Privacy Policy

This Privacy Policy describes how Avnicloud LLC (“Company,” “we,” “us,” or “our”) collects, uses, and discloses your personal information in connection with our website (avnicloud.com) and our flagship AI compliance product, ClearCompli (app.clearcompli.com).

1. Relationship Disclosure

AvniCloud LLC operates the ClearCompli platform under a registered trade name (DBA). All data collected through the ClearCompli service is processed by AvniCloud LLC acting as the Data Controller for its own website (avnicloud.com) and for self-serve platform users. For enterprise clients who upload regulated data for compliance analysis, AvniCloud LLC may act as a Data Processor on behalf of the enterprise as Data Controller. Enterprise clients requiring a Data Processing Agreement (DPA) should contact contact@clearcompli.com prior to onboarding.

2. Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you (“Personal Information”).

Account Data: Name, business email, job role, and company name provided during registration or “Request a Demo” requests.
Product Data: Data uploaded to the ClearCompli platform for AI compliance analysis, including regulatory documents and metadata.
Technical Data: IP address, browser type, and device identifiers collected via Google reCAPTCHA v3 and internal logging for security and verification.
Usage Data: Information on how you interact with our dashboards and AI agents to improve UI/UX performance.

3. How We Use Your Information

We use the collected data for the following purposes. The legal basis for each is indicated: contract performance (C), legitimate interest (LI), legal obligation (LO), or consent (CON):

Service Delivery: To provide AI-driven compliance reporting and governance tools. (C: contract performance).
Security & Integrity: To protect platform integrity and prevent unauthorized access or fraud. (LI: legitimate interest in platform security).
AI Observability: To monitor AI service performance and ensure output accuracy for regulatory standards. (LI: legitimate interest; CON: where profiling is involved).
Communication: To send product updates, security alerts, and administrative communications. (C: contract performance for transactional; CON: consent for marketing).

4. Data Sharing and Disclosure

Avnicloud LLC does not sell your personal or business information. We may share data with:

Service Providers: Cloud infrastructure and AI processing: Amazon Web Services, Inc. (AWS) including AWS S3 (encrypted storage), DynamoDB (data storage), ECS (hosting), Cognito (authentication), WAF (security), and AWS Bedrock. Security: Google LLC (reCAPTCHA v3). Payment processing: Stripe, Inc. and/or PayPal Holdings, Inc.
Legal Compliance: When required by law or to respond to valid legal processes from regulatory bodies.

5. AI Governance and Data Ethics

As an AI compliance focused organization, we adhere to high standards of data ethics:

Non-Training Clause: Unless explicitly agreed upon in a separate written agreement, AvniCloud LLC does not use Customer Data to train, fine-tune, evaluate, or develop AI models. This prohibition covers all Customer Data regardless of industry and all forms of model development. AI processing is performed via AWS. AvniCloud LLC does not authorize cloud or AI developers to use Customer Data for any purpose beyond service delivery.
Framework Alignment: Our data processing is designed to align with the NIST AI Risk Management Framework and the EU AI Act.

6. Security

We implement the following security measures: (a) SSL/TLS encryption for all data in transit; (b) Encryption for data at rest; (c) Role-based access control (principle of least privilege); (d) Web application firewall for threat protection; (e) Annual security training for all personnel with access to personal data; (f) Third-party vendor security assessments prior to onboarding; (g) Documented incident response plan with breach identification, containment, and notification procedures. No method of Internet transmission is 100% secure and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any right, contact us at contact@clearcompli.com. We will respond to verifiable requests within forty-five (45) days consistent with CCPA, VCDPA, and other applicable US state privacy laws:

Right to Know / Access: Request disclosure of the categories and specific pieces of personal data collected, used, disclosed, or shared about you.
Right to Delete: Request deletion of your personal data, subject to legal exceptions (e.g., fraud prevention, legal obligations).
Right to Opt-Out: AvniCloud LLC does not sell personal data. You may opt out of sharing for targeted advertising. We honor the Global Privacy Control (GPC) signal as required under CPRA. To opt out of marketing emails, use the unsubscribe link in any email or contact us.

8. Contact Information

For questions regarding this Privacy Policy or our data practices, please contact:

Avnicloud LLC

Email(primary): contact@clearcompli.com | Email(secondary): contact@avnicloud.com | Mailing Address: AvniCloudLLC d/b/a ClearCompli ℅ Northwest Registered Agent Service, Inc., 2501 Chatham Rd Suit N, Springfield, IL 62704

Website: avnicloud.com

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law:

● Account Data: Retained for the duration of your active account and three (3) years following closure or termination.

● Product / Compliance Data: Retained for a minimum of seven (7) years consistent with regulatory audit requirements for AI governance and compliance records.

● Technical and Usage Data: Retained for up to twenty-four (24) months, then aggregated or deleted.

● Legal Hold: Data may be retained longer where required by applicable law, litigation hold, or regulatory investigation.

10. International Data Transfers

AvniCloud LLC stores and processes all personal data on the cloud in the United States (US-East-1 region). If you are located outside the United States, your personal data will be transferred to and processed in the United States. By using our Services, you consent to this transfer. We implement appropriate safeguards consistent with applicable law, including GDPR Standard Contractual Clauses where required.

11. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users: (a) within 72 hours of discovery for users subject to GDPR; (b) within 30 days of discovery for US-based users, consistent with the Illinois Personal Information Protection Act (815 ILCS 530) and other applicable state notification laws; and (c) promptly as required by other applicable laws. Notifications will include the nature of the incident, data categories affected, steps taken, and recommended protective actions. Where required, we will notify relevant supervisory authorities.

12. Cookies

Our website uses cookies and similar tracking technologies. For detailed information on cookies used, their purpose, duration, and preference management, please see our Cookie Policy at avnicloud.com/cookies and the ClearCompli Cookie Policy at app.clearcompli.com/cookies. We honor the Global Privacy Control (GPC) opt-out signal as required under CPRA.

13. State-Specific Privacy Rights

Illinois (BIPA and PIPA)

Illinois residents have rights under the Biometric Information Privacy Act (BIPA) if biometric data is collected, and under the Personal Information Protection Act (PIPA) regarding breach notification. AvniCloud LLC does not currently collect biometric data.

California (CCPA / CPRA)

California residents have the right to: know what personal information is collected, used, shared, or sold; delete personal information; correct inaccurate data; opt out of the sale or sharing of personal information; limit use of sensitive personal information; and non-discrimination for exercising rights. To submit a CCPA request, contact contact@clearcompli.com.

Virginia, Colorado, Connecticut, Texas, and Other States

Residents of states with comprehensive privacy laws in effect as of this Policy’s Effective Date, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Florida (FDBR), and New Jersey (NJDPA), have rights to access, correct, delete, and port personal data, and to opt out of targeted advertising and profiling. Contact us to exercise these rights.

14. AI and Automated Decision-Making

ClearCompli uses latest AI technologies to process Customer Data for AI governance and compliance analysis. Material AI-assisted compliance determinations are subject to human review before being treated as final. AvniCloud LLC does not make fully automated decisions with legal or similarly significant effects without human oversight. Users may request information about how a specific AI-generated output was produced by contacting contact@clearcompli.com.

15. Accountability and Governance

AvniCloud LLC maintains: (a) Records of Processing Activities (ROPA) for all data operations; (b) Annual privacy and security training for all personnel with data access; (c) Data Protection Impact Assessments (DPIAs) for high-risk processing activities; (d) Contractual data processing obligations on all third-party vendors; (e) Documented incident response plan with escalation and notification procedures.

16. Updates to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email to the address on file at least thirty (30) days before changes take effect, consistent with our Terms of Service notification standard. The updated policy will display a revised Effective Date. Continued use of our Services after the effective date constitutes acceptance of the revised Policy.

17. Cross-Reference to ClearCompli Policies

This Privacy Policy governs data collected through avnicloud.com and applies in conjunction with the ClearCompli Privacy Policy (app.clearcompli.com/privacy), Terms of Service (app.clearcompli.com/terms), and Cookie Policy (app.clearcompli.com/cookies). In the event of conflict between this Policy and the ClearCompli Privacy Policy regarding platform data, the ClearCompli Privacy Policy governs.