Privacy Policy · Celiums

Welcome to celiums.ai, operated by Celiums Research Labs, a division of Celiums Solutions, LLC (“Company,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal data when you use celiums.ai and related services, APIs, and tools (the “Services”).

This policy is designed to comply with major global privacy frameworks, including the GDPR in the EU and UK, the CCPA/CPRA in California, and the LGPD in Brazil. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

01 · Introduction and Controller Identity

Who is responsible for your data.

For the purposes of applicable data protection legislation, the data controller responsible for your personal data is:

Company: Celiums Solutions, LLC
Jurisdiction: Florida, United States of America
Website: celiums.ai
DPO: hello@celiums.ai

If you do not agree with our policies and practices, your choice is not to use our Services.

02 · Data We Collect

Data minimization, by design.

We collect only the information necessary to provide and improve our Services. What we collect depends on how you interact with celiums.ai.

Information you provide directly

Category	Data points	Purpose
Communication	Your email address and the content of any message you send us (questions, feedback, research correspondence)	Responding to your inquiry and keeping a record of the correspondence.
Research-preview access	If an experimental tool requires it, the email or credential you use to request access	Authenticating access to a research preview and preventing abuse. celiums.ai does not sell anything and does not collect payment information — commercial services live at celiums.io.

Information collected automatically

Category	Data points	Purpose
Usage	API request counts, tool names used, timestamps, frequency	Performance monitoring, abuse prevention and research-preview rate limiting. No content processed by the tools is collected here.
Technical	IP, browser, OS, user agent, approximate country/region	Serving requests securely, DDoS defense, content delivery optimization, stability.

03 · How We Use Your Data and Legal Bases

The lawful bases we rely on.

Under the GDPR and similar frameworks, we must have a valid legal basis to process your personal data. We rely on the following lawful bases under Article 6 of the GDPR:

Performance of a contract (Art. 6(1)(b)): operating celiums.ai, delivering any research preview you request, and responding to your messages.
Legitimate interests (Art. 6(1)(f)): securing our infrastructure, preventing fraud or abuse, analyzing usage trends to improve the Services, managing our relationship with you.
Legal obligation (Art. 6(1)(c)): responding to lawful requests from public authorities.
Consent (Art. 6(1)(a)): e.g., if you opt-in to receive promotional emails. You can withdraw your consent at any time.
Vital interests (Art. 6(1)(d)): rarely applicable; necessary in extreme emergencies.
Public task (Art. 6(1)(e)): generally not applicable to our research operations.

Specific use cases & bases

Operating the site & research previews — Legitimate interests.
Security & fraud prevention — Legitimate interests (Cloudflare technical data for DDoS / unauthorized access).
Usage analytics & service improvement — Legitimate interests (request counts, tool usage).
Customer support — Performance of a contract + legitimate interests.

04 · Data We Do NOT Collect

Your prompts, your code, your files — never persisted.

Core architectural principle: your proprietary data remains yours. Payload data is processed in transit and in memory solely for the purpose of returning the requested output to you, after which the payload is instantly and irrevocably purged from our active processing environment.

never stored

User source code

Snippets, scripts, or complete repositories you input into our tools or APIs.

never stored

AI prompts & responses

The text you send to any AI-powered feature, and the generated replies.

never stored

File contents

Documents, spreadsheets or text files processed by the Service — ephemeral, discarded after the operation.

never stored

Personal documents

Sensitive personal documents, IDs, or private materials — we have zero visibility into their contents.

05 · Cookies and Tracking Technologies

Essential only. No third-party tracking.

Unlike many modern web services, celiums.ai employs a strict “essential only” approach to cookies and tracking technologies. We value your privacy over invasive analytics.

Essential cookies only

Authentication cookies — to keep you logged in securely during your session.
Security cookies — CSRF protection and request integrity.
Load balancing cookies — provided by Cloudflare to route traffic efficiently.

No third-party tracking

We expressly do not use third-party advertising cookies or trackers (Google Analytics, Meta Pixel, beacons), cross-site tracking mechanisms, or cookies designed to build a profile of your interests or browsing habits outside of celiums.ai.

Because we do not use non-essential cookies, we do not require a complex cookie consent banner. By using our Services, you consent to the placement of these strictly necessary cookies.

06 · Data Sharing and Subprocessors

We don't sell your data. Here is who we share it with.

We do not sell, rent, or trade your personal data. We share data only with trusted third-party service providers (subprocessors) bound by strict confidentiality and data protection agreements.

Subprocessor	Purpose	Data shared
Cloudflare	Hosting (Cloudflare Pages), CDN, DNS, DDoS protection, edge security, and privacy-friendly analytics	Technical data (IPs, user agents, request headers) processed at the edge.

Exceptional disclosures

Legal compliance — if required by law or in response to valid requests by public authorities.
Protection of rights — to enforce our Terms of Service, protect our operations, or defend rights, privacy, safety, or property.
Business transfers — in the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets.

07 · International Data Transfers

Data may move across borders. Safeguards travel with it.

Celiums Solutions, LLC is located in the United States (Florida). Our infrastructure providers (Cloudflare) operate globally. Your personal data may be transferred to, stored, and processed in the United States or other countries outside the EEA, the UK, or Brazil.

Safeguards we apply

Standard Contractual Clauses (SCCs) — including the UK Addendum — in our agreements with subprocessors like Cloudflare.
Supplementary measures — encryption in transit and at rest, plus strict access controls, where appropriate.
Cloudflare edge processing — much of the Technical Data is processed near your geographic location at the edge, minimizing long-distance transfer.

By using the Services, you acknowledge the transfer of your information to the United States and other regions as described in this policy.

08 · Data Retention

How long we keep each category.

We retain your personal data only for as long as necessary for the purposes set out in this policy, unless a longer retention period is required or permitted by law.

Category	Retention period	Notes
Account data	Lifetime of account	Permanently erased from active databases within 30 days after a deletion request.
Usage logs & analytics	Up to 90 days	After 90 days, aggregated and anonymized, or permanently deleted.
Payment & billing records	Per tax law (≈ 7 years US)	Retained to comply with applicable tax, accounting, and commercial laws.
Technical data (IP, edge logs)	7–30 days	Ephemeral; longer only for active incident investigation.

09 · Your Rights Under GDPR (EEA / UK Users)

What you can ask us to do.

If you are a resident of the European Economic Area, the United Kingdom, or Switzerland, you have specific rights regarding your personal data under the GDPR and UK GDPR.

Right to access (Art. 15) — request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — request that we correct inaccurate or incomplete data.
Right to erasure / be forgotten (Art. 17) — request deletion when no longer necessary or when you withdraw consent.
Right to restriction (Art. 18) — restrict processing under certain conditions.
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing.
Right not to be subject to automated decision-making (Art. 22) — we do not engage in such automated decisions.

To exercise any of these rights, contact our DPO at hello@celiums.ai. We will respond within one month, free of charge. You also have the right to lodge a complaint with your local Data Protection Authority.

10 · Your Rights Under CCPA & CPRA (California)

California-specific rights and our position.

Right to know & access — categories, sources, purposes, third parties, and specific pieces of personal information collected.
Right to delete — subject to legal exceptions (e.g., completing a transaction, detecting security incidents).
Right to correct — inaccurate personal information we maintain.
Right to opt-out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising. A “Do Not Sell or Share” link is therefore not required.
Right to limit use of sensitive personal information — we do not collect “Sensitive Personal Information” (precise geolocation, racial/ethnic origin, biometric data) beyond what is strictly necessary, so this right is not applicable to our operations.
Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.

Submit a verifiable consumer request to hello@celiums.ai. We may need specific information to verify your identity before processing your request.

11 · Your Rights Under LGPD (Brazil)

Rights broadly aligned with the GDPR.

Confirmation of the existence of processing.
Access to the data.
Correction of incomplete, inaccurate, or out-of-date data.
Anonymization, blocking, or deletion of unnecessary or excessive data.
Portability of the data to another service or product provider.
Deletion of personal data processed with the consent of the data subject.
Information about public and private entities with which the controller has shared data.
Information about the possibility of denying consent and the consequences of such denial.
Revocation of consent.

To exercise your rights under the LGPD, contact our DPO at hello@celiums.ai.

12 · Children's Privacy

Our Services are not directed at children.

Our Services are intended for a general audience of professionals and developers and are not directed at children. We strictly prohibit the use of our Services by anyone under the age of 16.

We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal data, contact us immediately at hello@celiums.ai. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take immediate steps to remove that information and terminate the account.

13 · Security Measures

Technical and organizational safeguards.

Encryption in transit — all data transmitted between your client and our servers (and between our servers and subprocessors) is encrypted via TLS/HTTPS.
Encryption at rest — sensitive data like authentication tokens is encrypted using strong algorithms such as AES-256.
Minimal data footprint — non-retention of user payload data, source code, and AI prompts. Ephemeral processing drastically reduces the attack surface.
Access controls — strict need-to-know basis, with Multi-Factor Authentication required for all internal access to critical systems.
Infrastructure security — Cloudflare edge security against DDoS, malicious bots, and network-level vulnerabilities.
Regular audits — continuous monitoring and periodic security reviews of infrastructure and codebase.

No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to mitigating risks to the maximum extent feasible.

14 · Data Breach Notification

If something goes wrong, you will hear from us.

GDPR compliance — if a breach affects users in the EEA or UK, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware. If the breach poses a high risk to you, we will also communicate it to you directly.
CCPA / CPRA compliance — if a breach affects California residents, we will comply with applicable state breach notification laws, providing notice in the most expedient time possible without unreasonable delay.
General notification — if a breach compromises your account security or sensitive personal data, we will notify you via the email address associated with your account, describing the incident, likely consequences, and remedial measures.

15 · Changes to This Policy

How updates are communicated.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or regulatory guidance. When we make changes, we will update the “Effective Date” and “Last Updated” date at the top of the policy.

If we make material changes to how we treat users' personal data, we will notify you by email (to the address specified in your account) or through a prominent notice on the celiums.ai website prior to the change becoming effective. We encourage you to periodically review this policy. Your continued use of the Services after revisions become effective shall indicate your agreement with the revised policy.

16 · Contact and DPO

Reach the Data Protection Officer.

Data Protection Officer

For questions, concerns, or complaints regarding this Privacy Policy or our data processing practices — or to exercise your privacy rights:

DPO: hello@celiums.ai

Company contact: hello@celiums.ai

Celiums Solutions, LLC · State of Florida, USA