This policy applies to all users of our Services in the United States, including legal professionals, corporate personnel, clients, authorized representatives, and visitors. It is intended to comply with applicable privacy laws in the United States, including, but not limited to, the California Consumer Privacy Act ("CCPA"), California Privacy Rights Act ("CPRA"), California Online Privacy Protection Act ("CalOPPA"), Delaware Online Privacy and Protection Act ("DOPPA"), and other relevant federal and state laws.

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person, including, but not limited to, names, identification numbers, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

Sensitive Personal Data: Categories of Personal Data that require special protection under applicable laws, including, but not limited to, health information, financial data, political opinions, racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic and biometric data, sexual orientation, and data concerning minors or vulnerable individuals.

Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means, including, but not limited to, collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

User: Any individual or entity using our Services, including, but not limited to, legal professionals (such as attorneys, paralegals, legal assistants), human resources professionals, compliance officers, business managers, consultants, clients, employees, authorized representatives, and visitors.

Authorized Agent: A person or entity registered with the Secretary of State that a consumer has authorized to act on their behalf to exercise their rights under applicable laws.

2. Personal Data We Collect

2.1 Personal Data You Provide

Account Information: Users: We collect Personal Data from all users when you create an account, fill out forms, or interact with our Services. This includes, but is not limited to, your name, email address, mailing address, phone number, company name or organization, professional credentials, job title, identification numbers (e.g., tax ID, Social Security Number), payment and billing information, date of birth, username, and password. We also collect your home state or jurisdiction to provide you with jurisdiction-specific legal information and services.

Profile Picture: You may upload a custom profile picture through your account settings. Alternatively, if you sign in using a social login provider (Google or LinkedIn), your profile picture from that service may be displayed within our Services. All uploaded profile pictures are subject to our content moderation policies and may be scanned using automated technologies to detect prohibited content. You may update or remove your profile picture at any time through your account settings.

User Content: Any Personal Data you choose to provide when using our Services, including, but not limited to, documents, files, images, audio recordings, and other content you upload or transmit. This may include sensitive information about third parties, including, but not limited to, private individuals, businesses, or underaged minors, such as medical records, employment contracts, financial statements, tax information, addresses, phone numbers, positions, salaries, and other confidential or proprietary information.

Communication Information: Information you provide when you communicate with us through any medium, including, but not limited to, email, phone calls, social media interactions, or other communication channels. This may include your name, contact information, and the contents of your communications.

Other Information: Additional information you may provide, including, but not limited to, responses to surveys or questionnaires, participation in promotions or events, feedback, testimonials, or information provided to verify your identity or age.

2.2 Personal Data We Collect Automatically

Log Data: When you access or use our Services, our servers automatically record information ("Log Data"), including, but not limited to, your Internet Protocol (IP) address, browser type and settings, device information, the date and time of your request, pages viewed, links clicked, and how you interact with our Services.

Usage Data: We collect information about your use of the Services, including, but not limited to, the types of content you view or engage with, the features you use, actions you take, time zone settings, country and language preferences, dates and times of access, user agent and version, operating system, and other diagnostic data.

Device Information: Information about the device you use to access our Services, including, but not limited to, device type, model, manufacturer, unique device identifiers, operating system, browser type, and mobile network information.

Location Information: We may collect information about your approximate location, such as your country or city, based on your IP address. With your explicit consent, we may also collect precise geolocation data from your device.

Cookies and Similar Technologies: We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your browsing activities and enhance your experience. For more details, please refer to Section 11 of this Privacy Policy.

3. Personal Data We Receive from Other Sources

Third-Party Services: We may receive information from third-party partners, including, but not limited to, security service providers who help us prevent fraud and abuse, advertising and marketing partners who provide us with leads and prospect information, and data enrichment services.

Social Media and Single Sign-On Services: If you choose to register, log in, or connect your account via third-party platforms (e.g., Google, LinkedIn), we receive Personal Data from these services to create and maintain your account. The specific data we collect includes:

• Google Sign-In: When you sign up or log in with Google, we receive your name, email address, and profile picture URL from your Google account. We use this information to create your account, authenticate your identity, and display your profile picture within our Services.
• LinkedIn Sign-In: When you sign up or log in with LinkedIn, we receive your name, email address, and profile picture URL from your LinkedIn account. We use this information to create your account, authenticate your identity, and display your profile picture within our Services.

Your profile picture from these services is stored as a URL reference and is displayed within our Services. You may update or remove your profile picture through your account settings at any time.

Account Linking: If you sign up using one social login provider and later sign in using a different provider associated with the same email address, we automatically link these social accounts to your single Justee account. This linking is based on the verified email address from each provider. As a result:

• Personal data from both social providers (name, email, profile picture) may be associated with your account.
• Your most recent social login may update your profile picture.
• All your documents, analyses, and account data remain unified under one account.

We perform this linking to provide a seamless experience and prevent duplicate accounts. If you prefer to maintain separate accounts, please use different email addresses for different social providers.

Public Sources: We may collect information about you from publicly available sources, including, but not limited to, public databases, social media platforms, professional networking sites, and other third-party sources.

4. How We Use Your Personal Data

We may use your Personal Data for various purposes, including, but not limited to:

Service Provision: To operate, maintain, and provide you with access to our Services, including processing transactions, authenticating users, providing customer support, and facilitating communication between users. This includes automated document processing such as text extraction, contract comparison, and visual analysis to detect changes including but not limited to text modifications, signatures, stamps, form fields, annotations, and hidden content.

Service Improvement and Research: To analyze usage trends, monitor the effectiveness of our Services, develop new features, products, or services, and conduct research and analytics to enhance user experience.

Communication: To send you administrative information, including updates to our terms, policies, security alerts, and support messages. To respond to your inquiries, comments, feedback, or requests.

Marketing and Promotional Activities: To send you marketing communications that may be of interest to you, including newsletters, promotions, surveys, and information about events or webinars, in accordance with your communication preferences.

Security and Fraud Prevention: To monitor, detect, and prevent fraudulent, unauthorized, or illegal activities, including security breaches, cyber-attacks, identity theft, and other malicious activities.

Content Moderation: To scan uploaded content (including profile pictures, documents, and other files) using automated technologies, including artificial intelligence-based image analysis services (such as Amazon Rekognition), to detect and prevent the upload of prohibited content including explicit, violent, or illegal material. This processing is necessary to maintain a safe environment for all users, comply with legal obligations, and enforce our Terms of Use.

Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including tax obligations, reporting requirements, and responding to legal inquiries.

Aggregate or De-Identified Data: To create aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for purposes including research, analytics, and improvement of our Services.

4.1 AI-Powered Features

We use third-party artificial intelligence services to power certain features of our Services, including document analysis, contract review, AI chat assistance, and content improvement suggestions. When you use these features, your input (including document content, chat messages, and text selections) may be processed by our AI service providers.

No Training on Your Data: We do not use your data to train or fine-tune AI models. Our primary AI service provider, Google (Gemini API), has confirmed that for paid (billed) API tier usage, prompts and responses are not used to train or improve Google's models. We also use OpenAI's API to generate text embeddings (numerical representations used for semantic search and retrieval); OpenAI has confirmed that data sent to their API is not used to train or improve their models by default. We have not opted in to data-sharing arrangements with either provider.

AI Accuracy Disclaimer: AI-generated content, including document analyses, contract reviews, chat responses, and improvement suggestions, is provided for informational purposes only and may contain errors, inaccuracies, or omissions. You should not rely solely on AI-generated content for legal, financial, medical, or other professional decisions. Always review AI-generated content carefully and consult with qualified professionals when making important decisions. We do not guarantee the accuracy, completeness, or reliability of any AI-generated content, and we disclaim all liability for any actions taken based on such content.

4.2 PII Detection and Pseudonymization

We employ automated personally identifiable information (PII) detection and pseudonymization technology as a privacy-enhancing measure. When you upload documents for compliance review or send messages through our AI chat assistant, our system scans the content for PII — including names, Social Security numbers, email addresses, phone numbers, physical addresses, dates of birth, credit card and bank account numbers, driver's license and passport numbers, tax identifiers, and medical provider identifiers — and replaces detected PII with anonymous placeholder codes before the content is transmitted to our AI service providers for processing.

How Pseudonymization Works: Detected PII is replaced with randomized alphanumeric codes (e.g., "a7f3b2_PER_1") before AI processing. The mapping between codes and original values exists only during your active processing session and is used solely to restore the original values in the AI-generated response you receive. PII mappings are not stored persistently and are discarded after the processing session concludes.

Coverage: Our PII detection system is designed to detect a wide range of common PII types, including names, Social Security numbers, email addresses, phone numbers, dates of birth, physical addresses, credit card numbers, driver's license numbers, and passport numbers. However, no automated PII detection system can guarantee identification of all personally identifiable information in all document formats, languages, and contexts. Detection accuracy may vary depending on document structure, formatting, and the nature of the information contained. Certain uncommon PII types — including cryptocurrency wallet addresses, MAC addresses, and non-standard financial identifiers — may not be automatically detected. You should not rely solely on automated detection and should review documents for sensitive information before uploading.

Scope: PII detection applies to documents submitted for compliance review, the first document uploaded to a chat thread, and user messages sent through the AI chat assistant.

Limitations: PII detection is an automated best-effort technology provided on an "as is" basis and is not guaranteed to identify all types of PII in all types of documents, file formats, or languages. Detection accuracy may vary depending on document formatting, language complexity, and PII presentation. The PII detection system may also be temporarily unavailable due to maintenance, system load, or technical issues; in such circumstances, document processing may proceed without PII detection active. This feature is provided as a supplementary privacy-enhancing measure and does not replace your responsibility to review and redact sensitive information from documents before uploading. You are solely responsible for all content you upload to the Service, including ensuring that documents do not contain personal information you are not authorized to share. We strongly recommend that you remove or redact all sensitive personal information from documents before uploading.

5. Disclosure of Personal Data

We may disclose your Personal Data to third parties under the following circumstances, including, but not limited to:

5.1 Vendors and Service Providers

We may share your Personal Data with trusted third-party vendors, consultants, and service providers who perform services on our behalf, including, but not limited to:

Hosting and Cloud Computing Services: Such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform.

Payment Processors: Including Stripe, PayPal, or other financial institutions.

Customer Support and Live Chat Providers: Including Tawk.to for live chat support, helpdesk software, call centers, and support ticketing systems. When you use our live chat feature, Tawk.to may collect your name, email address (if provided), chat messages, IP address, browser type, and pages visited to facilitate real-time support and improve service quality.

Analytics and Marketing Services: Such as Google Analytics, PostHog, or other analytics tools.

Security and Fraud Prevention Services: Including identity verification services, security consultants, and anti-fraud platforms.

Content Moderation Services: Including Amazon Rekognition for automated image analysis to detect and prevent prohibited content uploads. When you upload images (such as profile pictures), they may be analyzed by these services to ensure compliance with our content policies.

Artificial Intelligence Services: Including Google (Gemini API), for powering AI-assisted features such as document analysis, contract review, chat assistance, and content improvement suggestions; and OpenAI, for generating text embeddings used in semantic search and retrieval. When you use these features, your input (including document content and chat messages) may be processed by these AI service providers. Google's Gemini API data policy states that, for paid (billed) API tier usage, prompts and responses are not used to train or improve Google's models. OpenAI's API data policy states that data sent to their API is not used to train or improve their models unless explicitly opted in. We have not opted in to data sharing with either provider.

Content Delivery Networks (CDNs): Such as Cloudflare or Akamai, for efficient delivery of content.

Email and Communication Services: Including SendGrid, Mailchimp, or other email service providers.

Advertising Networks and Platforms: Including Google Ads, Facebook Ads, LinkedIn Marketing Solutions.

Affiliate and Partner Program Services: Including PartnerStack, for managing our affiliate and referral partner program. When you arrive at our website via a partner referral link and subsequently make a purchase, PartnerStack receives information necessary to attribute the referral, including your email address, name (as provided during checkout), and transaction details. This enables us to compensate our referral partners for successful customer acquisitions.

These service providers are contractually obligated to protect your Personal Data and use it only as necessary to provide services to us.

5.2 Business Transfers

In connection with any merger, sale of company assets, financing, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or transition of service to another provider, we may transfer or assign your Personal Data, including due diligence processes or as part of the transaction.

5.3 Legal Obligations and Rights

We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to:

Comply with Legal Obligations: Such as subpoenas, court orders, or legal processes.

Protect and Defend Rights: To protect and defend our rights, property, or safety, and those of our users or others.

Prevent Fraud or Illegal Activities: To investigate, prevent, or take action regarding suspected or actual illegal activities, fraud, or security issues.

5.4 Affiliates

We may share your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under common control (collectively, "Affiliates") for purposes consistent with this Privacy Policy.

5.5 Business Account Administrators

If you access our Services through a business or enterprise account, your Personal Data may be accessible to the account administrators and authorized users within your organization.

5.6 Social Media Platforms

Our Services may include social media features, such as the Facebook "Like" button or Twitter "Tweet" button, which may collect your IP address, page interactions, and set cookies. Your interactions with these features are governed by the privacy policies of the respective platforms.

5.7 Other Users and Third Parties

Information you choose to share on public areas of our Services, such as forums, blogs, or community features, may be viewed and used by others. We are not responsible for the information you choose to submit in these public areas.

5.8 Document Sharing Features

Registered users may share their document analyses with others through our sharing features. When you use these features, the following data processing occurs:

Private Sharing by Email: When you share an analysis with specific individuals by email, we collect and process the email addresses you provide for the purpose of: (a) granting access to registered users with matching accounts; (b) sending invitation emails to non-registered recipients; and (c) maintaining records of sharing permissions. Email addresses provided for sharing purposes are retained for as long as the sharing relationship exists or until you revoke the share. We do not use these email addresses for marketing purposes.

Public Link Sharing: When you enable a public link for your analysis, the analysis content becomes accessible to anyone who obtains the link URL. This includes the full text of the analysis, any AI-generated insights, and document metadata. We implement rate limiting and bot detection measures for public link access, but we cannot guarantee that public content will not be accessed, copied, or redistributed by recipients.

Recipient Data: When someone accesses a shared analysis, we may collect their IP address, browser information, and access timestamps for security monitoring and rate limiting purposes. For authenticated users, we also record their user identifier to maintain sharing records.

Your Responsibility: You are solely responsible for ensuring that any documents or analyses you share do not contain Personal Data of third parties that you are not authorized to disclose. Before sharing, you should review the content for sensitive information including but not limited to names, addresses, financial details, health information, or any other Personal Data subject to privacy laws or confidentiality obligations.

5.9 Internal Administrator Access

Authorized administrators of Justee may access user-generated content for legitimate business purposes. This includes access to:

• Document Analyses: Uploaded documents and their AI-generated analysis results.
• Document Comparisons: Documents submitted for comparison and the resulting difference reports.
• Chat Conversations: Chat threads and message history from interactions with our AI assistant.
• Usage Patterns: Information about how you use our Services, including feature usage and session data.

Purposes of Administrator Access: This access is used exclusively for:

• Providing customer support and troubleshooting technical issues
• Investigating reported problems or service quality concerns
• Understanding usage patterns to improve our Services
• Ensuring platform security and detecting abuse
• Complying with legal obligations

Access Controls: Administrator access is strictly limited to authorized personnel who have signed confidentiality agreements. All access is logged and subject to internal audit. We implement role-based access controls to ensure that administrators can only view data necessary for their specific responsibilities.

6. International Data Access and Transfers

First AI Corp. is a United States company headquartered in Delaware. Your Personal Data is stored on servers located in the United States.

Global Team Access: Our authorized personnel may access your data from various locations worldwide to provide customer support, ensure platform security, investigate issues, and maintain our Services. We maintain consistent security standards and access controls regardless of where our team members are located, including:

• Role-based access limited to authorized personnel only
• Audit logging of access to sensitive user data
• Multi-factor authentication for administrative access
• Confidentiality obligations for all personnel

United States Law: Our Services are designed for users in the United States and are governed exclusively by United States law. We operate under United States data protection standards and do not undertake compliance with foreign data protection regulations.

Your Consent: By creating an account and using our Services, you explicitly consent to: (a) the storage of your data in the United States; and (b) access to your data by our personnel from locations worldwide. If you do not consent to these practices, please do not use our Services.

7. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction, including, but not limited to:

Encryption: We use encryption protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS), to protect data transmitted over the Internet.

Access Controls: We limit access to your Personal Data to authorized personnel who need it for their job responsibilities.

Monitoring and Testing: We regularly monitor our systems for vulnerabilities and conduct penetration testing.

Incident Response Plans: We have procedures in place to respond to security incidents and data breaches.

Data Storage Security: We employ firewalls, intrusion detection systems, and secure data centers to safeguard stored data.

Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Factors influencing retention periods include, but are not limited to:

Legal and Regulatory Requirements: Compliance with legal obligations, tax laws, and regulatory guidelines.

Contractual Obligations: Obligations arising from contracts and agreements.

Business Needs: Operational requirements, such as account maintenance, dispute resolution, and enforcing our agreements.

When Personal Data is no longer needed, we will securely delete, anonymize, or de-identify it.

8.1 Account Deletion

You may delete your account at any time through your account settings. To protect against unauthorized deletion, you will be required to type "DELETE" to confirm, and for accounts with password authentication, you must also enter your current password. When you delete your account, we permanently delete the following data:

• Your profile information (name, email, preferences)
• All documents you have uploaded to our Services
• All document analyses and their results
• Your subscription and payment history records in our system
• Your profile picture (whether uploaded or received from social login providers)
• Social account connections (Google, LinkedIn)
• All saved preferences and settings

Important: Account deletion is permanent and cannot be undone. Once your account is deleted, we cannot recover any of your data, documents, or analyses. We recommend downloading any important documents or data before deleting your account.

Data Retention After Deletion: Certain information may be retained after account deletion as required or permitted by law, including:

• Transaction Records: Payment and billing records for tax and accounting purposes, as required by applicable financial regulations.
• System Logs: Our system logs are not deleted upon account deletion. These logs may contain information related to your account activity, including your user identifier, email address, document names, document metadata, analysis requests and results, error messages (which may include content excerpts for debugging purposes), IP addresses, timestamps, and other technical information. We retain these logs for security monitoring, fraud prevention, debugging, service improvement, and legal compliance purposes.
• Legal Compliance Data: Any data necessary to comply with legal obligations, resolve disputes, defend against legal claims, or enforce our agreements.

System logs are retained for a period consistent with our security and operational needs, typically up to 24 months, unless a longer retention period is required for ongoing legal matters or regulatory compliance. This retention is permitted under California (CCPA/CPRA) and Delaware (DOPPA) privacy laws for legitimate business purposes including security, fraud prevention, and legal compliance.

8.2 Anonymous Analysis Retention

Users who submit documents for analysis without creating an account ("Anonymous Users") receive temporary access to their analysis results. Anonymous Analyses are retained for twenty-four (24) hours from the time of creation, after which:

• The analysis results become permanently inaccessible via the unique URL
• The uploaded document and analysis data are scheduled for deletion
• No Personal Data from Anonymous Analyses is retained beyond the expiration period, except for aggregate, anonymized usage statistics

Anonymous Users who wish to retain permanent access to their analyses should create a registered account before the 24-hour expiration period. Anonymous Analyses cannot be transferred to a registered account after expiration.

8.3 Shared Analysis Retention

Analyses that have been shared with other users are retained for as long as the owner's account exists and the sharing relationship is active. If the owner deletes their account, all shared analyses are also deleted and recipients will lose access. If the owner removes a specific sharing permission, the recipient immediately loses access to that analysis.

9. Children's Privacy

Our Services are not intended for users under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18. If you are under 18 years of age and have posted content or information on our Services that you wish to remove, please contact us at

with details of the content or information, and we will make reasonable efforts to remove it, subject to applicable laws.

10. Your Rights and Choices

10.1 Rights for California Residents

Under the CCPA and CPRA, California residents have specific rights regarding their Personal Information, including, but not limited to:

Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources from which it was collected, the business or commercial purpose for collecting, selling, or sharing, and the categories of third parties with whom we share it.

Right to Delete: Request deletion of Personal Information we have collected from you, subject to certain exceptions.

Right to Correct: Request correction of inaccurate Personal Information.

Right to Opt-Out of Sale or Sharing: Opt-out of the sale or sharing of your Personal Information to third parties.

Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of your sensitive Personal Information to that which is necessary to perform the Services or provide the goods reasonably expected by an average consumer.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under the CCPA or CPRA.

10.2 How to Exercise Your Rights

To exercise your rights, please contact us using one of the following methods:

Email:

Mailing Address: First AI Corp, 1151 Walker Rd Ste 100 PMB 420, Dover, DE 19904, USA

Phone: +1 (650) 924-9231

Please include your name, contact information, and a detailed description of your request. We may need to verify your identity before processing your request, which may involve asking for additional information or documentation.

Authorized Agents: If you are submitting a request on behalf of another person, you must provide proof of your authorization, such as a power of attorney, and may be required to verify the individual's identity directly with us.

10.3 Right to Opt-Out of Sale or Sharing

We do not sell Personal Information for monetary consideration. However, under the CCPA and CPRA, sharing of Personal Information for advertising or marketing purposes may be considered a "sale" or "sharing." California residents have the right to opt-out of the sale or sharing of their Personal Information.

To exercise this right, please:

Click on the "Do Not Sell or Share My Personal Information" link located at the bottom of our website.

Fill out the form provided or contact us directly at

.

Scope of the opt-out link: The "Do Not Sell or Share My Personal Information" link opts you out of the categories of processing that constitute a "sale" or "sharing" of Personal Information under the CCPA/CPRA. In our current configuration, this means disabling Google Analytics and PartnerStack affiliate referral tracking. First-party product analytics (PostHog) and customer-support tools (Tawk.to) operate as service providers under CCPA and are not within the scope of the opt-out link. You may independently manage consent for those services at any time using the "Privacy settings" link in the footer.

10.4 Right to Limit Use of Sensitive Personal Information

You may request that we limit the use and disclosure of your sensitive Personal Information. To do so, please:

Contact us at

with your request.

Specify the types of sensitive Personal Information you wish to limit.

11. Cookies and Similar Tracking Technologies

11.1 What Are Cookies?

Cookies are small data files stored on your device when you visit websites. They are widely used to make websites work efficiently, enhance user experience, and provide information to website owners.

11.2 How We Use Cookies

We use cookies and similar tracking technologies for various purposes, including, but not limited to:

Essential Cookies: Necessary for the operation of our Services, enabling core functionalities such as security, network management, and accessibility.

Performance and Analytics Cookies: Collect information about how you use our Services to improve performance and user experience.

Functionality Cookies: Remember your preferences and settings to personalize your experience.

Advertising and Targeting Cookies: Deliver relevant advertisements and track ad campaign performance.

11.3 Third-Party Cookies

We may allow third-party service providers to use cookies and similar technologies on our Services, including, but not limited to:

Analytics Providers:

• Google Analytics: For analyzing website traffic, usage patterns, and supporting Google Ads conversion tracking and remarketing.
• PostHog: For product analytics, user behavior analysis, and website optimization.

Advertising Networks:

• Google Ads: For delivering targeted advertisements.

Social Media and Login Services:

• Google Sign-In: For user authentication. When you use Google Sign-In, we receive your name, email address, and profile picture to create or access your account.
• LinkedIn Sign-In: For user authentication. When you use LinkedIn Sign-In, we receive your name, email address, and profile picture to create or access your account.

Live Chat and Customer Support:

• Tawk.to: For providing real-time live chat support. Tawk.to may set cookies to identify returning visitors, maintain chat sessions, and track pages visited to provide contextual support.

Content Delivery and Security:

• AWS Cloudfront: For content delivery optimization and security enhancements.

Web Fonts:

• Self-hosted fonts: We use the Plus Jakarta Sans typeface, which is bundled with our application and served from our own infrastructure. No third-party font services are contacted when you visit our site.

Affiliate and Referral Tracking:

• PartnerStack: For tracking referrals from our affiliate and referral partners. When you click a partner's referral link, PartnerStack sets a cookie to identify the referring partner. If you subsequently make a purchase, this cookie enables us to attribute the sale to the referring partner for commission purposes. The cookie stores a unique click identifier and does not contain personally identifiable information until you complete a purchase, at which point your email and transaction details are shared with PartnerStack for referral attribution.

These third parties may use cookies, web beacons, and other tracking technologies to collect information about your online activities across websites and services.

Third-Party Privacy Policies:

• Google Privacy Policy
• LinkedIn Privacy Policy
• AWS Privacy Policy
• PostHog Privacy Policy
• PartnerStack Privacy Policy
• Tawk.to Privacy Policy

11.4 Your Choices Regarding Cookies

Browser Settings: You can set your browser to refuse cookies or alert you when cookies are being sent. Please note that disabling cookies may affect the functionality and features of our Services.

Opt-Out Options:

• Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on.
• PostHog Opt-Out: Use the "Privacy settings" link in our website footer to manage your analytics preferences. PostHog is first-party product analytics and is not affected by the "Do Not Sell or Share My Personal Information" link.
• PartnerStack Opt-Out: Use the "Privacy settings" link in our website footer to disable affiliate referral tracking, or click "Do Not Sell or Share My Personal Information" to opt out. This prevents PartnerStack from setting referral attribution cookies.
• Google Ads Settings: Manage your ad preferences at Google Ads Settings.

11.5 Do Not Track Signals

Our Services currently do not respond to "Do Not Track" (DNT) signals sent by your browser. However, you can adjust your browser settings to block or delete cookies, and you may opt-out of interest-based advertising by following the instructions in Section 11.4.

12. Additional Disclosures for California Residents

12.1 California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents who have established a business relationship with us may request information once per calendar year about any Personal Information shared with third parties for their direct marketing purposes.

To make such a request, please contact us at:

Email:

Mailing Address: First AI Corp, 1151 Walker Rd Ste 100 PMB 420, Dover, DE 19904, USA

Please include "California Shine the Light Request" in the subject line and provide your name, contact information, and a description of your request.

12.2 Categories of Personal Information Collected

We collect the following categories of Personal Information as defined under the CCPA and CPRA, including, but not limited to:

Identifiers: Such as real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers.

Personal Information Categories Listed in the California Customer Records Statute: Such as signature, social security number, physical characteristics, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.

Protected Classification Characteristics: Such as age, gender, race, national origin, disability, and citizenship.

Commercial Information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet or Other Electronic Network Activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Geolocation Data: Physical location or movements.

Professional or Employment-Related Information: Current or past job history or performance evaluations.

Education Information: As defined under the Family Educational Rights and Privacy Act.

Inferences Drawn from Other Personal Information: Profiling to reflect preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Sensitive Personal Information: Such as social security number, driver's license number, state identification card number, passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

12.3 Sale or Sharing of Personal Information

We do not sell Personal Information for monetary consideration. However, the disclosure of Personal Information to third parties for advertising or marketing purposes may be considered a "sale" or "sharing" under California law. This includes sharing data with our affiliate marketing partner (PartnerStack) for referral attribution purposes when you make a purchase after arriving via a partner's referral link. California residents have the right to opt-out of such disclosures.

To exercise this right, please:

Click on the "Do Not Sell or Share My Personal Information" link at the bottom of our website.

Contact us directly at

.

12.4 How to Exercise Your Rights

Refer to Section 10.3 for detailed instructions on how to exercise your rights.

12.5 Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA or CPRA. This means we will not deny you services, charge you different prices, or provide a different level or quality of services unless permitted by law.

13. Children's Privacy Under Delaware Law

13.1 Content Removal for Minors

Under the Delaware Online Privacy and Protection Act (DOPPA), minors under 18 years of age may request the removal of content or information they have posted on our Services.

If you are a minor under 18 and a resident of Delaware, and you wish to request the removal of content or information you have posted on our Services, please contact us at

with:

A description of the content you wish to remove.

Information sufficient to permit us to locate the content.

Confirmation that you are the person who posted the content.

Please note that removal does not ensure complete or comprehensive removal of the content or information, especially if it has been shared or reposted by others.

13.2 Prohibited Marketing Practices

We do not knowingly market or advertise prohibited products or services to minors, including, but not limited to, alcohol, tobacco, firearms, or adult content, in compliance with DOPPA and other applicable laws.

14. Confidentiality Obligations

14.1 Attorney-Client Privilege

We acknowledge the importance of maintaining the confidentiality of information subject to attorney-client privilege and work product doctrine. We are committed to upholding these legal and ethical obligations by:

Secure Handling: Implementing robust security measures to protect privileged information.

Access Controls: Limiting access to privileged information to authorized personnel on a need-to-know basis.

Non-Disclosure: Prohibiting unauthorized disclosure of privileged communications without explicit consent.

14.2 Non-Disclosure Agreements

We may enter into non-disclosure agreements (NDAs) or confidentiality agreements with you to further protect sensitive information, including, but not limited to, trade secrets, proprietary data, and confidential business information.

15. Data Processing Agreements

15.1 Roles and Responsibilities

Data Controller: First AI Corp acts as a Data Controller when determining the purposes and means of processing Personal Data, including user registration and account management.

Data Processor: We may act as a Data Processor when processing Personal Data on behalf of attorneys or clients, in which case we will process data in accordance with their instructions and applicable data protection laws.

15.2 Third-Party Obligations

We require all third-party service providers who process Personal Data on our behalf to enter into Data Processing Agreements (DPAs) that mandate:

Compliance with Applicable Laws: Adherence to all relevant data protection regulations.

Security Measures: Implementation of appropriate technical and organizational measures to protect Personal Data.

Confidentiality Obligations: Ensuring personnel authorized to process Personal Data are bound by confidentiality agreements.

Sub-Processing Restrictions: Restrictions on engaging sub-processors without prior authorization.

16. Compliance with Specific Laws

16.1 HIPAA Compliance

When we handle Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), we comply with all applicable HIPAA regulations by:

Business Associate Agreements (BAAs): Entering into BAAs with covered entities or business associates.

Safeguards: Implementing administrative, physical, and technical safeguards to protect PHI.

Minimum Necessary Rule: Ensuring that only the minimum necessary PHI is used or disclosed.

16.2 GLBA Compliance

For Non-Public Personal Information (NPI) related to financial services, we comply with the Gramm-Leach-Bliley Act (GLBA) by:

Privacy Notices: Providing clear and conspicuous privacy notices describing our information-sharing practices.

Opt-Out Rights: Offering consumers the opportunity to opt-out of certain disclosures of their NPI.

Security Standards: Implementing safeguards to protect NPI from unauthorized access or use.

16.3 State Laws

We comply with various state privacy laws, including, but not limited to:

California Privacy Rights Act (CPRA): As detailed in Section 12.

Delaware Online Privacy and Protection Act (DOPPA): As detailed in Section 13.

New York SHIELD Act: Implementing data security protections for residents of New York.

Virginia Consumer Data Protection Act (VCDPA): Extending privacy rights to residents of Virginia.

Other State Regulations: Adhering to additional state-specific privacy and data protection laws as applicable.

17. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by us. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party websites or services before providing them with your Personal Data.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Notification of Changes: Significant changes will be notified via email (if you have provided it) or by placing a prominent notice on our website.

Effective Date of Changes: The updated Privacy Policy will become effective on the date it is posted unless otherwise indicated.

19. Governing Law

This Privacy Policy and any disputes related thereto are governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to its conflict of law principles.

20. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us:

Email:

Mailing Address: First AI Corp, 1151 Walker Rd Ste 100 PMB 420, Dover, DE 19904, USA

Phone: +1 (650) 924-9231

Data Protection Officer:

21. User Consent and Acceptance

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and any updates thereto. If you do not agree with our policies and practices, your choice is to not use our Services.

22. Accessibility and Language

We are committed to ensuring that our Privacy Policy is accessible to individuals with disabilities. If you require this Privacy Policy in an alternative format, please contact us at

.