Sunethix Inc. ("Sunethix," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we handle information in connection with the Sunethix websites, web application, and related services (the "Service"). It should be read alongside our Terms of Service.
01Scope of this policy
This policy applies to information we process when you visit our websites, create an account, or use the Service. Where you use Sunethix on behalf of an organization under a separate written agreement — such as an institutional order form or a data processing agreement — that agreement governs how we process your organization's data, and this policy supplements it.
For most submission data uploaded by institutional customers, your organization is the controller of that data and Sunethix acts as a processor on its behalf.
02Information we collect
Information you provide
- Account information — name, email address, organization, role, and credentials when you register.
- Billing information — plan, transaction records, and limited payment details handled by our payment processor (we do not store full card numbers).
- Submissions and content — the documents and data you upload for review, and the reports and findings generated from them (your Content).
- Communications — messages you send us, including support and sales inquiries and form submissions.
Information collected automatically
- Usage data — actions taken in the Service, such as reviews run and features used.
- Device & log data — IP address, browser type, device identifiers, timestamps, and similar technical information.
- Cookies and similar technologies — as described in the Cookies section below.
03How we use information
We use information to:
- Provide, operate, and secure the Service, including running reviews on your submissions and generating findings;
- Create and manage your account and process billing;
- Respond to your requests and provide support;
- Monitor, maintain, and improve the Service, including diagnosing technical issues and analyzing aggregate usage;
- Send service-related communications and, where permitted, relevant product updates;
- Detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms;
- Comply with legal obligations and enforce our agreements.
Where required by law, our legal bases for processing include performance of our contract with you, our legitimate interests in operating and improving the Service, your consent (where requested), and compliance with legal obligations.
04AI processing & sub-processors
The Service uses third-party AI model providers and cloud infrastructure to process submissions and generate findings. When you run a review, the contents of your submission are transmitted to and processed by these providers solely to produce your review.
We do not use your submissions to train AI models
We do not use your Content to train machine-learning models, and we contract with our AI providers under terms intended to ensure they do not use your Content to train their models. Your submissions are processed to deliver your review — not to build a model.
We use vetted sub-processors (for example, cloud hosting, AI model APIs, and payment processing) under agreements that require appropriate confidentiality and security protections. A current list of sub-processors is available on request at info@sunethix.com.
05Your submissions & content
As between you and Sunethix, you (or your organization) own your Content. We process it only to provide and improve the Service for you, to maintain security, and as described in this policy or a data processing agreement. We do not sell your Content, and we do not share it for advertising.
You are responsible for ensuring you have the rights and permissions necessary to upload your Content and to have it processed by the Service.
06Protected health information
Unless you and Sunethix have signed a Business Associate Agreement or other written data agreement that expressly permits it, the Service is not intended to receive protected health information (PHI) as defined under HIPAA, or other regulated personal data. You should de-identify or appropriately redact submissions before upload where no such agreement is in place.
If your use case requires processing PHI or other regulated data, contact us at info@sunethix.com to put the appropriate agreement in place before uploading such data.
08Data retention
We retain information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Submissions and reports are retained according to your plan or applicable data processing agreement; you or your organization's administrator may request deletion of Content as described below, subject to legal and operational limits.
09Security
We use administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or misuse — including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.
10Your rights & choices
Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. You may also have the right to lodge a complaint with a supervisory authority.
- You can update account information in the Service or by contacting us.
- To exercise privacy rights, email info@sunethix.com. We will respond as required by applicable law.
- Where Sunethix processes data on behalf of your organization, we will direct rights requests relating to that data to your organization.
11Cookies & analytics
We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand how it is used. You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required, we obtain consent for non-essential cookies.
12International data transfers
We are based in the United States and may process information in the United States and other countries. Where we transfer personal data across borders, we rely on appropriate safeguards as required by applicable law, such as standard contractual clauses.
13Children's privacy
The Service is intended for use by adults in a professional or academic research context and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
14Third-party links
The Service may link to third-party websites or services we do not control. This policy does not apply to those third parties, and we encourage you to review their privacy practices.
15Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
16Contact us
Questions or requests regarding this policy or your information can be sent to info@sunethix.com.
Sunethix Inc. · sunethix.com