PRIVACY POLICY
We are firmly committed to safeguarding the privacy of our business customers and individual users. This Privacy Policy details the types of information we collect, the rigorous security methodologies we implement, and our strict non-retention pipeline regarding structural engineering data.
Because our software operates as an ephemeral processing pipeline, our operational posture minimizes privacy risks and aligns cleanly with the structural confidentiality requirements of engineering firms, corporate entities, and global compliance regulations.
0. Definitions
For purposes of these Privacy Policy:
- "Service" refers to the Kouzou Assistant web application and all related features, interfaces, and hosted components.
- "User Data" means any structural calculation files, datasets, parameters, dimensions, geometry, material properties, or other engineering information uploaded or submitted by the User during an active session.
- "Outputs" means any visualizations, technical drawings, alerts, warnings, or structural "suggestions" generated by the Service in response to User Data.
- "Suggestions" means informational prompts, recommendations, or flagged anomalies generated by the Service, which are intended solely as productivity aids and not as professional engineering, architectural, or regulatory advice.
- "Organization" means any business entity, corporate team, or engineering firm that establishes an administrative account and manages Member Accounts under the Service.
- "Account Data" means administrative information collected to establish and maintain customer accounts, including profile details, authentication records, billing metadata, and audit logs.
1. The Zero-Retention Engineering Data Policy
Our platform treats your proprietary structural engineering files and calculation data using a privacy-focused zero-retention architecture designed to minimize data persistence and storage risks.
1.1 In-Memory Transience: When an active user uploads structural calculation datasets to the web application, that data is pushed into transient, volatile memory (RAM) within our compute instances. This data is utilized exclusively to run automated error-checking routines and generate Outputs for display within the User's active browser session.
1.2 Automatic session-based deletion on Session Termination: No structural engineering files, calculation records, layout dimensions, geometry logs, coordinate mappings, or resultant technical drawings are ever written to hard drives, persistent cloud disks, or database tables. The moment a user logs out, closes their web browser tab, or encounters a system timeout, all associated calculation data is automatically deleted at the conclusion of the session lifecycle from our infrastructure memory. We do not store, evaluate, or possess historical access to your engineering intellectual property.
1.3 Training Exclusions: Under no circumstances is user-provided structural data or proprietary calculation metrics used, evaluated, or maintained for machine learning optimization, algorithmic training, or historical software analytics.
1.4 Professional Certification Disclaimer: The Service does not retain uploaded engineering data for professional certification, regulatory compliance verification or engineering code-compliance review. All structural datasets and calculation files are handled exclusively within transient memory during active sessions and are irreversibly deleted upon session termination.
2. Categories of Information We Collect
To establish accounts, enforce secure access, maintain audit logs and operational records, and manage post-paid subscription invoicing, we must collect and maintain specific, non-ephemeral administrative data ("Account Data").
-
Profile Information: First and last names, business email addresses, administrative usernames, corporate phone numbers, Organization names, and other account profile information necessary to establish and administer customer accounts.
For business customers, we may also collect and maintain business-related information required for invoicing, accounting, taxation, regulatory compliance, and customer relationship management purposes. Such information may include:
- Registered company name;
- Business address;
- Tax identification number (TIN), VAT number, or equivalent tax registration identifier;
- Company registration number;
- Billing contact details; and
- Other information reasonably required to issue invoices and comply with applicable accounting, tax, or legal obligations.
- Authentication Credentials: We collect and maintain hashed passwords, authentication tokens, multi-factor authentication settings (if enabled), account recovery information, and other account security information necessary to authenticate users, maintain account security, and provide access to the Service.
- Billing and Transactional Metadata: Subscription plans, seat allocations, invoice records, transaction histories, payment status information, corporate billing details, tax-related information, and accounting records required to administer subscriptions, process payments, comply with legal obligations, and maintain financial records. We do not collect or store raw payment card data on our own systems.
-
User Activity Analytics & Admin Audit Logs: To enable Organization Administrators to review system utilization and team member activity, and to enable us to maintain platform security, investigate suspicious activity, prevent abuse, troubleshoot operational issues, and administer the Service, we collect and retain certain operational metadata. Such metadata may include login timestamps, last-access timestamps, authentication events, connection IP addresses, account activity records, usage frequency metrics, and other operational records associated with the use of the Service.
- These records are retained for administrative reporting, security monitoring, abuse prevention, audit logging, account protection, troubleshooting, compliance, and service administration purposes.
- The contents of structural calculations, engineering datasets, uploaded files, and generated Outputs are not retained as part of these records; only administrative and operational metadata is retained.
2.1 Data Retention
We retain different categories of information for different periods depending upon operational, legal, accounting, security, and compliance requirements.
| Data Category | Typical Retention Period |
|---|---|
| Account Profile Information and Authentication Credentials | For the duration of the account relationship and for a reasonable period thereafter as necessary for operational, legal, security, accounting, tax, or compliance purposes. |
| User Activity Analytics and Admin Audit Logs | Up to three (3) years. |
| Billing, Accounting, Tax, and Transaction Records | Up to ten (10) years, or longer if required by applicable law. |
We may retain information for longer periods where necessary to comply with legal obligations, resolve disputes, enforce agreements, investigate fraud or abuse, or protect our legal rights.
3. Cloud Infrastructure & Regional Data Processing
The technical architecture of the Service is built upon secure cloud infrastructure provided by third-party hosting partners ("Cloud Infrastructure Providers").
- Geographic Processing Location: Computational processing, automated analysis, and transient memory operations associated with the Service are performed primarily within cloud infrastructure located in Singapore.
- Regional Data Processing: User Data is processed primarily within Singapore during active sessions. This architecture is intended to support customers that are subject to regional data residency, privacy, confidentiality, or regulatory requirements.
4. Organization Separation & Multi-Tenancy
The Service utilizes a multi-tenant software architecture designed to maintain logical separation between Organizations and their respective data environments.
Operational metadata, account activity records, audit logs, and administrative information associated with an Organization may be made available to that Organization's authorized Administrators for account management, usage monitoring, security oversight, and administrative reporting purposes.
Operational metadata, account activity records, audit logs, and administrative information may also be accessed by authorized personnel of the Service Operator where reasonably necessary to operate, secure, maintain, support, investigate, audit, or administer the Service, or to comply with legal obligations.
Such information is accessible only to authorized users within the same Organization and is not made available to other Organizations, unrelated customers, competitors, or unauthorized third parties.
We implement technical and organizational measures designed to prevent unauthorized cross-Organization access to account information and operational records.
4.1 User Content Responsibilities
Users remain responsible for ensuring that they possess all necessary rights, permissions, authorizations, and legal authority to upload, process, and utilize any content submitted to the Service. Additional obligations and restrictions regarding uploaded content are set forth in the Terms of Service.
We do not actively review engineering content submitted during processing sessions; however, we reserve the right to investigate suspected violations of this Privacy Policy, the Terms of Service, or applicable laws.
5. Third-Party Services, Security, and Cookies
We do not sell, rent, or lease personal information to third-party marketers. We share personal information only with trusted service providers and sub-processors where reasonably necessary to operate the Service, process payments, fulfill legal obligations, provide customer support, maintain security, or administer subscriptions.
| Vendor Category | Purpose |
|---|---|
| Cloud Infrastructure Provider | Hosting, data processing, account management, and platform operation. |
| Content Delivery and Network Services | Delivery of website assets, routing, performance optimization, and security. |
| Payment Processors, Payment Gateways, and Merchant of Record Providers | Subscription billing, payment processing, invoicing, fraud prevention, tax handling, and related financial operations. |
| Email and Communication Providers | Transactional notifications, account communications, and support correspondence. |
The specific service providers used to support the Service may change from time to time as our business, technical, operational, or legal requirements evolve. We may add, replace, or discontinue service providers without updating this Privacy Policy, provided that such providers are engaged for substantially similar purposes and are subject to appropriate confidentiality, security, and data protection obligations.
We share personal information with third-party service providers only to the extent reasonably necessary for them to perform services on our behalf. Such providers are contractually or legally obligated to protect information appropriately and may not use the information for their own independent marketing purposes.
5.1 Security Measures
We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.
However, no method of transmission or storage can be guaranteed to be completely secure, and we cannot guarantee absolute security.
5.2 Cookies and Similar Technologies
The Service may utilize cookies, session identifiers, and similar technologies necessary for authentication, security, user preferences, operation of the Service, and service improvement activities.
We do not currently use advertising cookies or third-party behavioral advertising technologies.
5.3 Security Incidents
We will make reasonable efforts to notify affected Users within a reasonable timeframe consistent with applicable law.
Such notice may be provided via email, dashboard notification, or other appropriate communication channels.
6. Statutory Rights & Privacy Requests
We are committed to handling personal information in a manner that is consistent with applicable privacy, data protection, and security principles.
Subject to applicable law, Users and Organizations may request access to, correction of, updating of, or deletion of their personal information maintained by us.
Because engineering data submitted to the Service is processed using a transient session-based architecture and is automatically removed following session termination, we generally do not retain historical engineering files or calculation datasets that can later be retrieved, exported, or returned upon request.
Requests to access, correct, update, or delete personal information may be submitted through the contact methods identified at the end of this Privacy Policy.
We may decline or delay requests to delete information where retention is reasonably necessary to:
- Comply with legal, tax, accounting, or regulatory obligations;
- Maintain security, audit, or fraud-prevention records;
- Resolve disputes or investigate claims;
- Enforce agreements, including the Terms of Service; or
- Establish, exercise, or defend legal rights.
Where deletion is requested, certain information may be retained for these limited purposes even if the account is closed or access to the Service has ceased.
Billing records, seat allocation records, invoice histories, payment records, and related audit logs may be retained for the duration necessary to support accounting requirements, tax obligations, subscription administration, and dispute resolution.
6.1 Children’s Privacy
The Service is intended for business, professional, and organizational use and is not directed to individuals under the age of 18.
We do not knowingly collect personal information from children under the age of 18. If we become aware that personal information has been collected from a child without appropriate parental or legal guardian consent where required by applicable law, we will take reasonable steps to delete such information.
6.2 Dispute Resolution
Any dispute relating to this Privacy Policy shall be governed by the dispute resolution provisions set forth in the Terms of Service.
7. Policy Adjustments
We reserve the right to modify this Privacy Policy or our associated Terms of Service at any time to reflect cloud modifications, vendor shifts, or updated legal guidelines.
Registered Admin Accounts will receive a direct notification via email or clear dashboard notification if substantial changes are made to how administrative profile data is protected.
Continued use of the Service following the effective date of such changes constitutes acceptance of the updated Privacy Policy. Where required by us, Users may be required to review and affirmatively accept updated versions before continuing to use the Service.
7.1 Consistency with Terms of Service
This Privacy Policy shall be read together with the Terms of Service.
In the event of any conflict between the two documents, the disclaimers, limitations of liability, and restrictions on reliance contained in the Terms of Service shall prevail.
Both documents collectively govern the User’s relationship with the Service.
7.2 Survival
The provisions of this Privacy Policy that by their nature should survive termination shall remain in full force and effect after termination of the User’s account or cessation of use of the Service. This includes, without limitation, Sections 1 (Zero-Retention Engineering Data Policy), 5 (Third-Party Services, Security, and Cookies), 6 (Statutory Rights & Compliance), and 7.1 (Consistency with Terms of Service).
8. Contact Information
If you have questions regarding this Privacy Policy, personal data processing practices, privacy rights requests, or account information management, you may contact us using the contact information made available through the Service or on our official website.
Privacy-related requests will be reviewed and processed within a reasonable timeframe consistent with applicable legal requirements.
9. General Provisions
9.1 Interpretation
Headings, titles, and section labels in this Privacy Policy are provided for convenience only and shall not affect the meaning or interpretation of any provision. References to "including" shall be construed as "including without limitation.".
9.2 Waiver
No failure or delay by the Service Operator in enforcing any provision of this Privacy Policy shall operate as a waiver of such provision or of any other rights.
Any waiver must be expressly stated in writing and signed by the Service Operator to be effective.
A single or partial exercise of any right shall not preclude any other or further exercise of that right or any other right.