Privacy Policy

1. Introduction and Our Commitment to Privacy

Welcome to MyDisct Solver ("we," "our," "us," or the "Company"). As a leading provider of AI-powered visual recognition and captcha resolution services, we recognize that privacy is not merely a legal obligation but a fundamental human right that forms the cornerstone of trust between us and our users. This Privacy Policy constitutes a binding legal document that explains in comprehensive detail how we collect, process, store, share, and protect your personal information when you access or use our platform, API services, website, mobile applications, or any other services we provide (collectively referred to as the "Services"). We have designed this policy to be transparent, accessible, and comprehensive, ensuring that you have complete visibility into our data practices and can make informed decisions about your relationship with our platform.

MyDisct Solver operates at the intersection of cutting-edge artificial intelligence technology and ethical data practices. Our services are specifically engineered to support legitimate business applications, academic research, accessibility improvements, and AI development initiatives, all while maintaining the strictest standards of data protection and user privacy. We understand that the data you entrust to us is sensitive and valuable, and we treat it with the utmost care and respect. Our commitment extends beyond mere compliance with legal requirements; we actively embrace privacy-by-design principles, meaning that data protection considerations are integrated into every aspect of our service architecture, from initial system design through ongoing operations and future enhancements. This approach ensures that your privacy is protected not as an afterthought, but as a fundamental feature of our platform.

This Privacy Policy applies to all individuals who interact with MyDisct Solver in any capacity, including registered users who maintain active accounts, visitors who browse our website without registration, API consumers who integrate our services into their applications, enterprise clients with custom agreements, and any other parties who engage with our platform or communicate with us. By accessing our website, creating an account, using our API, submitting support requests, or otherwise engaging with our Services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy in its entirety. If you do not agree with any aspect of this policy, we respectfully request that you discontinue use of our Services immediately. For users under the age of 18, we require verifiable parental or legal guardian consent before collecting or processing any personal information, in strict compliance with child protection regulations such as COPPA (Children's Online Privacy Protection Act) and similar international frameworks.

We recognize that privacy laws and regulations vary significantly across different jurisdictions, and we are committed to complying with all applicable data protection legislation wherever we operate or wherever our users are located. This includes but is not limited to the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and its successor the California Privacy Rights Act (CPRA), the UK Data Protection Act, Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and numerous other national, regional, and sector-specific privacy laws. Where different regulations impose varying requirements, we generally apply the highest standard of protection to ensure consistent, robust privacy safeguards for all our users regardless of their location. Our dedicated Data Protection Officer (DPO) oversees compliance with these regulations, conducts regular privacy impact assessments, and serves as your primary point of contact for all privacy-related inquiries and concerns.

2. Information We Collect

To provide our Services effectively and maintain the high quality of our platform, we collect various categories of information from and about our users. We are committed to the principle of data minimization, which means we only collect information that is necessary for specified, explicit, and legitimate purposes. Below, we provide a detailed breakdown of the types of information we collect, the methods through which we collect it, and the specific purposes for which each category of data is used.

2.1 Account and Registration Information

When you create an account with MyDisct Solver, we collect certain information that is essential for establishing and maintaining your account, authenticating your identity, and enabling you to access our Services. This includes your full name (which helps us personalize your experience and address you appropriately in communications), email address (which serves as your primary account identifier and our main channel for important notifications, security alerts, and service updates), chosen username (which you use to log in to your account), and a securely hashed version of your password (we never store passwords in plain text; instead, we use industry-standard cryptographic hashing algorithms such as bcrypt or Argon2 to ensure that even our own systems cannot access your actual password). Additionally, if you choose to enable two-factor authentication (which we strongly encourage for enhanced security), we collect and store the associated authentication factors, such as phone numbers for SMS-based verification or secret keys for authenticator apps.

During the registration process, we may also collect optional profile information that helps us customize your experience and provide better support. This can include your company name or organization affiliation (particularly relevant for business users), job title or role (which helps us understand how you use our Services and tailor our communications accordingly), industry sector (which enables us to provide relevant use cases and best practices), preferred language for interface and communications, timezone for scheduling and timestamp displays, and any other information you voluntarily choose to provide in your profile. All optional information is clearly marked as such during the registration process, and you maintain complete control over what you share. Furthermore, for users who register through our enterprise or academic programs, we may collect additional verification information such as institutional email addresses, business registration numbers, or academic credentials to confirm eligibility for special pricing or features.

2.2 Payment and Billing Information

To process payments for our Services and maintain accurate billing records, we collect financial and transaction information. This includes payment method details such as credit card numbers (which are immediately tokenized and transmitted directly to our PCI DSS compliant payment processors; we never store complete card numbers on our servers), billing addresses (required for payment verification and tax calculation), bank account information for wire transfers (processed through secure banking channels), and cryptocurrency wallet addresses for users who choose to pay via digital currencies. We also maintain comprehensive transaction histories that include dates, amounts, payment methods used, invoice numbers, and the specific services or credits purchased, all of which are necessary for accounting, tax compliance, customer support, and dispute resolution.

Our payment processing infrastructure is designed with security as the paramount concern. We partner with leading payment service providers such as Stripe, PayPal, and specialized cryptocurrency payment gateways, all of which maintain the highest levels of security certification including PCI DSS Level 1 compliance (the most stringent security standard in the payment card industry). These providers handle all sensitive payment data processing, and we receive only non-sensitive transaction identifiers and confirmation of successful payments. For enterprise clients with custom billing arrangements, we may also collect purchase order numbers, accounts payable contact information, and tax exemption certificates where applicable. All financial data is encrypted both in transit (using TLS 1.3 or higher) and at rest (using AES-256 encryption), and access is strictly limited to authorized personnel who require it for their job functions, with all access logged and audited regularly.

2.3 API Usage and Service Data

When you use our API services or interact with our platform, we automatically collect detailed usage data that helps us provide, maintain, improve, and secure our Services. This includes comprehensive API request logs that capture the timestamp of each request, the specific endpoint accessed, request parameters (excluding sensitive data which is filtered out), response codes and status, processing time and latency metrics, and any errors encountered. We also track your API key usage patterns, including the volume of requests made, peak usage times, geographic distribution of requests (based on server locations, not precise geolocation), and success versus failure rates. This information is essential for several critical purposes: ensuring service reliability and performance, detecting and preventing abuse or fraudulent activity, optimizing our infrastructure and algorithms, providing you with accurate usage analytics in your dashboard, and supporting our technical teams when you request assistance.

The captcha images, challenges, or other content that you submit to our API for processing are handled with particular care. We process this data solely for the purpose of providing our visual recognition services, and we implement strict data retention policies to minimize storage duration. Standard practice involves processing your requests in real-time and immediately discarding the content after returning results, with temporary caching (typically under 5 minutes) only for performance optimization purposes. In cases where you have opted in to help improve our AI models, we may retain anonymized, de-identified samples for training purposes, but this always requires your explicit consent and you can withdraw permission at any time. We never use your submitted content for any purpose beyond service provision and authorized improvements, and we never share this content with third parties except as explicitly required to deliver the service (for example, when our AI processing occurs on specialized hardware provided by trusted cloud infrastructure partners who are bound by strict confidentiality agreements).

2.4 Technical and Device Information

To ensure optimal service delivery, maintain security, and troubleshoot technical issues, we automatically collect certain technical information about the devices and networks you use to access our Services. This includes your IP address (which helps us detect suspicious activity, prevent fraud, comply with geographic restrictions, and provide localized experiences), browser type and version (which enables us to optimize our web interface for your specific browser), operating system (which helps us ensure compatibility and identify potential issues), device identifiers (such as mobile device IDs or hardware fingerprints, used for security and fraud prevention), screen resolution and display capabilities (which help us optimize visual presentations), referring URLs (which show us how you found our service), and geographic location data derived from your IP address at the country and city level (we do not collect precise GPS coordinates unless you explicitly grant permission for location-based features).

We also collect diagnostic and performance data that helps us maintain service quality and identify issues proactively. This includes page load times, API response latencies, error messages and stack traces (sanitized to remove personal information), crash reports (with personal data stripped out), network connection quality metrics, and feature usage statistics that show which parts of our platform you use most frequently. All of this technical data is collected through industry-standard methods such as log files, cookies, web beacons, and similar tracking technologies (discussed in detail in Section 8). We use this information exclusively for operational purposes such as maintaining security, optimizing performance, debugging issues, understanding user behavior patterns to improve our service design, and generating anonymized aggregate statistics for business planning and reporting.

2.5 Communication and Support Information

When you communicate with us through any channel, we collect and retain records of those interactions to provide effective support, improve our services, and maintain a history of our relationship with you. This includes all emails exchanged between you and our support team, live chat transcripts if you use our real-time support chat, support ticket contents including your descriptions of issues and our responses, phone call recordings (with your consent and clear notification, used solely for quality assurance and training purposes), survey responses and feedback you provide through our feedback forms, feature requests and suggestions you submit, bug reports you file, and any other correspondence or interactions. We also collect metadata about these communications such as timestamps, subject lines, ticket priority levels, resolution status, and customer satisfaction ratings.

The information you share in support interactions often includes technical details about your use case, integration challenges, error messages, and sometimes screenshots or log files that help us diagnose and resolve issues. We treat all such information as confidential and use it exclusively for the stated purposes of providing support and improving our services. Our support team members are trained in privacy best practices and are bound by strict confidentiality obligations. All support communications are retained for reasonable periods (typically 2 to 3 years) to maintain continuity of support, track recurring issues, verify the resolution of problems, and protect both you and us in case of disputes. You can request copies of your support history or ask for deletion of specific communications at any time by contacting our Data Protection Officer.

2.6 Cookies and Similar Technologies

We use cookies, web beacons, local storage, and similar tracking technologies to enhance your experience, maintain security, and gather analytical insights. Cookies are small text files stored on your device that help us remember your preferences, keep you logged in between sessions, protect against fraudulent activity, and understand how you use our Services. We categorize our cookies into several types: strictly necessary cookies that are essential for core functionality (such as authentication cookies that keep you logged in, security cookies that prevent cross-site request forgery attacks, and load balancing cookies that ensure you're served by the appropriate server), functional cookies that enable enhanced features (such as language preference cookies and interface customization settings), analytics cookies that help us understand usage patterns (such as which features are most popular, how users navigate through our platform, and where users encounter difficulties), and with your explicit consent, marketing cookies that enable personalized content delivery.

You have complete control over cookie usage through your browser settings, and we provide granular cookie preferences in your account dashboard. You can choose to accept all cookies, reject all non-essential cookies, or customize your preferences on a category-by-category basis. Please note that blocking strictly necessary cookies may impair core functionality and prevent you from using certain features. We also respect Do Not Track (DNT) signals and similar browser-based privacy controls to the extent technically feasible. Our use of cookies and similar technologies is fully compliant with the EU's ePrivacy Directive (Cookie Law), GDPR requirements for consent and transparency, CCPA requirements for opt-out mechanisms, and other applicable regulations. For detailed information about specific cookies we use, their purposes, duration, and data they collect, please refer to our Cookie Policy available at the bottom of every page on our website.

2.7 Third-Party Information and Social Media

If you choose to create an account or sign in using third-party authentication services such as Google, GitHub, or other social login providers, we receive certain information from those services according to your privacy settings on their platforms. This typically includes your name, email address, profile picture, and a unique identifier from that service, which we use to create or link your MyDisct Solver account. We do not receive your password for these third-party services, and we only access information that you have authorized these platforms to share with third-party applications. You can manage these permissions directly through the respective third-party service's privacy settings, and you can disconnect third-party authentication at any time through your MyDisct Solver account settings.

Additionally, we may receive information about you from other sources in specific circumstances. This includes fraud prevention services that help us verify user identities and detect suspicious activity, payment processors that confirm successful transactions and provide necessary billing information, business partners in cases where we offer joint services or integrations (always with your knowledge and consent), public databases and data enrichment services used solely for business verification purposes (for enterprise accounts), and referrals from other users who recommend our service (though we only contact you based on such referrals if you have provided your own consent or if permitted by applicable law). We treat all information received from third parties with the same level of protection and care as information you provide directly to us, and we only use it for purposes consistent with this Privacy Policy and any additional consents you have provided.

3. How We Use Your Information

We use the information we collect for specific, legitimate purposes that are necessary to provide our Services, improve your experience, maintain security, and fulfill our legal obligations. Below, we detail each major purpose for which we process your personal information, along with the legal bases that justify this processing under applicable privacy regulations such as GDPR.

3.1 Service Provision and Account Management

The primary purpose for which we collect and process your information is to provide you with access to our AI-powered visual recognition and captcha resolution services. This includes creating and maintaining your account (which requires processing your registration information to establish your identity and authentication credentials), authenticating your identity when you log in (to ensure only you can access your account and prevent unauthorized use), processing your API requests in real-time (which involves receiving your captcha challenges, applying our AI algorithms, and returning solutions), managing your API keys and access credentials (including generation, rotation, and revocation as needed for security), providing you with a personalized dashboard where you can monitor usage, configure settings, and access features, and delivering customer support when you need assistance with technical issues, billing questions, or general inquiries.

We also use your information to communicate with you about your account and our Services. This includes sending transactional emails that are necessary for the service (such as account verification emails, password reset confirmations, payment receipts, API key notifications, and security alerts about unusual account activity), providing service status updates and maintenance notifications (to inform you of planned downtime, system upgrades, or service disruptions), responding to your support requests and inquiries (which requires accessing your account details, usage history, and previous communications to provide context-appropriate assistance), and sending important policy updates when we make changes to our Terms of Service, this Privacy Policy, or other governing documents. These communications are essential to our relationship with you and cannot be opted out of while you maintain an active account, though you have full control over optional marketing communications as described in Section 3.5.

3.2 Payment Processing and Billing

We process your payment and financial information to handle transactions, maintain accurate billing records, and provide you with the financial services necessary to use our platform. This includes securely processing your payments through our trusted payment partners (who receive only the information necessary to complete transactions), maintaining your transaction history for your records and ours (which helps with accounting, tax compliance, and dispute resolution), generating invoices and receipts (which serve as official records of your purchases and are often required for your own accounting and tax purposes), managing your account balance and credits (including tracking usage-based deductions, applying promotional credits, and processing refunds when appropriate), detecting and preventing fraudulent transactions (through automated systems that monitor for suspicious patterns while respecting your privacy), and calculating and remitting applicable taxes (which varies by jurisdiction and requires maintaining records of your billing location and transaction details).

All payment processing is conducted in strict compliance with international standards including PCI DSS requirements, anti-money laundering (AML) regulations, and counter-terrorism financing (CTF) laws. We retain payment records for the minimum duration required by law, which is typically 7 to 10 years depending on jurisdiction, and we ensure these records are stored with appropriate security measures including encryption, access controls, and regular audits. The legal basis for this processing under GDPR is primarily "contract necessity" (processing is necessary to fulfill our contract with you to provide Services) and "legal obligation" (processing is required to comply with tax, accounting, and financial regulations).

3.3 Service Improvement and Development

We are committed to continuously improving our Services, and we use the information we collect to identify opportunities for enhancement, develop new features, and optimize existing functionality. This includes analyzing usage patterns and metrics to understand how users interact with our platform (such as which features are most valuable, where users encounter friction, and what workflows are most common), conducting A/B testing and experiments to evaluate potential improvements before rolling them out widely (always with appropriate controls to maintain service quality), training and refining our artificial intelligence models to improve accuracy and performance (using anonymized data sets that cannot be traced back to individual users unless you have explicitly opted in to contribute identified data for this purpose), identifying and fixing bugs or technical issues (which may require examining error logs, crash reports, and user feedback), and researching new applications and capabilities that could benefit our user community.

We take a privacy-conscious approach to service improvement by emphasizing aggregated, anonymized analytics whenever possible. For example, rather than tracking every action of individual users, we typically analyze trends across our entire user base or specific cohorts (such as users in a particular industry or usage tier) without identifying specific individuals. When we do need to examine individual user data for debugging or optimization purposes, we limit access to the minimum necessary personnel, log all access for audit purposes, and delete or anonymize the data as soon as the specific purpose is fulfilled. Under GDPR, the legal basis for this processing is typically "legitimate interests" (our legitimate business interest in improving our Services, balanced against your privacy rights), though we always provide opt-out mechanisms for non-essential processing and obtain explicit consent where required by law or where particularly sensitive processing is involved.

3.4 Security, Fraud Prevention, and Legal Compliance

Protecting the security and integrity of our Services, preventing fraud and abuse, and complying with legal obligations are critical responsibilities that require us to process certain information. This includes monitoring for suspicious activity or unauthorized access attempts (such as unusual login patterns, impossible travel scenarios where account access occurs from geographically distant locations within implausibly short time periods, or API usage patterns that suggest abuse or bot activity), implementing and enforcing our Terms of Service and acceptable use policies (which may require investigating reported violations, reviewing user activities, and taking appropriate action against accounts that violate our rules), detecting and preventing fraudulent transactions or payment disputes (through automated fraud scoring systems and manual review processes when necessary), protecting against cyber attacks, data breaches, and other security threats (which involves real-time monitoring, threat intelligence analysis, and incident response procedures), and complying with legal obligations such as responding to valid subpoenas, court orders, or regulatory requests, cooperating with law enforcement in accordance with applicable law, and fulfilling tax, accounting, and reporting requirements.

Our security measures are comprehensive and multi-layered, combining automated systems (such as intrusion detection, anomaly detection algorithms, and rate limiting) with human expertise (our security team monitors alerts, investigates incidents, and implements protective measures). We conduct regular security audits, penetration testing, and vulnerability assessments to identify and address potential weaknesses proactively. When we detect security incidents or potential legal issues, we follow established procedures that balance the need for prompt action with respect for user privacy and due process. We only share information with law enforcement or legal authorities when legally required, when necessary to protect our rights or property, or when essential to prevent serious harm, and we seek to notify affected users whenever legally permissible. The legal bases for security and fraud prevention processing under GDPR are "legitimate interests" (protecting our business and users from harm) and sometimes "legal obligation" (when required by law), while legal compliance processing is always based on "legal obligation."

3.5 Marketing and Communications (With Your Consent)

With your express permission, we may use your information to send you marketing communications about our Services, such as newsletters highlighting new features or capabilities, promotional offers and discounts (including special pricing for high-volume users or loyalty incentives for long-term customers), educational content such as tutorials, webinars, case studies, and best practices guides that help you get more value from our Services, announcements about service expansions, new product launches, or significant platform improvements, and invitations to participate in surveys, user research, beta testing programs, or community events. These communications are entirely optional, and you maintain complete control over whether you receive them.

We provide clear and easy mechanisms to manage your communication preferences. You can opt in or opt out of marketing communications at any time through your account settings, where you can specify exactly which types of communications you want to receive and through which channels (email, SMS, push notifications, etc.). Every marketing email we send includes a prominent unsubscribe link that immediately removes you from that communication type with a single click, and we process all unsubscribe requests within 48 hours or as required by law (typically 10 business days under CAN-SPAM and similar regulations). Even if you opt out of marketing communications, you will still receive essential transactional and service-related communications as described in Section 3.1, as these are necessary for us to provide the Services you've requested. Under GDPR and similar regulations, the legal basis for marketing communications is always "consent," which means it must be freely given, specific, informed, and easily withdrawable.

4. Information Sharing and Disclosure

We recognize that your trust in how we handle your personal information extends to how we share it with others. As a fundamental principle, we do not sell, rent, or trade your personal information to third parties for their marketing purposes or any other purpose outside the scope of providing our Services to you. However, there are specific, limited circumstances in which we may share your information with carefully selected third parties, and we detail these situations below with complete transparency.

4.1 Service Providers and Business Partners

To deliver our Services effectively and efficiently, we engage trusted third-party service providers who perform functions on our behalf. These include cloud infrastructure providers (such as Amazon Web Services, Google Cloud Platform, or Microsoft Azure) who host our servers and provide computing resources, payment processors (such as Stripe, PayPal, or cryptocurrency payment gateways) who handle financial transactions securely, email service providers (such as SendGrid or Amazon SES) who deliver our transactional and marketing emails with high deliverability, analytics platforms (such as Google Analytics or custom analytics solutions) that help us understand usage patterns and improve our Services, customer support tools (such as Zendesk or Intercom) that enable us to provide efficient assistance, security and fraud prevention services (such as Cloudflare for DDoS protection or specialized fraud detection platforms) that protect our infrastructure and users, and content delivery networks (CDNs) that ensure fast, reliable access to our platform regardless of your geographic location.

We carefully vet all service providers before engaging them, ensuring they maintain appropriate security measures, comply with applicable privacy laws, and commit contractually to use your information only for the specific purposes we authorize. All such providers are bound by data processing agreements (DPAs) that meet the requirements of GDPR Article 28 and equivalent provisions in other privacy laws, which specify their obligations including processing only according to our instructions, implementing appropriate security measures, assisting us with fulfilling user rights requests, notifying us of any security breaches, and deleting or returning data upon termination of services. We conduct regular reviews of our service providers' security and privacy practices, and we maintain the right to audit their compliance with contractual obligations. We only share the minimum information necessary for each provider to fulfill their specific function, and we prohibit them from using your data for their own purposes or disclosing it to others without our authorization.

4.2 Business Transfers and Corporate Transactions

In the event of significant corporate transactions or business changes, your information may be among the assets transferred or affected. Such situations include mergers or acquisitions where MyDisct Solver combines with or is purchased by another entity, sales of substantial business assets or divisions, corporate reorganizations or restructuring, bankruptcy or insolvency proceedings, or any other transaction or proceeding involving the transfer of substantially all of our assets or business operations. In these circumstances, we will require the receiving party to continue honoring this Privacy Policy or provide you with notice and an opportunity to opt out if different privacy practices will apply. We will also take reasonable steps to ensure the receiving party maintains appropriate security measures and complies with applicable privacy laws. If such a transaction is completed, you will be notified via email and through a prominent notice on our website, giving you the opportunity to review the new entity's privacy practices and make informed decisions about your continued use of the Services.

4.3 Legal Requirements and Protection of Rights

We may disclose your information when we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights and property, or safeguard the safety of our users or the public. This includes responding to valid legal process such as subpoenas, court orders, search warrants, or similar legal demands (though we will challenge requests that we believe are overly broad, vague, or procedurally deficient), complying with applicable laws, regulations, or governmental requests (such as tax reporting requirements, regulatory investigations, or national security demands where legally compelled), enforcing our Terms of Service and other agreements (including investigating potential violations and taking appropriate action), detecting, preventing, or addressing fraud, security, or technical issues (which may require sharing information with security researchers, industry groups, or law enforcement), protecting against harm to the rights, property, or safety of MyDisct Solver, our users, or the public (such as emergency situations where immediate disclosure is necessary to prevent serious physical harm), and participating in legal proceedings where we are a party or where disclosure is otherwise required by law.

We take a principled approach to government requests and legal process. Whenever possible and legally permissible, we notify affected users before disclosing their information, giving them an opportunity to challenge the request or seek protective orders. We publish transparency reports (available on our website) detailing the number and types of government requests we receive, how we responded, and the legal bases for our responses, though specific details may be redacted if required by law or gag orders. We limit disclosures to the minimum information necessary to satisfy the legitimate legal requirement, and we challenge requests we believe are unlawful, overbroad, or violate user privacy rights. We do not participate in any mass surveillance programs and we require proper legal process before disclosing user information to law enforcement or government agencies.

4.4 With Your Consent or at Your Direction

Beyond the specific situations described above, we may share your information with third parties when you explicitly authorize us to do so. This includes situations where you integrate third-party applications or services with your MyDisct Solver account (such as connecting our API to your own applications, using single sign-on services, or enabling integrations with other platforms), where you specifically request that we share information with a particular party (such as providing references to potential clients or partners), where you participate in co-branded offerings or joint services with our business partners (always with clear disclosure and separate consent), or where you publicly post information (such as in community forums or public feedback channels, which you should assume may be visible to others). In all cases, we provide clear notice of what information will be shared, with whom, and for what purposes, and we obtain your explicit consent before proceeding. You can review and revoke these authorizations at any time through your account settings or by contacting our support team.

4.5 Aggregated and Anonymized Information

We may share aggregated statistical information and anonymized data that cannot reasonably be used to identify you individually. This includes industry reports or whitepapers containing aggregated usage statistics (such as average resolution times across all users, popular captcha types, or geographic distribution of our user base), benchmark data that helps users understand how their usage compares to similar organizations or use cases, academic research collaborations where we contribute anonymized datasets to advance AI and computer vision research, public communications about our service performance and capabilities, and presentations or marketing materials that showcase the value and scope of our platform. This anonymized information is valuable for industry knowledge sharing, research advancement, and demonstrating the effectiveness of our Services, while presenting no risk to your personal privacy because it cannot be traced back to you or your account.

5. Data Security Measures

We implement comprehensive, multi-layered security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security program is built on industry best practices and internationally recognized standards, and it encompasses technical, administrative, and physical safeguards that work together to create a robust defense-in-depth architecture.

5.1 Technical Security Controls

Our technical security infrastructure includes encryption of all data transmissions using Transport Layer Security (TLS) version 1.3 or higher, ensuring that information traveling between your devices and our servers cannot be intercepted or read by unauthorized parties. All sensitive data stored in our databases is encrypted at rest using Advanced Encryption Standard (AES) with 256-bit keys, which is the same military-grade encryption used by governments and financial institutions worldwide. We employ secure key management practices with keys stored in hardware security modules (HSMs) or secure key management services that are physically and logically separated from the data they protect, with automatic key rotation schedules and strict access controls. Our databases and storage systems are configured with encryption enabled by default, and we regularly audit our encryption implementations to ensure they remain effective against evolving threats.

Access to your data is protected through multiple layers of authentication and authorization. We require strong passwords that meet complexity requirements (minimum length, character diversity, prohibition of common passwords), and we strongly encourage all users to enable two-factor authentication (2FA), which adds a second verification step beyond your password and dramatically reduces the risk of unauthorized access even if your password is compromised. For our internal team members, we implement role-based access control (RBAC) that ensures employees can only access the minimum data necessary for their specific job functions, along with mandatory multi-factor authentication for all administrative access, time-limited access tokens that expire automatically, just-in-time access provisioning for sensitive operations, and comprehensive logging of all data access for audit and accountability purposes. We maintain strict policies against unauthorized data access, and violations result in immediate disciplinary action up to and including termination.

5.2 Infrastructure and Network Security

Our infrastructure is hosted with leading cloud providers who maintain certifications including SOC 2 Type II, ISO 27001, PCI DSS, and various government security standards. These facilities provide physical security measures such as 24/7 surveillance, biometric access controls, redundant power and cooling systems, and disaster recovery capabilities. At the network level, we employ advanced firewalls that inspect all traffic entering and leaving our systems, intrusion detection and prevention systems (IDPS) that identify and block malicious activity in real-time, distributed denial-of-service (DDoS) protection that can absorb and mitigate large-scale attacks without service disruption, network segmentation that isolates different components of our infrastructure to limit the impact of any potential breach, and virtual private networks (VPNs) for secure administrative access. We conduct continuous vulnerability scanning using automated tools that test our systems for known security weaknesses, and we engage independent security researchers through our responsible disclosure program to identify issues we might have missed.

5.3 Application Security and Development Practices

Security is integrated throughout our software development lifecycle, from initial design through deployment and ongoing maintenance. Our developers follow secure coding guidelines that address common vulnerabilities such as those documented in the OWASP Top 10 (including SQL injection, cross-site scripting, authentication flaws, and insecure deserialization). All code changes undergo security-focused peer reviews before being merged, and we employ automated security testing tools that scan for vulnerabilities in our code and dependencies. We maintain an inventory of all third-party libraries and frameworks we use, monitoring for disclosed vulnerabilities and applying security patches promptly. Before releasing new features or significant updates, we conduct thorough security testing including penetration testing by internal experts and external security firms who attempt to identify and exploit potential weaknesses. We also implement rate limiting and abuse prevention mechanisms that detect and block suspicious patterns such as rapid-fire login attempts, unusual API usage, or other behavior that might indicate automated attacks or abuse.

5.4 Security Monitoring and Incident Response

We maintain 24/7 security monitoring with dedicated systems that analyze logs, detect anomalies, and alert our security team to potential incidents. Our Security Operations Center (SOC) uses advanced analytics and threat intelligence to identify suspicious patterns, correlate events across our infrastructure, and distinguish between legitimate activity and genuine threats. We have established incident response procedures that define clear roles and responsibilities, escalation paths, communication protocols, and recovery steps for various types of security incidents. In the unlikely event of a data breach or security incident that affects your personal information, we will notify you and relevant authorities in accordance with applicable law (typically within 72 hours of discovery under GDPR and similar timeframes under other regulations), providing details about what happened, what information was affected, what steps we are taking to address the issue, and what actions you should consider taking to protect yourself. We conduct post-incident reviews of all security events to identify lessons learned and implement improvements that prevent similar issues in the future.

5.5 Employee Training and Awareness

We recognize that technology alone cannot ensure security; our people must also be vigilant and knowledgeable. All employees undergo comprehensive security and privacy training during onboarding and receive regular refresher training throughout their employment. This covers topics such as identifying phishing attempts and social engineering attacks, handling sensitive data appropriately, recognizing and reporting security incidents, following clean desk and screen lock policies, and understanding their responsibilities under privacy regulations. Employees with access to personal data receive additional specialized training on data protection principles, user rights, and proper data handling procedures. We conduct simulated phishing exercises to test awareness and provide targeted training to those who fall for simulated attacks. Our security culture emphasizes that everyone has a role in protecting user data, and we encourage employees to report potential security concerns without fear of retaliation.

5.6 Limitations and Your Responsibility

While we implement robust security measures, no system is completely invulnerable, and we cannot guarantee absolute security against all possible threats. Sophisticated attackers are constantly developing new techniques, zero-day vulnerabilities may exist in software we rely on, and human error remains a persistent risk despite our best efforts. We commit to using commercially reasonable security practices appropriate to the sensitivity of the data we handle, continuously improving our security posture, and responding promptly and responsibly to any incidents that occur. You also play a crucial role in maintaining the security of your account. We recommend that you use strong, unique passwords that you do not reuse across multiple services, enable two-factor authentication to add an extra layer of protection, keep your contact information updated so we can reach you if we detect suspicious activity, be cautious of phishing attempts that try to trick you into revealing your credentials or other sensitive information, log out when using shared or public computers, and monitor your account regularly for unauthorized activity. If you suspect your account has been compromised or notice anything suspicious, please contact us immediately through our support channels so we can investigate and take appropriate action.

6. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Our retention practices balance several considerations: providing you with continuous access to your data and service history, maintaining records necessary for legal and regulatory compliance, preserving evidence that may be needed to defend our rights or investigate issues, and respecting your privacy by not holding onto information longer than needed.

6.1 Active Account Data

While your account remains active, we retain your account information (name, email, profile details, and authentication credentials), usage data and API logs (as described in Section 6.2), payment and billing history (as described in Section 6.3), and support communications and correspondence. This information is necessary to provide you with ongoing access to our Services, display your historical usage and transactions, provide context-aware support, and maintain continuity of service. You can access, review, and update most of this information at any time through your account dashboard, and you can request exports of your data in machine-readable formats (such as JSON or CSV) to exercise your data portability rights.

6.2 API Logs and Usage Data

We retain detailed API request logs and usage data for 90 days from the date of each request. This retention period is sufficient for debugging issues you report, identifying patterns of abuse or fraud, optimizing our infrastructure and algorithms, and providing you with usage analytics and reports. After 90 days, we delete or anonymize these logs by removing all personally identifiable information while retaining aggregated statistics for long-term analysis and reporting. In exceptional circumstances, such as ongoing security investigations or legal proceedings, we may retain specific logs for longer periods, but we limit this to the minimum necessary records and delete them as soon as the exceptional circumstance is resolved. The actual captcha images or content you submit through our API is processed in real-time and typically not stored at all; any temporary caching for performance optimization is limited to a few minutes, after which the content is automatically purged from our systems.

6.3 Financial Records and Transaction History

Payment and billing information is subject to longer retention periods due to legal and regulatory requirements. We retain transaction records, invoices, receipts, and related financial documentation for a minimum of 7 years from the date of each transaction, as required by tax authorities in most jurisdictions and financial regulations such as the Sarbanes-Oxley Act in the United States. This includes information about what services you purchased, when, for how much, and through what payment method, along with any refunds, credits, or adjustments. However, we do not store complete credit card numbers beyond the immediate transaction processing (we retain only the last four digits and card brand for reference), and full banking details are not stored on our systems at all but rather with our PCI-compliant payment processors. After the required retention period expires, we securely delete financial records in accordance with our data destruction procedures.

6.4 Support Communications and Correspondence

We retain support tickets, email exchanges, chat transcripts, and other communications for 3 years from the date of the last interaction. This allows us to maintain continuity when you return with follow-up questions, track the resolution of recurring issues, train our support team using real examples, and protect both parties in case disputes arise about what was communicated or promised. After 3 years, we delete these records unless they are subject to ongoing legal holds or disputes, in which case we retain them only until the matter is fully resolved. You can request deletion of specific support communications earlier if they contain particularly sensitive information or if you have concerns about their retention.

6.5 Marketing and Communication Preferences

If you opt in to receive marketing communications from us, we retain your communication preferences and the history of what communications you received indefinitely while your account is active, to ensure we respect your preferences and do not send duplicate content. If you opt out of marketing communications or unsubscribe from specific types of emails, we retain a record of your opt-out preference indefinitely to ensure we do not inadvertently contact you again, but we delete other marketing-related data (such as tracking of email opens or clicks) after 2 years. This retention is based on our legitimate interest in honoring your privacy choices and complying with anti-spam laws like CAN-SPAM and CASL.

6.6 Account Deletion and Data Erasure

When you close your account (either voluntarily through your account settings or at your request to our support team), we initiate a comprehensive data deletion process. Within 30 days of account closure, we permanently delete your personal information including your account profile, authentication credentials, API keys, usage preferences, and any other data not subject to longer retention requirements. Financial records are retained for the legally required period as described in Section 6.3, but your name and contact information associated with those records are replaced with anonymized identifiers that cannot be traced back to you. Support communications are handled according to the timeline in Section 6.4. We also notify relevant service providers who may have copies of your data, instructing them to delete it in accordance with our data processing agreements.

Our deletion process is thorough and designed to make data recovery impossible. We overwrite deleted data multiple times before releasing storage space for reuse, we purge deleted data from backup systems within 90 days (the time necessary for backup rotations to cycle through), and we maintain deletion logs that document what was deleted and when, providing an audit trail without retaining the actual deleted data. In cases where immediate deletion is not possible due to technical constraints (such as data replicated across multiple geographic regions or stored in backup systems with fixed retention cycles), we mark your data for deletion and ensure it is inaccessible for any purpose while awaiting final removal. If you have concerns about specific data or need confirmation of deletion, you can contact our Data Protection Officer who can provide documentation of the deletion process.

6.7 Legal Holds and Exceptions

There are limited circumstances where we may need to retain information longer than the standard periods described above. These include situations where we are subject to legal holds or preservation requirements (such as ongoing litigation, government investigations, or regulatory proceedings where we have been instructed to preserve relevant records), where retention is necessary to establish, exercise, or defend legal claims (such as disputes about billing, service quality, or Terms of Service violations), where we need to comply with specific regulatory requirements that override general retention policies (such as export control records or anti-money laundering documentation), or where you have explicitly consented to longer retention for specific purposes (such as participating in long-term research studies). In all cases, we limit extended retention to the minimum necessary information and duration, we document the legal basis for extended retention, and we resume normal deletion processes as soon as the exceptional circumstance no longer applies.

7. Your Privacy Rights and Choices

We are committed to transparency and putting you in control of your personal information. Depending on your location and applicable privacy laws, you may have various rights regarding your personal data. We honor these rights for all users globally, even when not strictly required by local law, because we believe strong privacy protections are universal human rights. Below, we explain each right in detail and how you can exercise it.

7.1 Right of Access

You have the right to know what personal information we hold about you and how we use it. You can access most of your data directly through your account dashboard, which provides real-time views of your profile information, usage history, API keys, payment records, and communication preferences. For a comprehensive copy of all data we maintain about you, you can submit a data access request (also known as a Subject Access Request or SAR) by contacting our Data Protection Officer at [email protected]. We will compile a complete report of your personal information across all our systems and provide it to you in a structured, commonly used, and machine-readable format (typically JSON or CSV files) within 30 days of your request (or up to 60 days for complex requests, with notification of the extension and reasons). This report will include information about where your data came from, what purposes we use it for, what third parties we have shared it with, and how long we intend to retain it.

7.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal information we hold about you. Most information can be updated directly through your account settings, including your name, email address, password, communication preferences, and profile details. For information you cannot edit yourself (such as historical transaction records or API logs), or if you believe our records contain errors, please contact our support team at [email protected] with details about what needs to be corrected and any supporting documentation. We will investigate your request and make appropriate corrections within 30 days, notifying you of the outcome. In cases where we cannot make the requested correction (for example, if it would compromise the integrity of financial records required by law), we will explain the reasons and document your disputed claim alongside the existing data.

7.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent on which processing was based and there is no other legal ground for processing, when you object to processing based on legitimate interests and there are no overriding legitimate grounds, when the data has been unlawfully processed, or when deletion is required to comply with legal obligations. You can exercise this right by closing your account through your dashboard settings or by contacting us directly. As described in Section 6.6, we will delete your personal information within 30 days, except for data we are legally required to retain (such as financial records for tax purposes) or data necessary for establishing, exercising, or defending legal claims. If we cannot fully comply with a deletion request due to legal or technical constraints, we will explain the limitations and delete everything that can be legally and technically deleted.

7.4 Right to Restriction of Processing

You have the right to request that we limit how we process your personal information in specific situations, such as when you contest the accuracy of your data (we will restrict processing while we verify accuracy), when processing is unlawful but you prefer restriction rather than deletion, when we no longer need the data but you need it for legal claims, or when you have objected to processing based on legitimate interests and we are verifying whether our legitimate grounds override your rights. When processing is restricted, we may store the data but will not use it for other purposes without your consent or except for legal claims, protecting others' rights, or important public interests. You can request restriction by contacting [email protected] with details about what processing you want restricted and why. We will respond within 30 days and notify you before lifting any restrictions.

7.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider without hindrance. This right applies to information you provided to us and that we process based on your consent or for contract performance, in an automated manner. You can request a data export through your account dashboard or by emailing [email protected]. We will provide your data in JSON or CSV format (your choice) within 30 days. The export will include your account information, usage data, API configurations, and other personal data, but will not include data where disclosure would adversely affect the rights and freedoms of others (such as our proprietary algorithms or other users' information). Where technically feasible, we can also transmit your data directly to another service provider at your request.

7.6 Right to Object

You have the right to object to processing of your personal information in certain cases, particularly when processing is based on our legitimate interests or for direct marketing purposes. For direct marketing, you have an absolute right to object at any time, and we will immediately stop processing your data for marketing purposes upon receiving your objection. You can exercise this right through unsubscribe links in emails, your account communication preferences, or by contacting us. For processing based on legitimate interests (such as fraud prevention or service improvement), you can object by explaining your particular situation, and we will assess whether our legitimate grounds override your interests, rights, and freedoms, stopping the processing unless we can demonstrate compelling legitimate grounds or need the data for legal claims.

7.7 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. While our AI services process captcha challenges automatically, these processes do not make decisions about you as an individual that would have legal or similarly significant effects. Our fraud detection and security systems do use some automated analysis to flag suspicious activity, but these are always reviewed by human staff before taking significant action against an account, and you have the right to contest any automated decision, express your point of view, and obtain human intervention. If you believe you have been subject to inappropriate automated decision-making, please contact [email protected] immediately.

7.8 Right to Withdraw Consent

Where we process your personal information based on your consent (such as for marketing communications or optional data collection), you have the right to withdraw that consent at any time. Withdrawal is easy and immediate: for marketing emails, click the unsubscribe link in any message; for other consent-based processing, adjust your settings in your account dashboard or contact us at [email protected]. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal, and it does not affect processing based on other legal grounds (such as contract necessity or legal obligation). We will stop the relevant processing within 48 hours of receiving your withdrawal and confirm the change to you.

7.9 Right to Lodge a Complaint

If you believe we have not handled your personal information appropriately or have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where you believe a violation occurred. For users in the European Union, you can find your relevant data protection authority at the European Data Protection Board website. For users in the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO). For California residents, you can contact the California Privacy Protection Agency. We would appreciate the opportunity to address your concerns before you contact a regulator, so please consider reaching out to our Data Protection Officer first at [email protected], but you always have the right to go directly to supervisory authorities if you prefer.

7.10 How to Exercise Your Rights

Exercising your privacy rights is straightforward. For most requests, you can email our dedicated privacy team at [email protected] with details of your request and any supporting information. For access, deletion, or portability requests, we may need to verify your identity to protect against fraudulent requests; this typically involves confirming your email address and answering security questions about your account. We will respond to all requests within 30 days, or 60 days for complex requests (with notification of the extension and reasons). There is no charge for exercising your rights unless your requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act on the request, with explanation of our decision. We will provide all responses in clear, plain language without unnecessary legal or technical jargon, and we will take action on your request free of charge unless the exemption described above applies.

8. Cookies and Tracking Technologies

We use cookies, web beacons, local storage, and similar tracking technologies to enhance your experience on our platform, maintain security, and gather insights that help us improve our Services. This section explains what these technologies are, how we use them, what choices you have, and how to manage your preferences.

8.1 What Are Cookies and Similar Technologies

Cookies are small text files that are stored on your device (computer, smartphone, tablet) when you visit websites. They contain information that can be read by the web server that placed them, allowing websites to remember your preferences, maintain your login session, and track your activities. Cookies can be "session cookies" that expire when you close your browser, or "persistent cookies" that remain on your device for a set period or until you delete them. Web beacons (also called pixel tags or clear GIFs) are tiny, invisible images embedded in web pages or emails that help us understand user behavior, such as whether you opened an email or viewed a particular page. Local storage refers to data stored directly in your browser that persists across sessions, similar to persistent cookies but with greater storage capacity. These technologies are widely used across the internet and are essential for many modern web applications to function properly.

8.2 Types of Cookies We Use

We categorize our cookies into four types based on their purpose. Strictly Necessary Cookies are essential for our website and Services to function properly. These include authentication cookies that keep you logged in and remember who you are as you navigate through our platform, security cookies that protect against cross-site request forgery (CSRF) and other attacks by validating that requests come from legitimate sources, load balancing cookies that ensure you are connected to the appropriate server for optimal performance, and session management cookies that maintain your state across different pages. You cannot refuse these cookies without significantly impacting the functionality of our Services, and they do not collect information that could be used for marketing or tracking your browsing on other sites.

Functional Cookies enable enhanced features and personalization. These include preference cookies that remember your settings such as language selection, theme choices (light or dark mode), dashboard layout preferences, and notification settings, allowing us to provide a customized experience without requiring you to reconfigure your preferences every time you visit. We also use functional cookies to remember your consent choices regarding other cookie categories and to provide features like remembering recently viewed pages or maintaining your position in multi-step workflows. While these cookies significantly enhance your experience, the website will still function if you choose to disable them, though you may need to manually set your preferences each time you visit.

Analytics and Performance Cookies help us understand how users interact with our Services so we can identify problems, optimize performance, and improve the overall experience. These cookies collect information such as which pages you visit, how long you spend on each page, what links you click, where you encounter errors or difficulties, and general usage patterns. We use this data in aggregated form to generate statistics about our user base, identify popular features that warrant further development, detect usability issues that need addressing, and make data-driven decisions about service improvements. While these cookies track your activity on our platform, the data is typically anonymized or pseudonymized and used only for internal analytics purposes, not shared with third parties or used for advertising.

Marketing and Advertising Cookies are used only with your explicit consent and help us deliver relevant content and measure campaign effectiveness. These cookies may track your activity across our website to understand your interests and preferences, remember that you have seen particular content or offers to avoid repetition, measure the effectiveness of our marketing campaigns by tracking conversions and user journeys, and enable personalized content recommendations. We work with advertising partners who may place their own cookies to deliver targeted ads on other websites, but we do not share personally identifiable information with these partners without your consent. You can opt out of marketing cookies at any time without affecting the core functionality of our Services.

8.3 Third-Party Cookies

In addition to cookies we set directly, some third-party services we use may place their own cookies on your device. These include analytics providers like Google Analytics (which helps us understand aggregate usage patterns), payment processors like Stripe or PayPal (which use cookies for fraud prevention and transaction security), customer support tools like Intercom or Zendesk (which may use cookies to maintain conversation context and provide better support), content delivery networks like Cloudflare (which use cookies for security and performance optimization), and social media platforms if you choose to interact with social sharing features. Each of these third parties has their own privacy policies and cookie practices, which we encourage you to review. We only work with reputable partners who commit to responsible data practices, but we do not have direct control over the cookies they set or how they use the information collected.

8.4 Managing Your Cookie Preferences

You have several options for controlling cookies and similar technologies. Through your account settings on our website, you can access our cookie preference center where you can enable or disable different categories of cookies (while strictly necessary cookies cannot be disabled, you have full control over functional, analytics, and marketing cookies). Most web browsers allow you to control cookies through their settings, where you can typically choose to block all cookies, block only third-party cookies, delete existing cookies, or receive warnings before cookies are set. Browser-specific instructions are available: for Google Chrome, go to Settings, Privacy and Security, Cookies and Other Site Data; for Mozilla Firefox, go to Options, Privacy and Security, Cookies and Site Data; for Safari, go to Preferences, Privacy, Cookies and Website Data; for Microsoft Edge, go to Settings, Cookies and Site Permissions. You can also use browser extensions or privacy tools that provide enhanced cookie control and blocking capabilities.

Please note that blocking or deleting cookies may impact your experience on our platform. Without strictly necessary cookies, you may not be able to log in or access your account. Without functional cookies, you will need to reconfigure your preferences each time you visit. Without analytics cookies, we may have less information to improve the service based on actual usage patterns. However, blocking marketing cookies will not impair core functionality and is entirely your choice. We respect Do Not Track (DNT) signals and similar browser-based privacy controls to the extent technically feasible, though industry standards for responding to such signals are still evolving. Additionally, you can opt out of interest-based advertising through industry opt-out tools such as the Digital Advertising Alliance's opt-out page, the Network Advertising Initiative's opt-out page, or the European Interactive Digital Advertising Alliance's opt-out page.

8.5 Mobile Device Identifiers and SDKs

If you use our mobile applications (if available), we may collect mobile device identifiers and use mobile SDKs (software development kits) that function similarly to cookies. These include device identifiers such as Apple's Identifier for Advertisers (IDFA) or Google's Advertising ID, which can be reset through your device settings. On iOS devices, you can manage tracking through Settings, Privacy, Tracking, and choose which apps can request to track your activity. On Android devices, you can manage your Advertising ID through Settings, Google, Ads, and opt out of personalized advertising. Mobile SDKs may collect information about your device type, operating system version, app usage patterns, and crashes or errors to help us maintain and improve our mobile applications. We use this information only for operational and improvement purposes, never selling it to third parties or using it for purposes unrelated to our Services.

9. International Data Transfers

MyDisct Solver operates globally, and to provide our Services effectively, we may need to transfer and process your personal information in countries other than where you reside. This section explains how we protect your information during international transfers and comply with applicable cross-border data transfer regulations.

9.1 Where We Process Your Data

Our primary data processing infrastructure is located in multiple regions worldwide to ensure low latency, high availability, and optimal performance for users regardless of their location. We use cloud infrastructure providers with data centers in North America (primarily United States), Europe (including European Union member states and the United Kingdom), Asia Pacific (including Singapore, Japan, and Australia), and other strategic locations. When you use our Services, your data may be processed in any of these locations based on factors such as your geographic proximity (to minimize latency), current system load (for optimal performance), and data residency requirements (for compliance with local regulations). For users in the European Union and United Kingdom, we offer options to process and store data exclusively within EU/UK data centers for those who require it due to regulatory or contractual obligations.

9.2 Legal Mechanisms for International Transfers

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that are not recognized as providing adequate data protection (such as the United States), we rely on appropriate legal mechanisms to ensure your data remains protected. These mechanisms include Standard Contractual Clauses (SCCs) approved by the European Commission, which are legally binding contracts that impose data protection obligations on data recipients equivalent to those required in Europe. We have executed SCCs with all our service providers and partners who receive personal data from the EEA, UK, or Switzerland. We also conduct Transfer Impact Assessments (TIAs) as required by guidance from European data protection authorities, evaluating the laws and practices in destination countries to identify any risks to data subjects' rights and implementing supplementary measures where necessary to ensure adequate protection.

For certain data transfers, we may rely on other legal mechanisms such as adequacy decisions (where the European Commission has determined that a country provides adequate data protection, such as for transfers to Canada, Japan, or other approved countries), explicit user consent for specific transfers (where you have been fully informed about the transfer and its implications and have given your clear, affirmative agreement), or necessity for contract performance (where the transfer is essential to provide the Services you have requested). We continuously monitor legal developments in international data transfer regulations, including ongoing assessments of the EU-U.S. Data Privacy Framework and similar arrangements, and we adapt our practices to ensure ongoing compliance with evolving standards.

9.3 Safeguards and Protections

Beyond legal mechanisms, we implement technical and organizational safeguards to protect data during international transfers. All data transmitted between our servers and between regions is encrypted using strong cryptographic protocols (TLS 1.3 or higher), ensuring data cannot be intercepted or read during transit. We encrypt stored data using AES-256 encryption, so even if storage media is physically accessed in any location, the data remains protected. Access to personal data is controlled through strict authentication and authorization policies regardless of where the data is processed, with access limited to authorized personnel who need it for specific purposes. We conduct regular security audits of all facilities and systems worldwide to ensure consistent security standards, and we require all employees, contractors, and service providers to adhere to our global privacy and security policies regardless of their location.

For users with specific data localization requirements (such as those in highly regulated industries or government sectors), we offer data residency options that allow you to specify which geographic regions can be used for processing and storing your data. This may involve premium pricing to account for infrastructure constraints and reduced efficiency, but it ensures your data remains within jurisdictions you approve. We also provide transparency about where your data is processed through our service documentation and can provide specific location information upon request to help you comply with your own data governance requirements.

10. Children's Privacy

MyDisct Solver is designed for use by businesses, developers, researchers, and adult consumers. Our Services are not directed at children under the age of 18, and we do not knowingly collect personal information from children. We define children as individuals under 18 years of age (or the age of majority in their jurisdiction, whichever is higher), in accordance with child protection regulations worldwide including the U.S. Children's Online Privacy Protection Act (COPPA), the EU's General Data Protection Regulation (which provides enhanced protections for individuals under 16), and similar laws in other countries.

If you are under 18 years of age, you may only use our Services with the involvement, supervision, and approval of a parent or legal guardian who has reviewed and agreed to this Privacy Policy and our Terms of Service on your behalf. The parent or guardian is responsible for monitoring the minor's use of our Services and for all activities conducted through the account. We recommend that parents and guardians familiarize themselves with privacy and security best practices and actively supervise their children's internet usage. If we discover that we have inadvertently collected personal information from a child under 18 without proper parental consent, we will take immediate steps to delete that information from our servers. If you believe we may have collected information from a child inappropriately, please contact us immediately at [email protected] with details, and we will investigate and take appropriate action.

For parents and guardians supervising minors using our Services, we encourage you to discuss online privacy and safety with your children, review privacy settings and security features with them, monitor their account activity regularly, and ensure they understand the importance of protecting personal information and not sharing credentials with others. We support educational initiatives that promote digital literacy and online safety for young people, and we are committed to working with parents, educators, and regulators to protect children's privacy in the digital age.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes, we are committed to transparency and ensuring you are informed and have the opportunity to review the updated terms before they affect you.

For significant changes that materially affect how we collect, use, or share your personal information, or that reduce your rights or protections, we will provide prominent notice at least 30 days before the changes take effect. This notice will be delivered through multiple channels including email to the address associated with your account, a prominent banner or notification on our website and dashboard, and an in-app notification when you log in to your account. The notice will clearly explain what has changed, why we made the changes, how they affect you, and when they will become effective. We will also provide easy access to the previous version of the Privacy Policy so you can compare and understand the differences.

For minor changes that do not materially affect your rights (such as clarifications of existing language, updates to contact information, or administrative changes), we will update the "Last Updated" date at the top of this policy and may provide notice through our website, but we may not send individual email notifications. We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information. You can access the current version at any time through our website footer, and we maintain an archive of previous versions (available upon request to [email protected]) for your reference.

Your continued use of our Services after changes to this Privacy Policy become effective constitutes your acceptance of the updated policy. If you do not agree with any changes, you have the right to close your account as described in Section 6.6, and we will process your data deletion request in accordance with our standard procedures. For changes that require explicit consent under applicable law (such as certain changes affecting EU users' rights under GDPR), we will not apply the new practices to your existing data until you have provided your affirmative consent, and you will have the option to decline consent and close your account instead.

We take a principled approach to policy changes, guided by our commitment to user privacy and transparency. We do not make changes that would significantly reduce your rights or protections without compelling business or legal reasons, and we always strive to maintain or enhance privacy protections whenever possible. If you have questions or concerns about any changes to this Privacy Policy, please contact our Data Protection Officer at [email protected], and we will be happy to discuss the changes with you and address your concerns.

12. Applicable Law and Compliance

MyDisct Solver is incorporated and operates under the laws of the Republic of Turkey. All data processing activities are conducted in compliance with Turkish data protection regulations, primarily the Law on Protection of Personal Data (KVKK - Kişisel Verilerin Korunması Kanunu) No. 6698, which governs the processing, storage, and protection of personal data in Turkey.

12.1 KVKK Compliance

Under KVKK, we are committed to processing your personal data in accordance with the fundamental principles established by Turkish law. These principles include processing data lawfully and in good faith (your data is collected and used only for legitimate purposes with proper legal basis), processing in accordance with the purpose for which it was collected (we do not use your data for purposes beyond what we disclosed when collecting it), ensuring data is relevant, limited, and proportionate to the purposes for which it is processed (we collect only the minimum data necessary), ensuring data is accurate and up-to-date (you can correct inaccurate information at any time), storing data only for the period required by law or necessary for the purpose (as detailed in Section 6), and processing data in a manner that ensures appropriate security (as detailed in Section 5).

We maintain compliance with KVKK requirements including registration with the Data Controllers Registry (Veri Sorumluları Sicili) maintained by the Personal Data Protection Authority (Kişisel Verilerin Korunması Kurumu - KVKK), implementing technical and administrative measures to protect personal data against unlawful processing and unauthorized access, ensuring that our employees and service providers who have access to personal data are bound by confidentiality obligations, conducting data processing inventory assessments to document all personal data processing activities, and cooperating with the Personal Data Protection Authority in investigations and audits. We have appointed a data controller representative responsible for KVKK compliance and serving as the primary contact for data protection matters.

12.2 Your Rights Under KVKK

Under Article 11 of KVKK, you have the right to learn whether your personal data is being processed, request information about such processing if your data has been processed, learn the purpose of processing and whether data is used in accordance with its purpose, know the third parties to whom your data is transferred domestically or abroad, request correction of incomplete or inaccurate data, request deletion or destruction of your data under certain conditions specified in the law, request notification of correction, deletion, or destruction operations to third parties to whom your data has been transferred, object to negative consequences arising from analysis of your data exclusively through automated systems, and claim compensation for damages arising from unlawful processing of your data. These rights are exercised through the procedures described in Section 7 of this Privacy Policy.

12.3 International Standards and Cross-Border Compliance

While we operate under Turkish law, we recognize that many of our users are located in other jurisdictions with their own data protection regulations. We strive to comply with international privacy standards including the European Union's General Data Protection Regulation (GDPR) for users in EU member states, the United Kingdom's Data Protection Act and UK GDPR for users in the UK, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable national and regional privacy laws. Where different regulations impose varying requirements, we generally apply the highest standard of protection to ensure consistent, robust privacy safeguards for all our users regardless of their location.

For cross-border data transfers from jurisdictions with strict transfer requirements (such as the EU or UK), we implement appropriate safeguards as described in Section 9, including Standard Contractual Clauses, adequacy decisions, and supplementary security measures. We continuously monitor legal developments in international data protection and adapt our practices to ensure ongoing compliance with evolving standards. If there are conflicts between Turkish law and the laws of your jurisdiction, we will make reasonable efforts to comply with both, but Turkish law will govern our data processing activities and this Privacy Policy to the extent permitted by applicable law.

13. Contact Information and Data Protection Officer

When contacting us about privacy matters, please include your full name, email address associated with your account (if applicable), a detailed description of your inquiry or request, and any relevant information that will help us process your request quickly and accurately. For privacy rights requests, specify which right you wish to exercise and provide information needed for identity verification as described in the relevant sections above. We take all privacy inquiries seriously and will work diligently to address your concerns, answer your questions, and ensure your rights are respected.

Our Data Protection Officer oversees all privacy-related matters at MyDisct Solver, including ensuring compliance with applicable privacy laws, reviewing and approving privacy practices and policies, serving as the primary contact for supervisory authorities, conducting privacy impact assessments for new features or services, training staff on data protection requirements, and investigating privacy complaints or incidents. You can contact our DPO directly for any matter related to data protection and privacy, and you will receive a response that addresses your specific concerns with detailed explanations of our practices and any actions we will take.

14. Final Provisions

This Privacy Policy is written in English, and while we may provide translations in other languages for your convenience, the English version is the authoritative version that will be used for interpretation in case of any conflicts or discrepancies. This Privacy Policy should be read in conjunction with our Terms of Service, which governs your use of our Services and contains additional provisions about liability, dispute resolution, and other legal matters. Together, these documents form the complete agreement regarding privacy and data protection between you and MyDisct Solver.

We reserve the right to modify this Privacy Policy as described in Section 11, and your continued use of our Services after changes become effective constitutes acceptance of the updated policy. If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions will continue in full force and effect, and the invalid provision will be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent as closely as possible. Our failure to enforce any provision of this Privacy Policy does not waive our right to enforce it in the future.

This Privacy Policy was last updated on November 7, 2025, and is effective as of that date. We thank you for trusting MyDisct Solver with your personal information and for taking the time to understand our privacy practices. We are committed to earning and maintaining that trust through transparency, security, and respect for your privacy rights.