MyITDojo ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (the "Service").

By accessing or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

We use the information we collect to:

• Provide and maintain the Service: Process your requests, manage your account, and deliver the features you use
• Process payments: Handle subscription billing and payment processing through our payment processor
• Communicate with you: Send account notifications, respond to inquiries, provide customer support, and send important updates about the Service
• Improve and develop features: Analyze usage patterns to enhance existing features and develop new functionality
• Ensure security: Detect and prevent fraud, abuse, security threats, and technical issues
• Comply with legal obligations: Meet regulatory requirements and respond to legal requests
• Personalize your experience: Remember your preferences and customize the Service to your needs
• Marketing (with consent): Send promotional communications about new features or services, which you can opt out of at any time

We do not sell your personal information to third parties. We share your information only in the following circumstances:

• Service Providers: We share information with trusted third-party service providers who assist us in operating the Service, including Stripe (payment processing), cloud hosting providers, and analytics services. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Team Members: If you use team collaboration features, certain information (such as shared knowledge entries and system documentation) will be visible to other members of your team.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
• Legal Requirements: We may disclose your information when required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security practices include:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Sensitive data (including API keys) is encrypted at rest using AES-256 encryption.
• Access Controls: We restrict access to personal information to employees and contractors who need it to perform their job functions.
• Secure Authentication: We use OAuth 2.0 for secure authentication and support two-factor authentication (2FA) for enhanced account security.
• Regular Security Audits: We conduct regular security assessments and vulnerability testing to identify and address potential security risks.
• Incident Response: We maintain an incident response plan to quickly address any security breaches.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Opt-Out: Opt out of marketing communications at any time
• Withdraw Consent: Withdraw consent for data processing where we rely on consent as the legal basis
• Object: Object to processing of your personal information in certain circumstances
• Restrict Processing: Request restriction of processing in certain circumstances

To exercise these rights, please contact us through the support channels provided on our platform. We will respond to your request within 30 days. You can also export your data directly through the Service using our export features.

The Service integrates with third-party services that have their own privacy policies and terms of service:

• AI Providers (OpenAI, Anthropic): When you use the AI Assistant feature with your own API key, your queries are sent directly to your chosen AI provider. These providers have their own privacy policies governing how they handle your data.
• Payment Processor (Stripe): Payment information is processed by Stripe according to their privacy policy. We do not store full credit card numbers.
• Authentication Provider: We use OAuth 2.0 for authentication, which may involve third-party identity providers.
• Analytics Services: We use analytics services to understand usage patterns and improve the Service.

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies before using their services through our platform.

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Information: Retained while your account is active and for 30 days after account deletion
• User Content: Retained while your account is active and available for export for 30 days after account deletion
• Payment Records: Retained for 7 years to comply with tax and accounting requirements
• Usage Data: Retained for 2 years for analytics and service improvement purposes
• Support Communications: Retained for 3 years for quality assurance and legal compliance

After the retention period expires, we securely delete or anonymize your information.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us immediately.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. When we transfer your information internationally, we implement appropriate safeguards to protect your information, including standard contractual clauses approved by the European Commission.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or through a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the support channels provided on our platform or visit our Help Center for assistance.

For privacy-specific inquiries or to exercise your privacy rights, you can also reach our Data Protection Officer through the contact information available on our website.