Privacy Policy
Last Updated: November 2025
At Eutacap ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
1. Information We Collect
1.1 Personal Information
We may collect personal information that you voluntarily provide to us when you:
- Fill out contact forms or request information
- Subscribe to our newsletter or marketing communications
- Create an account or register for our services
- Participate in surveys, webinars, or events
- Communicate with our customer support team
This information may include:
- Name and contact details (email address, phone number, company name)
- Job title and professional information
- Account credentials (username and password)
- Payment and billing information
- Any other information you choose to provide
1.2 Automatically Collected Information
When you visit our website, we automatically collect certain information about your device and usage, including:
- IP address and geographic location
- Browser type and version
- Operating system and device information
- Pages visited, time spent on pages, and navigation paths
- Referral source and exit pages
- Cookies and similar tracking technologies (see Section 6)
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, maintain, and improve our AI automation services
- Customer Support: To respond to your inquiries and provide technical assistance
- Communication: To send you service updates, security alerts, and administrative messages
- Marketing: To send promotional materials, newsletters, and information about our products (with your consent)
- Personalization: To customize your experience and provide relevant content
- Analytics: To analyze usage patterns and improve our website and services
- Security: To detect, prevent, and address fraud, security issues, and technical problems
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
3. AI & LLM Data Processing
As an AI-powered automation platform, we utilize Large Language Models (LLMs) and artificial intelligence technologies to deliver our services. This section explains how AI processing affects your data:
3.1 Data Processed by AI
When you use our AI-powered features, the following types of data may be processed by AI models:
- Content you provide for analysis, generation, or automation (e.g., text, prompts, queries)
- Conversation history and interaction data with AI assistants
- Business workflow data processed through our automation tools
- Integration data from connected systems (HubSpot CRM, support tickets, HR records)
- Usage metadata to improve AI performance and service quality
3.2 AI Model Training and Data Usage
Important: Your data is not used to train third-party AI models. We implement the following safeguards:
- All data sent to AI providers (OpenAI, Anthropic, Azure AI) is processed under strict data processing agreements
- We utilize opt-out provisions and enterprise API tiers that prohibit model training on customer data
- Your proprietary business data remains confidential and is not shared with other users
- AI processing is performed in real-time; data is not retained by AI providers beyond the session
3.3 User Responsibilities
While we implement technical and contractual safeguards, we strongly recommend that you:
- Avoid sharing highly sensitive information such as passwords, social security numbers, financial account credentials, or confidential medical records through AI features
- Review your organization's data classification policies before inputting data into AI-powered tools
- Use data anonymization or pseudonymization when possible for sensitive workflows
- Understand that AI-generated outputs should be reviewed before business-critical use
3.4 AI Service Providers
We partner with leading AI providers to deliver our services, including:
- OpenAI: GPT models for natural language understanding and generation
- Anthropic: Claude models for advanced reasoning and analysis
- Microsoft Azure AI: Enterprise-grade AI services with enhanced compliance
These providers are bound by data processing agreements (DPAs) and operate under enterprise terms that prioritize data privacy and security. We continuously monitor their compliance with industry standards and our contractual requirements.
4. How We Share Your Information
We may share your information in the following circumstances:
4.1 Service Providers and Subprocessors
We work with third-party service providers ("Subprocessors") who perform services on our behalf. These partners process your data only under our instructions and are bound by data processing agreements to protect your information.
Our Subprocessors include providers in the following categories:
- Cloud Infrastructure: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), for secure data storage and hosting
- AI & Machine Learning: OpenAI, Anthropic, Microsoft Azure AI, for AI-powered automation and natural language processing
- CRM & Marketing Automation: HubSpot, for customer relationship management and marketing communications
- Payment Processing: Stripe, PayPal, for secure payment and billing services
- Email Services: SendGrid, Amazon SES, for transactional and marketing emails
- Analytics & Monitoring: Google Analytics, Sentry, Datadog, for service performance and error tracking
- Security & CDN: Cloudflare, for DDoS protection, CDN, and web security
- Customer Support: Zendesk, Intercom, for helpdesk and customer communication
A complete and up-to-date list of our Subprocessors is available upon request. We will notify you of any material changes to our Subprocessor list in accordance with our contractual obligations.
4.2 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or if we believe such action is necessary to comply with legal obligations or protect our rights.
4.4 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:
- The nature and sensitivity of the information
- The purposes for which we process the information
- Legal, regulatory, and compliance requirements
- Whether we can achieve those purposes through other means
6. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request access to the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal obligations)
- Portability: Request a copy of your information in a machine-readable format
- Opt-Out: Unsubscribe from marketing communications at any time
- Restriction: Request restriction of processing in certain circumstances
- Object: Object to processing based on legitimate interests
To exercise these rights, please contact us using the information provided in Section 11. We will respond to your request within 30 days of receipt, or as otherwise required by applicable law. In some cases, we may require additional information to verify your identity before processing your request.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing activities. Cookies are small data files stored on your device. When you first visit our website, you will see a cookie consent banner allowing you to accept or decline non-essential cookies.
7.1 Cookie Categories
We categorize cookies into three types:
Essential Cookies (Always Active)
These cookies are necessary for the website to function and cannot be disabled. They include:
- Session management and authentication
- Security and fraud prevention
- Load balancing and performance optimization
- Cookie consent preferences
Analytics Cookies (Optional)
These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously:
- Page views, navigation paths, and time spent on pages
- Device and browser information
- Geographic location (country/city level)
- Referral sources and exit pages
Providers: Google Analytics, Mixpanel, Hotjar
Marketing Cookies (Optional)
These cookies are used to deliver personalized advertisements and track campaign effectiveness:
- Display relevant ads based on your interests
- Measure ad campaign performance
- Track conversions and attribution
- Prevent showing the same ad repeatedly
Providers: Google Ads, Facebook Pixel, LinkedIn Insight Tag
7.2 Managing Your Cookie Preferences
You can control cookies through your browser settings or by updating your preferences in our cookie banner (accessible at the bottom of every page). Please note that disabling essential cookies will prevent certain features of our website from functioning properly. Disabling analytics or marketing cookies will not affect website functionality but may reduce personalization.
8. Data Security
We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest (SSL/TLS)
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection and security
- Incident response and breach notification procedures
While we employ industry-leading security measures and continuously monitor for threats, no method of transmission over the internet or electronic storage can provide absolute security. We maintain a proactive security posture through regular audits, vulnerability assessments, and incident response planning. In the unlikely event of a data breach, we will notify affected individuals and relevant authorities in accordance with applicable laws.
9. Third-Party Links and Services
Our website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our website.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer your information internationally, we implement appropriate safeguards to ensure your information receives adequate protection, including:
- Standard contractual clauses (SCCs) approved by the European Commission and other regulatory authorities
- Data processing agreements with all service providers and Subprocessors
- Compliance with applicable data protection frameworks (EU-U.S. Data Privacy Framework, UK-U.S. Data Bridge)
- Adherence to Privacy Shield principles where applicable
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy & Legal Contact: support@eutacap.com
Company Address: Toronto, Ontario, Canada
Contact Form: eutacap.com/contact
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. For significant changes, we may also provide additional notice (such as email notification or prominent website banner). We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Children's Privacy
Our services are designed for and directed to adult business users (ages 18 and older). We do not knowingly collect, use, or disclose personal information from individuals under the age of 18. Our platform is intended for use by enterprise customers, business professionals, and organizational users. If we become aware that we have inadvertently collected information from a minor without proper parental or guardian consent, we will take immediate steps to delete such information from our systems. If you believe we have collected information from a child, please contact us immediately using the information in Section 11.
14. GDPR Compliance (For EU/EEA Residents)
If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR provide you with additional rights regarding your personal data:
- Legal Basis for Processing: We process your personal data based on one or more of the following legal bases: (a) your explicit consent, (b) performance of a contract with you, (c) compliance with legal obligations, or (d) our legitimate business interests (while ensuring your fundamental rights and freedoms are protected)
- Data Protection Officer: For privacy-related inquiries, you may contact our Data Protection Officer at dpo@eutacapital.com
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your rights under GDPR
- Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or similarly significant effects concerning you without your explicit consent or as otherwise permitted by law
- Data Transfers: When transferring your data outside the EEA/UK, we use Standard Contractual Clauses (SCCs) or other approved safeguards
- Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal
15. CCPA/CPRA Compliance (For California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for which we use it, and the categories of third parties with whom we share it
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain legal exceptions
- Right to Correct: Request correction of inaccurate personal information we maintain about you
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising purposes
- Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information to purposes necessary to provide our services
- Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying goods or services, charging different prices, or providing a different level of service
- Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority
To exercise these rights, please contact us using the information in Section 11. We will respond within 45 days, with a possible 45-day extension for complex requests.
16. PIPEDA Compliance (For Canadian Residents)
If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws:
- Right to Access: You have the right to request access to the personal information we hold about you, including information about how your data has been used and to whom it has been disclosed
- Right to Correction: You may request that we correct any inaccurate or incomplete personal information. If we refuse a correction request, we will document your request and our reasons for refusal
- Right to Withdraw Consent: You may withdraw your consent for certain types of data processing at any time, subject to legal or contractual restrictions and reasonable notice
- Accountability: We are responsible for personal information in our possession or control, including data transferred to third-party Subprocessors
- Challenging Compliance: You have the right to challenge our compliance with PIPEDA by contacting our privacy officer using the information in Section 11
- Right to File a Complaint: If you believe we have not addressed your privacy concerns adequately, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) atwww.priv.gc.ca or 1-800-282-1376
We will respond to your access or correction requests within 30 days. If we require additional time, we will notify you of the extension and the reasons for it, in accordance with PIPEDA requirements.
17. Consent and Acceptance
By using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our services.
