We collect information necessary to operate and improve our Services:

• Account Data: Name, email address, phone number, credentials, and account preferences.
• Usage Data: Interactions with our services, feature usage, diagnostics, and performance metrics.
• Content Data: Prompts, messages, uploads, generated outputs, and conversation history.
• Device Data: IP address, browser type, operating system, device identifiers, region, and language settings.
• Payment Data: Billing information processed securely via third-party payment providers (we do not store full payment card details).
• Healthcare Data: For EdgeMED, EdgeRX, and Tempo users, we may collect Protected Health Information (PHI) as necessary to provide healthcare services, subject to HIPAA requirements.

For the TorinED family (TorinJr, TorinED, TorinSr), we collect minimal, age-appropriate data with verified parental or guardian consent as required by applicable laws.

We use your data to:

• Provide Services: Deliver, maintain, and personalize our AI platforms, healthcare solutions, and developer tools.
• Improve Performance: Analyze usage patterns to enhance functionality, fix bugs, and develop new features.
• Ensure Security: Detect, prevent, and respond to fraud, abuse, security threats, and policy violations.
• Communicate: Send service updates, security alerts, support messages, and (with consent) promotional content.
• Comply with Laws: Meet legal obligations, respond to lawful requests, and protect our rights.
• Train AI Models: With appropriate safeguards and anonymization, improve our AI systems (you can opt out of training data usage in settings).

We do not sell or rent your personal information to third parties.

We employ comprehensive security measures to protect your data:

• Encryption at Rest: All stored data is encrypted using AES-256 encryption.
• Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption.
• Secure Infrastructure: Our services run on Docker containers with Cloudflare-protected domains, DDoS protection, and Web Application Firewalls.
• Access Controls: Strict role-based access controls limit employee access to user data on a need-to-know basis.
• Regular Audits: We conduct regular security assessments, penetration testing, and compliance audits.
• Healthcare Security: For EdgeMED, EdgeRX, and Tempo, we implement additional HIPAA-compliant security controls including audit logging, access monitoring, and Business Associate Agreements.

While no system is completely secure, we strive to maintain industry-leading protections and continuously improve our security posture.

Dominion Labs operates globally and may transfer data between the United States, United Kingdom, European Union, and other countries where we or our partners operate.

We ensure lawful international transfers through:

• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for transfers outside the EEA.
• UK International Data Transfer Agreement: Compliance with UK GDPR requirements.
• Adequacy Decisions: Transfers to countries recognized as providing adequate data protection.
• Data Processing Agreements: Binding agreements with all third-party processors.

We retain information only as long as necessary for legitimate business or legal purposes:

• Account Data: Retained while your account is active, plus a reasonable period for backup and legal compliance.
• Usage Data: Generally retained for up to 2 years for analytics and service improvement.
• Content Data: Chat histories and generated content retained according to your account settings (you can delete at any time).
• Healthcare Data: Retained according to HIPAA requirements (minimum 6 years from date of creation or last effective date).
• Legal Holds: Data may be retained longer if required for legal proceedings or regulatory requirements.

You may request deletion of your data by contacting [email protected]. We will process deletion requests within 30 days, subject to legal retention requirements.

Our TorinED family of educational platforms is designed with age-appropriate privacy protections:

TorinJr (Pre-K through Middle School)

• Designed for children under 13 (US) or under 16 (UK/EU)
• Requires verifiable parental consent before any data collection
• Collects only minimal data necessary for educational functionality
• No behavioral advertising or third-party tracking
• Parents can review, delete, or restrict their child's data at any time

TorinED (Middle School through High School)

• Age-appropriate content filtering and safety features
• Parental controls and monitoring options available
• Enhanced privacy protections for minors

TorinSr (Advanced/Higher Education)

• Designed for adult learners and university students
• Standard privacy protections apply
• Integration with educational institutions subject to FERPA where applicable

We comply with COPPA (Children's Online Privacy Protection Act), GDPR-K, and other applicable child privacy regulations.

For our healthcare products (EdgeMED, EdgeRX, and Tempo), we maintain strict compliance with healthcare privacy regulations:

HIPAA Compliance

• Business Associate Agreements: We execute BAAs with all covered entities using our healthcare services.
• PHI Protection: Protected Health Information is encrypted, access-controlled, and audit-logged.
• Minimum Necessary: We only access, use, or disclose the minimum PHI necessary for the intended purpose.
• Breach Notification: We maintain incident response procedures and will notify affected parties within required timeframes.

Healthcare-Specific Data Handling

• EdgeMED (EHR/EMR): Patient records, clinical notes, and medical histories are stored with healthcare-grade encryption and access controls.
• EdgeRX (Prescription Marketplace): Prescription data is handled in compliance with DEA and state pharmacy board requirements.
• Tempo (Scheduling): Patient appointment data and staff schedules are protected with appropriate access controls.

Healthcare providers using our services remain the data controllers for patient information. Contact your healthcare provider for questions about how they use our services.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to certain processing activities, including direct marketing.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Withdraw previously given consent at any time.
• Complaint: Lodge a complaint with your local data protection authority.

To exercise your rights, contact us at [email protected]. We will respond within 30 days (or sooner as required by applicable law).

Our Services may integrate with or rely on third-party providers:

• Infrastructure: Cloudflare (security, CDN), cloud hosting providers
• Payment Processing: Square, Stripe (we do not store full payment card details)
• Authentication: Google OAuth, Apple Sign-In
• Analytics: Privacy-focused analytics tools
• Communication: SendGrid (email), Twilio (SMS verification)

Each third-party service has its own privacy policy governing their use of your information. We recommend reviewing their policies.

We maintain Data Processing Agreements with all third-party processors and ensure they meet our security and privacy standards.

Dominion Labs adheres to applicable privacy frameworks worldwide:

United States

• CCPA/CPRA: California Consumer Privacy Act rights for California residents
• COPPA: Children's Online Privacy Protection Act compliance
• HIPAA: Health Insurance Portability and Accountability Act for healthcare products
• State Privacy Laws: Compliance with Virginia, Colorado, Connecticut, and other state privacy laws

European Union / United Kingdom

• GDPR: General Data Protection Regulation (EU)
• UK GDPR: UK General Data Protection Regulation
• Data Protection Act 2018: UK supplementary data protection legislation

Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including Canada's PIPEDA, Australia's Privacy Act, and Brazil's LGPD.

We use cookies and similar technologies to enhance your experience:

Types of Cookies We Use

• Essential Cookies: Required for basic functionality (authentication, security, load balancing). Cannot be disabled.
• Functional Cookies: Remember your preferences (language, theme, settings).
• Analytics Cookies: Help us understand how you use our Services to improve them. We use privacy-focused analytics that do not track you across websites.
• Security Cookies: Detect authentication issues and protect against fraud (e.g., Cloudflare security tokens).

Third-Party Cookies

• Cloudflare: Security and performance cookies (__cf_bm, cf_clearance)
• Authentication Providers: Session cookies from Google/Apple Sign-In when used

Managing Cookies

• Browser Settings: Most browsers allow you to block or delete cookies via settings.
• Opt-Out: You can opt out of non-essential cookies by adjusting your browser settings or contacting us.
• Do Not Track: We honor Do Not Track (DNT) browser signals where technically feasible.

Note: Blocking essential cookies may prevent you from using certain features of our Services.