Privacy Policy

Introduction

This Privacy Policy describes how Innovation Distributed OÜ (“Innovation Distributed,” “we,” “us,” or “our”), operating under the agency name PurposeDriven.ai, collects, uses, discloses, and otherwise processes personal data in connection with our artificial intelligence consulting, AI-powered products, and related digital services ("Services"). Innovation Distributed is established and headquartered in Tallinn, Estonia, within the European Union, and delivers Services primarily to clients in the United States, European Union, and United Kingdom, with a globally distributed team.

As a data controller based in the European Union, we ensure all personal data processing complies with the General Data Protection Regulation (GDPR), and, where applicable, the United Kingdom General Data Protection Regulation (UK GDPR), and relevant United States federal and state privacy laws including the California Consumer Privacy Act (CCPA/CPRA). We further recognize and comply with data protection statutes in other applicable jurisdictions.

This Privacy Policy informs you about the categories of personal data processed, the purposes and legal bases of processing, cross-border transfer mechanisms, your rights as a data subject, and the security measures used to safeguard your information. For questions or concerns about your personal data, please contact us using the details provided herein.

Who We Are

The data controller responsible for processing your personal data as described in this Privacy Policy is:

Legal Entity: Innovation Distributed OÜ (operating as PurposeDriven.ai)
Registered Address: Ahtri 12, City Centre District, Tallin, Harju County, Estonia, 15551
Contact Email: josue@innovationdistributed.com

For all data privacy and protection inquiries, or to exercise your legal rights, you may contact us using the above information.

What Data We Collect

Innovation Distributed OÜ, operating as PurposeDriven.ai, collects and processes various categories of personal data in the course of delivering its artificial intelligence consulting services, AI-powered products, and related digital offerings (“Services”) to clients and users.

The categories of personal data collected may include the following, depending on the nature of your relationship with PurposeDriven.ai, the Services used, and your interactions with our platform:

a) Contact and Identification Data: This includes name, email address, organization name, professional title, business contact details, and any other information you provide during the course of registration, inquiry, or business communications.

b) Account and Authentication Data: Where our Services require user accounts or client portals, we collect account identifiers, usernames, passwords or authentication tokens, and related security credentials.

c) Business and Transaction Data: For clients and partners, we may collect business transaction information, records of Services provided, and payments or billing information. Payment details are processed via secure third-party payment providers and are not stored in full by PurposeDriven.ai.

d) Usage and Technical Data: When you interact with our websites, applications, or digital products, we automatically collect certain data about your device and usage. This may include Internet Protocol (IP) address, browser type and version, timezone setting, operating system and platform, device identifiers, referral sources, analytical data on usage patterns, logs of system access and feature usage, and similar technical data.

e) Communications and Support Data: If you contact us for support, advice, or general inquiry, or interact with us through forms, email, or other channels, we may collect and retain the information you submit, including correspondence, feedback, survey responses, or other written or recorded communications.

f) AI-Generated and User-Submitted Content: In the course of providing AI-driven solutions or collaboration products, we may process user-uploaded or submitted content, such as text, files, datasets, prompts, and other materials furnished to our AI systems or consultants for analysis, transformation, or advisory work. Such content may contain incidental personal data.

g) Cookies and Tracking Data: We use cookies and similar tracking technologies to collect information regarding your interactions with our website or digital Services. These may include session identifiers, preferences, analytical data, and activity logs, as more fully detailed in our Cookie Policy.

h) Third-Party and Integrations Data: We may receive personal data relating to you from third-party sources, such as business partners, authentication or identity providers, payment processors, and integrated third-party services, each in accordance with their published policies and your choices or authorizations.

We do not intentionally collect special categories of personal data as defined by Article 9 GDPR (including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, or biometric data) unless required for a particular Service, in which case we will obtain your explicit consent and comply with all legal obligations.

We do not collect information from children under the age of 18 (or a higher minimum age if required by local law). Our Services are intended exclusively for use by persons who are at least 18 years of age or by organizations acting through authorized adult representatives.

If you believe your personal data has been provided to us improperly or in contravention of this policy, please contact us so we may promptly assess and address the issue.

How We Collect Data

Innovation Distributed OÜ, operating as PurposeDriven.ai, collects personal data through several channels, reflecting the varied ways in which users and clients interact with our Services.

We collect data directly from you when you, or your authorized representatives, submit information to us. This may include filling out web forms, registering for Services, participating in consultations, providing documentation or data sets for AI initiatives, responding to requests for proposals, or communicating with us by email, telephone, or other means. Any information delivered in the course of business negotiations or contractual relationships is also collected in this direct manner.

We automatically collect certain information when you or your organization access our websites, customer portals, digital tools, or AI-driven products. This automated collection utilizes technologies such as cookies, analytics software, server logs, web beacons, and similar methods. These tools provide us with technical data—including device attributes, connection information, interactions with our site or Services, and aggregated usage metrics—essential for service operation, security, and optimization.

We may also collect or receive personal data through integrated third-party platforms, such as external authentication providers, payment processors, analytics services, and partners who support or supplement our offerings. These third-party sources may deliver user identifiers, authentication confirmations, billing information, or other data relevant to the provision and support of our Services, in accordance with their respective privacy commitments and your settings.

In addition, some personal data is produced through your actual use of our Services. This includes user prompts, files, or content submitted to our AI-powered platforms, as well as outputs generated, access records, audit trails, and other metadata derived from interactions with our digital products.

We take care to collect data only by lawful, transparent means and always in accordance with applicable privacy and data protection legislation. Where required, we provide notice or request consent for the use of automated tools, integrations, or the collection of information outside the scope of typical business relationships.

If you have questions about how data is collected or wish to manage your collection preferences, you are encouraged to contact us using the information provided in this Privacy Policy

How We Use Data

We process personal data only where there is a legitimate and clearly defined purpose, in accordance with all applicable data protection laws and regulations. The specific manner in which a particular category of data is processed depends on your relationship with us and the nature of your interactions with our Services.

We may use personal data for the following purposes:

a) Provision of Services and Contractual Performance:
We use your personal data to deliver, configure, and maintain access to our digital products, AI-powered platforms, consultancy, and support services. This includes registration and administration of accounts, authentication and identity verification, provision of collaborative or AI-based solutions, and necessary communications for service delivery and client relationship management.

b) Business Operations and Service Improvement:
We process personal data to manage our daily operations, ensure the functionality and security of our platforms, and develop, test, enhance, or otherwise improve our offerings. Analysis of usage data, client feedback, technical logs, and system interactions helps us continuously refine and expand our products and methodologies.

c) Communications and Client Support:
We use your information to respond to inquiries, fulfill support requests, facilitate consultations, deliver operational notifications, and correspond in connection with your or your organization’s engagement with us.

d) AI Product Functionality and Output Generation:
When you utilize our AI-powered products or services, we process submitted inputs (such as text, files, data sets, and prompts) and may generate new data or outputs as part of our Service. We use such data as necessary to provide requested outputs, results, or insights, and to ensure the reliability, quality, and ethical operation of our AI solutions.

e) Compliance with Laws, Regulations, and Contractual Obligations:
We process data as necessary to comply with legal or regulatory obligations—whether within the European Union, the United Kingdom, the United States, or other relevant jurisdictions—including the fulfillment of tax, anti-fraud, anti-money laundering, export control, and audit requirements, as well as responding to lawful requests or demands from public authorities.

f) Information Security and Fraud Prevention:
We use personal and technical data to monitor, detect, prevent, and respond to security incidents, unauthorized access, misuse of Services, or activities that threaten the integrity or reputation of our platforms and users.

g) Marketing, Events, and Informational Content:
Where permitted by law and in compliance with relevant consent requirements, we may use business contact information to send communications about our Services, industry updates, events, or surveys. You may opt out of such communications at any time, except for those strictly necessary to the operation or administration of your relationship with us.

h) Enforcement and Protection of Rights:
We may process data as necessary to protect and enforce our legal rights, including contractual and intellectual property rights, and to resolve disputes, address complaints, or respond to threatened or actual litigation.

We will not use personal data for any purpose incompatible with those specified in this Privacy Policy, unless required by law or with your explicit consent. Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of processing carried out before withdrawal.

If you require further details regarding any specific processing activity or wish to object to certain uses of your data, please contact us using the details provided in this Privacy Policy.

Legal Bases for Processing

We only process personal data where a valid legal basis exists, as required by applicable data protection laws, including the General Data Protection Regulation (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), and, where relevant, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and the Lei Geral de Proteção de Dados (LGPD).

Depending on the circumstances, we process your personal data under one or more of the following legal bases:

a) Contractual necessity:
Processing is necessary for the performance of a contract to which you or your organization is a party, or to take steps at your request prior to entering into such a contract. This includes creating and managing accounts, providing access to our Services, and delivering consultancy or products you have requested.

b) Legal and regulatory obligations:
Processing is necessary for compliance with a legal or regulatory obligation to which we are subject. This includes record keeping, compliance with tax, anti-fraud, anti-money laundering, and export control regulations, as well as obligations arising from requests or orders issued by courts, regulatory bodies, or public authorities.

c) Legitimate interests:
Processing is necessary for the purposes of our legitimate interests, or those of a third party, except where such interests are overridden by your fundamental rights and freedoms. Our legitimate interests may include: delivering and improving our Services; ensuring the security of our platforms; detecting, preventing, and investigating fraud or misuse; analysing and understanding usage patterns; communicating with clients and prospective clients; protecting and defending our legal rights and interests; and pursuing or defending against legal claims.

d) Consent:
Where a specific legal ground is required, and where we are not otherwise relying on contractual necessity, legal obligation, or legitimate interests, we will ask for your explicit consent before processing your personal data. This is typically the case in relation to certain types of marketing communications, special category data as defined by applicable law, or where otherwise mandated by data protection statutes. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

e) Vital interests:
On rare occasions, we may process personal data when it is necessary to protect your vital interests or those of another natural person, such as in emergency health or safety circumstances.

Where required by law, we will provide further information about the specific legal basis that applies to a given processing activity, and the consequences of withholding or withdrawing consent if applicable.

If you have questions about the legal bases for our processing of your personal data, or need information relating to a specific context, please contact us using the details provided in this Privacy Policy.

How We Share Data

We do not sell your personal data or disclose it for monetary consideration to any third party. We share personal data only as necessary to provide our Services, fulfill legal requirements, protect our rights and interests, or with your explicit consent, in strict accordance with this Privacy Policy and applicable law.

Personal data may be shared under the following circumstances:

a) Service Providers and Subprocessors:
We may disclose personal data to trusted third-party vendors, contractors, and service providers who support the operation of our business and delivery of our Services. These include providers of cloud hosting, infrastructure management, payment processing, analytics, authentication and identity solutions, communication systems, and security or AI technology platforms. Such third parties are appointed as processors or subprocessors and may access personal data strictly for the purpose of performing services on our behalf, subject to binding contractual obligations to safeguard data and process it solely as instructed by us, in compliance with applicable legal requirements.

b) Legal, Regulatory, and Compliance Disclosures:
We may share personal data with courts, governmental authorities, law enforcement agencies, or regulators if required to do so by law, regulation, official directive, legal process, or on the basis of enforceable request. Such disclosures will always be limited to what is legally necessary to meet the obligation or request.

c) Business Transfers and Corporate Transactions:
In the event of a merger, acquisition, reorganization, joint venture, transfer, sale, or other disposition of some or all of our business, assets, or ownership interests, your personal data may be transferred to or shared with the acquiring, successor, or partner entity. In such circumstances, we will ensure that your data remains subject to safeguards equivalent to those set out in this Privacy Policy and will notify you of any material change in data stewardship as required by law.

d) Professional Advisors:
We may share personal data with our professional advisers (including legal counsel, auditors, accountants, and consultants) where necessary for the provision of their services to us, subject to agreement on confidentiality and use limitations.
e) With Your Consent:
We may share personal data with third parties when you expressly consent to or authorize such sharing. In such cases, we will specify the purpose for which your data will be shared, and you will have the opportunity to withdraw your consent at any time.

f) Aggregated or Anonymized Data:
We may aggregate or anonymize personal data in such a manner that it can no longer be used to identify you. Such information may be used and shared for analytics, research, benchmarking, or business purposes and is not subject to the restrictions of this Privacy Policy.

We require all third parties with whom we share personal data to implement appropriate technical and organizational measures to protect that data and to process it in accordance with our instructions and applicable data protection legislation, including ensuring that any international transfers are lawfully conducted under adequate safeguards.

If you have questions about our data sharing practices, or would like more details regarding specific third-party relationships, please contact us using the details provided in this Privacy Policy.

International Data Transfers

We are headquartered and maintain our primary processing infrastructure in the European Union. We do not routinely transfer personal data to, or process it in, countries outside the European Economic Area (“EEA”), except as strictly necessary for collaboration and workflow among our own employees and team members, all of whom act under the direct authority and instructions of Innovation Distributed OÜ, as the EU-based controller.

Any access to personal data from outside the EEA is limited to such intra-group transfers between authorized employees or team members of Innovation Distributed. All individuals processing personal data outside the EEA are required to observe this Privacy Policy and are bound by contractual and professional duties of confidentiality, security, and compliance with European data protection laws.

We do not disclose, transfer, or allow access to personal data outside the EEA to any unaffiliated third parties, vendors, partners, or processors, except where expressly permitted by applicable law and subject to appropriate safeguards. Should our data transfer practices change in the future, we will update this Privacy Policy accordingly and implement all required legal mechanisms for international data transfers, such as Standard Contractual Clauses or adequacy decisions as appropriate.

If you have any questions about how your personal data may be accessed or processed by team members in different locations, or if you require further assurances regarding our mechanisms for protecting your data, you are encouraged to contact us using the details provided in this Privacy Policy.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, including to satisfy any legal, regulatory, contractual, or operational requirements. Specific data retention periods depend on the type of data, the context of its collection, and applicable legal or regulatory obligations.

In the context of our Services, personal data is retained for the duration of your or your organization’s engagement with us, and for a reasonable period thereafter as required to maintain business records, comply with legal obligations, resolve disputes, enforce our agreements, and protect our rights or interests.

Where retention is no longer required or justified, or when you exercise your right to deletion under applicable data protection laws, we will take steps to securely delete, anonymize, or irreversibly destroy the relevant personal data. In certain cases, we may be required to retain data for longer periods to comply with statutory requirements, financial or tax regulations, or to maintain records for legal proceedings or audits.

Data contained in system backups or disaster recovery files—which are retained for operational reliability and continuity—will be isolated from routine processing and deleted in accordance with our backup and archival destruction schedules, subject to applicable law.

We periodically review our data retention practices to ensure alignment with the principle of storage limitation and to prevent unnecessary retention of your personal information. If you require detailed information regarding specific retention periods applicable to your personal data, or if you wish to request the deletion or anonymization of your data, you may contact us using the information provided in this Privacy Policy.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and digital platforms to support essential functions, analyze usage, improve user experience, and deliver enhanced features as part of our services. Cookies are small data files that are placed on your device when you visit our website. In addition to cookies, we may use pixels, web beacons, local storage, and other mechanisms to collect or store information about your interaction with our services, fully in accordance with applicable legal requirements.

Cookies may be set directly by us as the provider of the website, or by approved third-party service providers operating on our behalf. The categories of cookies we utilize generally include those that are strictly necessary for the operation of the site, cookies that measure and analyze the performance and usage of our services, cookies that store your preferences and facilitate enabled features such as language selection, and, where expressly permitted, cookies that support marketing or targeting activities.

Under European and United Kingdom law, we obtain your explicit consent before placing any nonessential cookies or similar tracking technologies on your device. You may provide, modify, or withdraw your cookie consent at any time through our website’s consent management system, or by adjusting your internet browser’s privacy settings. Strictly necessary cookies, which are required for security and basic service delivery, are always deployed and do not require your consent.

You can find further details regarding the specific types of cookies and tracking technologies we use, including their purpose, storage duration, and guidance for managing your preferences, in our Cookie Policy, which is accessible through our website or available upon request.

If you have any questions or concerns regarding our use of cookies or your rights in relation to tracking technologies, please contact us using the details set out in this Privacy Policy.

Data Security

We are committed to protecting the confidentiality, integrity, and availability of all personal data entrusted to us. We implement and maintain a comprehensive set of technical and organizational security measures that are designed to prevent unauthorized access, disclosure, alteration, or destruction of personal data. Our security controls are tailored to the nature of the data we process, the risks presented by our operations, and the requirements set forth by applicable law.

Our data security measures include, but are not limited to, the use of advanced encryption technologies for data in transit and at rest, secure server infrastructure hosted within the European Union, robust network protections, and strict access controls that limit data availability to only those employees and team members who require access in order to perform their professional duties. All personnel handling personal data are subject to confidentiality obligations and receive periodic security and privacy training relevant to their role.

We regularly monitor our systems for vulnerabilities and conduct security assessments and testing to identify and address potential threats. Security policies and procedures are reviewed and updated in response to evolving risks, regulatory requirements, and advances in technology. We also require any third-party service providers who handle personal data on our behalf to uphold stringent security standards and to process data only as instructed by us.

While we employ industry best practices and take reasonable steps to safeguard your personal data, no method of electronic transmission or storage is completely secure by its nature. In the event of a security incident that affects your personal data, we will respond promptly and will notify affected individuals and the appropriate supervisory authorities as required by law.

If you have questions about the security practices we implement or wish to obtain further details about specific safeguards, you are encouraged to contact us using the information provided in this Privacy Policy.

Security Breach Notification

In the event that a security incident occurs which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data under our control, we will promptly assess the risk to your rights and freedoms. If it is determined that the breach is likely to result in a risk to individuals, we will notify the affected data subjects without undue delay and provide a clear description of the incident in accordance with our legal obligations.

Such notification will include, where feasible, the nature of the breach, the categories and approximate number of individuals and data records concerned, the potential consequences of the breach, and the measures that have been or will be taken to address the breach and mitigate possible adverse effects. Where direct notification to affected individuals is not feasible, or subject to specific regulatory guidance, we may provide information by public communication or other reasonable means as permitted by law.

We will also notify the appropriate supervisory authority, including the Estonian Data Protection Inspectorate or other relevant regulatory body, within the timeframes and in the manner prescribed by applicable law. Where the breach affects data subjects in the United Kingdom, the United States, or other jurisdictions with specific notification requirements, we will ensure parallel compliance with those regimes, including notifications to the UK Information Commissioner or United States authorities when required.

Our incident response and breach management procedures are regularly reviewed and tested to ensure a prompt and effective response. We are committed to transparency and full cooperation with authorities and our clients with regard to any data security incident.

If you believe that your personal data may have been compromised or if you have concerns relating to the security of your information in connection with our Services, we encourage you to contact us immediately using the details provided in this Privacy Policy.
Your Rights in the United States

If you are located in the United States, and particularly if you are a resident of California, you may have rights with respect to your personal information under federal and state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act.

You may request to know what categories and specific pieces of personal information we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting or disclosing that information, and the categories of third parties with whom we share that information. You may also request disclosure of any sale or sharing of personal information, though we do not sell your personal data as those terms are defined under applicable law.

You have the right to request the correction of inaccurate personal information that we hold about you, subject to verification of your identity.

You may request the deletion of personal information that we have collected and retained, subject to exceptions required or permitted by law, such as information needed to complete a transaction, to comply with legal obligations, to detect security incidents, or to protect against malicious or fraudulent activity.

You may also request to opt out of any sale or sharing of your personal information for cross-context behavioral advertising. We do not sell your personal information, but we honor opt-out requests to the extent legally required.

You have the right not to be discriminated against for exercising your privacy rights. We will not deny goods or services, charge different prices, or provide a different level or quality of service because you exercised your rights under California or other applicable law.

Where the law classifies certain data as sensitive, you may also request to limit the use and disclosure of such sensitive personal information.

To exercise these rights, you may contact us using the details provided in this Privacy Policy. We may require verification of your identity before fulfilling your request, and if you ask an authorized agent to make a request on your behalf, we may require proof of authorization and verification of both you and your agent.

If you need more information on our data practices for United States users, or you wish to exercise any of your privacy rights, please contact us.

Your Rights in the European Union

If you are located in the European Union, you are entitled to exercise certain rights in relation to your personal data under the General Data Protection Regulation. These rights apply regardless of your citizenship or place of residence, provided the data processing falls within the material and territorial scope of the law.

You have the right to request access to your personal data and to receive information about how and why it is processed. Upon request, we will provide you with a copy of the personal data that we hold about you, together with an explanation of the categories of data processed, the purposes of processing, the categories of recipients, and the envisaged period for which the data will be stored.

You have the right to request the rectification of personal data that is inaccurate or incomplete. We will promptly correct or update any such information upon receipt of a proper request.

You may request the erasure of your personal data in certain circumstances, commonly referred to as the right to be forgotten. This right applies where: the data is no longer necessary in relation to the purposes for which it was collected; you withdraw your consent and there is no other lawful ground for processing; you object to the processing and there are no overriding legitimate grounds; the personal data has been unlawfully processed; or erasure is required for compliance with a legal obligation.

You have the right to request the restriction of processing of your personal data in specific situations, including when you contest the accuracy of the data, when processing is unlawful but you oppose erasure, when the data is no longer needed except for legal claims, or when you have objected to processing pending verification.

You have the right to object to processing of your personal data where the basis for processing is our legitimate interests, including processing for direct marketing purposes. Upon your objection, we will cease processing your data except where we demonstrate compelling legitimate grounds that override your interests or where the processing is necessary for the establishment, exercise, or defense of legal claims.

Where technically feasible, you may request to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. This is known as the right to data portability.

Where the processing of your personal data is based solely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of your rights as a data subject under European Union law, please contact us using the information provided in this Privacy Policy. We may require reasonable verification of your identity and may request further information to properly process your request. You also have the right to lodge a complaint with a competent data protection authority if you believe your rights have been violated.

Your Rights in the United Kingdom

If you are located in the United Kingdom, you are entitled to exercise certain rights in relation to your personal data as provided under the United Kingdom General Data Protection Regulation and the Data Protection Act. These rights apply to all personal data processed by us where the United Kingdom data protection regime is applicable.

You have the right to request access to your personal data and to receive information about how it is processed. On request, we will provide you with a copy of the personal data that we hold relating to you, as well as information about the purposes of processing, the categories of data, the recipients or categories of recipients, and the period for which the data is stored.

You have the right to request the rectification of any inaccurate or incomplete personal data. We will promptly correct or update information in response to such a request.

You may request the erasure of your personal data in certain circumstances, such as when the data is no longer necessary in relation to the purposes for which it was collected, when you withdraw your consent where consent is the legal basis for processing, or when you object to processing and there are no overriding legitimate grounds for retention.

You have the right to request the restriction of processing of your personal data in specific situations, including when you contest the accuracy of the data, when the processing is unlawful but you oppose erasure, when we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or when you have objected to the processing pending verification.

You have the right to object to our processing of your personal data where the processing is based on our legitimate interests, including in relation to direct marketing. On receipt of your objection, we will cease processing unless we are able to demonstrate compelling legitimate grounds that override your interests or where processing is necessary for legal claims.

Where technically feasible, you may request to receive your personal data in a structured, commonly used, and machine-readable format and transmit that data to another controller. This is known as the right to data portability.

When we process personal data solely on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal.

To exercise any of your rights under United Kingdom data protection law, please contact us using the details listed in this Privacy Policy. We may require reasonable verification of your identity and may request additional information to fulfill your request. If you are dissatisfied with our response or believe your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office.

Exercising Your Rights

You may exercise any of the rights described in this Privacy Policy by contacting us using the details provided within this document. In order to protect your privacy and the security of your personal data, we may require you to submit a request in writing and to provide information that enables us to reasonably verify your identity. This verification process may involve asking you for relevant information so that we can confirm your identity and your relationship with us.

Once a request has been received, we will respond in accordance with the timeframes prescribed by applicable law. Our goal is to address all legitimate requests expeditiously and to provide a clear explanation of the actions we have taken or, if we cannot fulfill your request, the reasons for our inability to do so. If your request is particularly complex or you have made multiple requests, our response time may be extended. In such cases, we will provide interim communication and keep you informed of progress.

You are not required to pay a fee to exercise your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request. If we cannot act on your request, we will provide the reason for our decision. You may also have the right to lodge a complaint with the relevant supervisory authority as described in this Privacy Policy.

If you have questions about exercising your rights, or if you require assistance with the process, please contact us using the methods set out in this Privacy Policy. We are committed to respecting your rights and to maintaining transparent and respectful communication at all times.

Children’s Privacy

Our services are designed for use exclusively by individuals who are at least eighteen years of age or by organizations acting through their adult representatives. We do not knowingly collect, use, or process personal data from children under the age of thirteen or any higher age specified by law in your jurisdiction.

If we become aware that we have collected personal data from a child below the applicable age threshold, we will take immediate steps to delete that information from our records and to prevent any further processing. Parents or legal guardians who believe their child has provided personal data to us without consent are encouraged to contact us using the details provided in this Privacy Policy so we may address the situation appropriately.

We support the protection of children’s privacy and urge parents and guardians to monitor and participate in their children’s online activities and interactions. If you have questions about our policies or practices relating to children’s privacy, please contact us for further information.

Links to Other Websites

Our website and digital platforms may contain links to external websites, online services, or resources that are not owned or controlled by us. This Privacy Policy applies solely to the data practices and handling of personal data by our company and our own services.

We are not responsible for the privacy practices, security, content, or data handling policies of any third-party websites or services that may be accessed through links provided on our website. When you follow a link to a third-party site, any personal data you provide will be governed by the privacy policy and practices of that site, which may differ from ours.

We encourage you to review the privacy policies and terms of use of any external websites or services before submitting personal data or engaging with their content. You use such third-party websites and services at your own risk. If you have questions about the privacy or data handling practices of an external site, you should contact the operator of that site directly.

If you have concerns about a website linked from our platform, or if you believe that one of our links leads to a site with insufficient privacy protection, please contact us for further assistance.

Changes to This Privacy Policy

We may update or amend this Privacy Policy from time to time to reflect changes in our data handling practices, legal or regulatory requirements, or for other operational reasons. Any material changes to this Privacy Policy will be communicated by posting the revised policy on our website and, where legally required, by providing you with additional notice such as via email or a prominent notification on our platform.

The effective date of the latest version will always be indicated at the beginning of this policy document. We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, and protect your personal data.

Your continued use of our services following the publication of changes to this Privacy Policy constitutes your acceptance of those changes, except where prior consent is required by law. If you do not agree with any revised terms, you should discontinue your use of our services and contact us with any questions or to exercise your rights.

If you have any questions about modifications to this Privacy Policy, or if you wish to obtain further information about prior versions, please contact us using the details provided in this document.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, you are welcome to contact us at any time.

You may reach us by email at josue@innovationdistributed.com.

For data protection matters or to exercise your rights under applicable law, please clearly state the nature of your request and include sufficient information to enable us to respond to you appropriately.

We are committed to responding to your inquiries promptly and to addressing any concerns you may have regarding your privacy or our data practices.

Supervisory Authorities

If you have contacted us with a privacy-related question or concern and are not satisfied with our response, or if you believe that we have failed to comply with applicable data protection or privacy laws in the processing of your personal data, you have the right to lodge a complaint with a competent supervisory authority. This right applies regardless of whether you are a resident of the European Union, the United Kingdom, the United States, or any other jurisdiction with legally recognized mechanisms for the oversight of data protection and privacy laws. You are entitled to bring your complaint either to the supervisory authority in the member state or jurisdiction of your habitual residence, your place of work, or the location where the alleged infringement has occurred.

For individuals in the European Union, regulatory oversight for our data processing activities is principally provided by the Estonian Data Protection Inspectorate. The Estonian Data Protection Inspectorate is responsible for monitoring the application of data protection law in Estonia and may be contacted by mail at Väike-Ameerika 19, 10129 Tallinn, Estonia, by telephone at plus three seven two six two seven forty one thirty-five, or by email at info at aki dot ee. Further information on submitting a complaint, including instructions and relevant forms, may be found on their official website, which is www dot aki dot ee forward slash en. If you reside in another member state of the European Union, you may also choose to contact your local data protection authority, the contact details for which are available on the European Commission’s data protection page.

For individuals located in the United Kingdom, the relevant supervisory authority is the Information Commissioner’s Office, which is statutorily invested with the authority to investigate and enforce the United Kingdom General Data Protection Regulation and the Data Protection Act. Complaints may be submitted in writing to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom. You may also reach this authority by telephone at plus forty-four three hundred twelve thirty one one one three, or online through guidance provided at the Information Commissioner’s website, ico dot org dot uk. The Information Commissioner’s Office provides step-by-step information on how to submit a data protection complaint and on rights of appeal should you remain dissatisfied with the outcome.

If you are resident in California or another United States jurisdiction that includes specific privacy complaint mechanisms, you may contact the Office of the Attorney General of the State of California. In California, privacy complaints may be sent to the Office of the Attorney General at the California Department of Justice, Post Office Box 944255, Sacramento, California 94244-2550, United States. For telephone inquiries, the office may be reached toll-free within the United States at one eight hundred nine five two five two two five, and general information about consumer privacy rights and complaint procedures is made available through the California Attorney General’s website at oag dot ca dot gov forward slash privacy forward slash ccpa.

If you reside or are based in a jurisdiction other than those enumerated above, or if you have questions regarding the appropriate authority in your case, you may have the right to seek redress or lodge a complaint with the data protection authority or privacy regulator applicable to your country or the location in which the data-related rights may have been infringed. We encourage all users to collect and retain documentation concerning their communications with us, including responses to requests or correspondence, as such documentation may be required by supervisory authorities or courts as part of a formal investigation or enforcement procedure.

In all cases, we strongly encourage you to contact us first with any questions or concerns regarding your personal data, our privacy practices, or the operation of your rights under applicable law. We are committed to investigating and addressing all legitimate complaints and to cooperating in good faith with supervisory authorities if and when such an investigation is undertaken.

Effective Date and Version

This Privacy Policy is effective as of October 30th, 2025. The most current version of this Policy is published on our website and supersedes all previous versions.

End of Policy