Data Management

Data Management

This page explains how we handle data protection responsibilities, how long we keep data, and how customers can exercise control over their data. It should be read alongside our Privacy Policy and any applicable contractual arrangements. By using the Services, you agree to the terms set out on this page.

1. Data Processing Roles

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR):

Customers are the Data Controller. You determine what personal data is uploaded to the platform, why it is processed, and how it is used within your business operations.

We are the Data Processor. We process personal data on your behalf solely to provide the Services as described in our Privacy Policy and any applicable agreements.

As the data controller, you are solely responsible for: the legality of all data you upload or process through the platform; obtaining any necessary consents or permissions from data subjects; ensuring your own compliance with all applicable data protection laws; and ensuring the data you submit does not infringe the rights of any third party.

We accept no responsibility or liability for your failure to meet these obligations.

In order to provide the Services, we and our affiliates, employees, contractors, and authorised service providers may access, process, and review data stored in the platform where reasonably necessary to operate, support, maintain, secure, improve, or develop the Services. This includes situations where access to customer data is required for technical support, troubleshooting, system maintenance, security monitoring, or product improvement.

2. Customer Indemnification for Data

By using the platform to process personal data, you represent and warrant that you have the legal right to collect, use, and submit all data you provide to us.

You agree to indemnify, defend, and hold harmless us, our affiliates, officers, employees, and service providers from and against any claims, penalties, fines, liabilities, losses, and legal costs arising from: your failure to comply with applicable data protection laws; the unlawful or unauthorised processing of personal data through the platform; any data subject complaint or regulatory action arising from your use of the Services; or any allegation that data you submitted infringes the rights of a third party.

3. Data Subject Rights

Individuals whose personal data is processed through the platform may have rights under applicable data protection laws, including rights to access, correction, deletion, and restriction.

Because customers are the data controller, data subject requests should be directed to the customer in the first instance. We will assist you in fulfilling requests to the extent required by law and technically feasible, but we are not obligated to respond directly to data subjects on your behalf unless separately agreed in writing.

We reserve the right to charge reasonable costs for assistance with data subject requests that are manifestly unfounded, excessive, or repetitive.

4. Data Retention

We retain data for as long as necessary to provide the Services and meet our legal, security, and operational obligations. Retention periods vary depending on the type of data and why it was collected.

We are not obligated to retain any data beyond what is required for the above purposes, and we accept no liability for any consequence arising from the deletion of data in accordance with our standard retention practices.

5. Data Deletion

You may request deletion of your data through the contact channels provided on the website. We will process deletion requests within 30 days where technically feasible, subject to any legal or operational requirements that require us to retain certain information.

We are not liable for any business impact, loss of data, or operational disruption arising from the deletion of data at your request or in accordance with our standard retention schedule. Deletion is irreversible and we cannot recover data once deleted.

6. International Data Transfers

The platform is operated by a company incorporated in Estonia and may use infrastructure and service providers located outside the European Economic Area, including in the United States. Where required by applicable law, we implement appropriate safeguards - such as standard contractual clauses - to support lawful international data transfers.

By using the Services, you acknowledge and consent to such transfers to the extent permitted by applicable law.

7. Data Processing Agreements

Where required by applicable law or contractual arrangements, we will enter into a Data Processing Agreement with you that sets out our respective responsibilities in relation to personal data. Until such an agreement is executed, this page and our Privacy Policy govern our data processing activities.

Please contact us at: legal@getprudens.ai if you require a formal Data Processing Agreement.

8. Security - No Absolute Guarantee

We implement reasonable technical and organisational security measures appropriate to the nature of the data we process. These measures are designed to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

However, we do not guarantee that the platform will be free from security incidents, breaches, or vulnerabilities. No internet-connected system can be made entirely secure. To the maximum extent permitted by applicable law, we are not liable for any loss, damage, or harm arising from a security incident that occurs despite our reasonable security measures, including incidents caused by third-party infrastructure providers.

You are responsible for maintaining secure access credentials and for promptly reporting any suspected unauthorised access to your account.

9. Service Availability - No Uptime Warranty

We aim to maintain reliable platform availability but do not warrant or guarantee any specific level of uptime, availability, or performance. The Services may be interrupted, unavailable, or degraded due to maintenance, third-party infrastructure issues, or circumstances beyond our reasonable control.

To the maximum extent permitted by law, we are not liable for any loss or damage - including loss of data, revenue, or business opportunity - arising from any interruption, suspension, or discontinuation of the Services.

10. System Limitations and No Professional Advice

The platform provides software automation and AI-assisted processing. We expressly do not guarantee:

• The accuracy, completeness, or fitness for purpose of any AI-generated output
• The regulatory compliance of any document or communication generated by the platform
• The legal validity of any AI-generated material
• That outputs will meet the requirements of any specific regulatory framework, insurer, or jurisdiction

The platform does not provide legal, insurance, financial, compliance, or regulatory advice. You remain solely responsible for reviewing and validating all outputs before relying on them. Where appropriate, outputs should be independently reviewed by a qualified professional before use.

Any use of platform outputs in a regulated context - including submission to insurers, regulators, or clients - is your responsibility entirely.

11. Limitation of Liability

We are not liable for any indirect, consequential, special, or punitive damages arising from data loss, data breach, deletion, or processing errors, regardless of whether we have been advised of the possibility of such damages.

12. Jurisdiction and Governing Law

This page and any dispute arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Republic of Estonia. Any dispute shall be subject to the exclusive jurisdiction of the courts of Estonia, unless otherwise required by mandatory local law.

13. Changes to This Page

We may update this page at any time to reflect changes in how we manage data or to comply with new legal requirements. We will publish the updated version with a new effective date. Continued use of the Services after an update constitutes acceptance of the revised terms.

14. Contact

Questions about data protection, deletion requests, or Data Processing Agreement inquiries may be directed to us through the contact channels provided on the website.