Legal

Privacy Policy

Last updated March 16, 2026

1. Introduction and Controller Identity

Welcome to celiums.ai, operated by Celiums Solutions, LLC ("Company," "we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This comprehensive Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal data when you use our website (celiums.ai) and related services, APIs, and tools (collectively, the "Services").

This Privacy Policy has been designed to comply with major global privacy frameworks, including but not limited to the General Data Protection Regulation (GDPR) in the European Union and the United Kingdom, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Lei Geral de Proteção de Dados (LGPD) in Brazil.

Data Controller Information

For the purposes of applicable data protection legislation, the data controller responsible for your personal data is:

Company Name: Celiums Solutions, LLC Jurisdiction of Incorporation: Florida, USA Website: celiums.ai Data Protection Officer (DPO): privacy@celiums.ai

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use our Services.

2. Data We Collect

We believe in data minimization and collect only the information necessary to provide and improve our Services. The personal data we collect depends on how you interact with celiums.ai.

Information You Provide Directly to Us

Category of Data Specific Data Points Source Purpose of Collection
Account Information Email address, full name, company name (optional) Provided by you during account registration and profile setup. Account creation, authentication, communication, providing support, and account management.
Payment Information Billing address, payment method details (processed entirely by Stripe) Provided by you during checkout or subscription sign-up. Payment processing, fraud prevention, compliance with tax and accounting laws. Note: We never see or store full credit card numbers.
Communication Data Content of messages, support tickets, feedback, or inquiries Provided by you when contacting our support or interacting with us. Resolving issues, responding to inquiries, improving customer service, and maintaining records of communications.

Information Collected Automatically

Category of Data Specific Data Points Source Purpose of Collection
Usage Data API request counts, specific tool names used, timestamps of usage, frequency of access Automatically collected by our systems when you use the Services. Monitoring system performance, billing based on usage limits, identifying popular tools, and preventing abuse. Note: No content processed by the tools is collected here.
Technical Data IP address, browser type and version, operating system, user agent string, approximate geographic location (country/region level derived from IP) Automatically collected by our infrastructure providers (e.g., Cloudflare) and our servers. Providing the Services securely, defending against DDoS attacks, optimizing content delivery, and ensuring system stability.

3. How We Use Your Data and Legal Bases

Under the GDPR and similar frameworks, we must have a valid legal basis to process your personal data. We rely on the following lawful bases under Article 6 of the GDPR:

  1. Performance of a Contract (Art. 6(1)(b) GDPR): Processing is necessary for the performance of our contract with you, or to take steps at your request before entering into such a contract. This includes creating your account, processing payments, delivering the Services, and providing customer support.
  2. Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights and freedoms. This includes:
    • Securing our infrastructure and preventing fraud or abuse.
    • Analyzing usage trends to improve and optimize our Services.
    • Managing our relationship with you and responding to general inquiries.
  3. Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal or regulatory obligation to which we are subject. This includes retaining financial records for tax purposes and responding to lawful requests from public authorities.
  4. Consent (Art. 6(1)(a) GDPR): You have given clear consent for us to process your personal data for a specific purpose. For example, if you opt-in to receive promotional emails. You can withdraw your consent at any time.
  5. Protection of Vital Interests (Art. 6(1)(d) GDPR): Processing is necessary to protect the vital interests of the data subject or of another natural person. (Rarely applicable, but necessary in extreme emergencies).
  6. Public Task (Art. 6(1)(e) GDPR): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. (Generally not applicable to our commercial operations).

Specific Use Cases and Legal Bases:

  • Account Management & Service Delivery: (Basis: Performance of a Contract). We use your email and name to maintain your account and provide access to celiums.ai.
  • Payment Processing: (Basis: Performance of a Contract, Legal Obligation). We facilitate payments through Stripe to fulfill your subscription and maintain required financial records.
  • Security & Fraud Prevention: (Basis: Legitimate Interests). We use Technical Data (like IP addresses) via Cloudflare to detect, prevent, and mitigate security threats, DDoS attacks, and unauthorized access.
  • Usage Analytics & Service Improvement: (Basis: Legitimate Interests). We analyze Usage Data (request counts, tool names) to understand how our Services are utilized, allowing us to allocate resources efficiently and develop new features.
  • Customer Support: (Basis: Performance of a Contract, Legitimate Interests). We process Communication Data to resolve technical issues and answer your questions.

4. Data We Do NOT Collect

We are deeply committed to the privacy and confidentiality of the content you process using our tools. It is a core principle of celiums.ai that your proprietary data remains yours. Therefore, we explicitly state that we do NOT collect, store, log, or analyze the following types of information:

  • User Source Code: Any code snippets, scripts, or complete repositories you input into our tools or APIs are never persistently stored or analyzed by us.
  • AI Prompts or Responses: The specific text, instructions, or queries you send to any AI-powered features, as well as the generated responses, are not logged or retained by our systems.
  • File Contents: If you upload files (such as documents, spreadsheets, or text files) for processing, the contents of those files are processed ephemerally in memory and are immediately discarded after the operation is complete.
  • Personal Documents: Any sensitive personal documents, identification files, or private materials processed through our Services are strictly ephemeral. We have zero visibility into the contents of your documents.

Our architecture is designed to process this payload data in transit and in memory solely for the purpose of returning the requested output to you, after which the payload is instantly and irrevocably purged from our active processing environment.

5. Cookies and Tracking Technologies

Unlike many modern web services, celiums.ai employs a strict "essential only" approach to cookies and tracking technologies. We value your privacy over invasive analytics.

Essential Cookies Only

We use only necessary cookies that are essential for the operation of our website and Services. These cookies cannot be disabled in our systems as they are required for basic functionality, such as:

  • Authentication Cookies: To keep you logged in securely during your session.
  • Security Cookies: To protect against Cross-Site Request Forgery (CSRF) attacks and ensure the integrity of your requests.
  • Load Balancing Cookies: Provided by Cloudflare to ensure efficient routing of traffic to our servers.

No Third-Party Tracking

We expressly do not use:

  • Third-party advertising cookies or trackers (e.g., Google Analytics, Meta Pixel, tracking beacons).
  • Cross-site tracking mechanisms.
  • Cookies designed to build a profile of your interests or browsing habits outside of celiums.ai.

Because we do not use non-essential cookies, we do not require a complex cookie consent banner. By using our Services, you consent to the placement of these strictly necessary, essential cookies.

6. Data Sharing and Subprocessors

We do not sell, rent, or trade your personal data to third parties. We only share personal data with trusted third-party service providers (subprocessors) who assist us in operating our Services, conducting our business, or serving our users. These providers are bound by strict confidentiality and data protection agreements.

Our authorized subprocessors include:

  1. Stripe (Payment Processing):
    • Purpose: To process credit card payments and manage subscriptions.
    • Data Shared: When you make a payment, your billing information is transmitted directly to Stripe via a secure, encrypted connection. We do not store or process complete credit card numbers on our servers.
    • Location: Global (primarily USA and EU).
  2. Cloudflare (Infrastructure & Security):
    • Purpose: To provide Content Delivery Network (CDN) services, DNS resolution, DDoS protection, and edge security.
    • Data Shared: Technical Data (IP addresses, user agents, request headers) is processed by Cloudflare's edge network to route traffic efficiently and block malicious activity.
    • Location: Global Edge Network.

We may also disclose your personal data in the following exceptional circumstances:

  • Legal Compliance: If required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • Protection of Rights: To enforce our Terms of Service, protect our operations, or defend the rights, privacy, safety, or property of Celiums Solutions, LLC, you, or others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, user information may be one of the transferred assets.

7. International Data Transfers

Celiums Solutions, LLC is located in the United States (Florida). Our primary infrastructure providers, such as Cloudflare and Stripe, operate globally. Therefore, your personal data may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, including outside the European Economic Area (EEA), the United Kingdom (UK), or Brazil.

These countries may have data protection laws that are different from the laws of your country. However, we take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable laws.

Safeguards for International Transfers

When we transfer personal data originating from the EEA, the UK, or Switzerland to countries that have not been deemed to provide an adequate level of protection by the relevant authorities, we rely on the following mechanisms:

  • Standard Contractual Clauses (SCCs): We implement the European Commission's approved Standard Contractual Clauses (and the UK Addendum) in our agreements with third-party service providers (like Stripe and Cloudflare) to ensure adequate protection for the transfer of personal data.
  • Supplementary Measures: Where appropriate, we employ supplementary technical and organizational measures, such as encryption in transit and at rest, and strict access controls, to further secure data during international transfers.
  • Cloudflare Edge Network: It is important to note that Cloudflare operates a global edge network. Much of the Technical Data is processed near your geographic location at the edge, minimizing the need to transfer data long distances to central servers.

By using the Services, you acknowledge the transfer of your information to the United States and other regions as described in this policy.

8. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. Our specific retention periods are as follows:

  • Account Data (Email, Name): Retained for the lifetime of your account. Upon your request to delete your account, this data is permanently erased from our active databases within 30 days.
  • Usage Logs & Analytics (API counts, timestamps, tool usage): Retained for a maximum of ninety (90) days for operational monitoring, billing dispute resolution, and abuse prevention. After 90 days, this specific usage data is aggregated and anonymized, or permanently deleted.
  • Payment & Billing Records: Retained for the period required by applicable tax, accounting, and commercial laws (typically 7 years in the United States) to comply with legal obligations.
  • Technical Data (IP addresses, Cloudflare logs): Retained ephemerally for security purposes and typically purged within a short timeframe (e.g., 7 to 30 days) by our infrastructure providers, unless retained longer for active incident investigation.

When we have no ongoing legitimate business need or legal obligation to process your personal data, we will securely delete, anonymize, or destroy it.

9. Your Rights Under the GDPR (EEA/UK Users)

If you are a resident of the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have specific rights regarding your personal data under the General Data Protection Regulation (GDPR) and UK GDPR.

  1. Right to Access (Art. 15): You have the right to request a copy of the personal data we hold about you.
  2. Right to Rectification (Art. 16): You have the right to request that we correct any inaccurate or incomplete personal data. You can usually update your account information directly in your dashboard.
  3. Right to Erasure / Right to be Forgotten (Art. 17): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
  4. Right to Restriction of Processing (Art. 18): You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest its accuracy).
  5. Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller.
  6. Right to Object (Art. 21): You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
  7. Right Not to be Subject to Automated Decision-Making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not engage in such automated decision-making.

To exercise any of these rights, please contact our Data Protection Officer at privacy@celiums.ai. We will respond to your request within one month, free of charge. You also have the right to lodge a complaint with your local Data Protection Authority.

10. Your Rights Under CCPA and CPRA (California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.

  1. Right to Know and Access: You have the right to request that we disclose the categories of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected about you.
  2. Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, or comply with a legal obligation).
  3. Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
  4. Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. Therefore, we do not provide a "Do Not Sell or Share My Personal Information" link, as we are already compliant with this standard.
  5. Right to Limit Use and Disclosure of Sensitive Personal Information: We do not collect or process "Sensitive Personal Information" as defined by the CPRA (such as precise geolocation, racial/ethnic origin, or biometric data) beyond what is strictly necessary to provide the Services. Therefore, the right to limit its use is not applicable to our operations.
  6. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality.

To exercise your California privacy rights, please submit a verifiable consumer request to privacy@celiums.ai. We may need to request specific information from you to verify your identity before processing your request.

11. Your Rights Under the LGPD (Brazil Users)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) provides you with specific rights regarding your personal data. These rights are broadly similar to those under the GDPR and include:

  1. Confirmation of the existence of processing.
  2. Access to the data.
  3. Correction of incomplete, inaccurate, or out-of-date data.
  4. Anonymization, blocking, or deletion of unnecessary or excessive data.
  5. Portability of the data to another service or product provider.
  6. Deletion of personal data processed with the consent of the data subject.
  7. Information about public and private entities with which the controller has shared data.
  8. Information about the possibility of denying consent and the consequences of such denial.
  9. Revocation of consent.

To exercise your rights under the LGPD, please contact our DPO at privacy@celiums.ai. We are committed to responding to your requests in a timely manner as required by Brazilian law.

12. Children's Privacy

Our Services are intended for a general audience of professionals and developers and are not directed at children. We strictly prohibit the use of our Services by anyone under the age of 16.

We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us immediately at privacy@celiums.ai. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take immediate steps to remove that information from our servers and terminate the associated account.

13. Security Measures

We take the security of your data extremely seriously and implement robust technical and organizational measures to protect your personal data from unauthorized access, accidental loss, destruction, or alteration. Our security practices include:

  • Encryption in Transit: All data transmitted between your browser/client and our servers, as well as between our servers and our subprocessors, is encrypted using industry-standard Transport Layer Security (TLS/HTTPS).
  • Encryption at Rest: Sensitive data, such as authentication tokens and account details, are encrypted at rest within our databases using strong encryption algorithms (e.g., AES-256).
  • Minimal Data Footprint: As detailed in Section 4, we strictly adhere to a policy of non-retention for user payload data, source code, and AI prompts. Processing occurs ephemerally in memory, drastically reducing the attack surface.
  • Access Controls: Access to production systems, databases, and infrastructure is strictly limited to authorized personnel on a "need-to-know" basis. We enforce Multi-Factor Authentication (MFA) for all internal access to critical systems.
  • Infrastructure Security: We utilize Cloudflare's robust edge security to protect against Distributed Denial of Service (DDoS) attacks, malicious bots, and network-level vulnerabilities.
  • Regular Audits: We continuously monitor our systems for potential vulnerabilities and conduct regular security reviews of our infrastructure and codebase.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security, but we are committed to mitigating risks to the maximum extent feasible.

14. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we have established strict internal incident response protocols.

  • GDPR Compliance: If a breach occurs that affects users in the EEA or UK, we will notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. If the breach poses a high risk to you, we will also communicate the data breach to you directly without undue delay.
  • CCPA/CPRA Compliance: If a breach affects California residents, we will comply with applicable state breach notification laws, providing notice in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • General Notification: Regardless of jurisdiction, if a breach compromises your account security or sensitive personal data, we will notify you via the email address associated with your account, providing details of the incident, the likely consequences, and the measures taken or proposed to be taken to address the breach.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or regulatory guidance.

When we make changes, we will update the "Effective Date" and "Last Updated" date at the top of this Policy. If we make material changes to how we treat our users' personal data, we will notify you by email (to the email address specified in your account) or through a prominent notice on the celiums.ai website prior to the change becoming effective.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your personal data. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

16. Contact and DPO

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data processing practices, or if you wish to exercise your privacy rights, please contact our Data Protection Officer (DPO).

Data Protection Officer: Email: privacy@celiums.ai

Company Contact: Celiums Solutions, LLC State of Florida, USA Email: support@celiums.ai

We are committed to resolving complaints about your privacy and our collection or use of your personal information. We aim to respond to all inquiries promptly and comprehensively.