Introduction This Privacy Policy (“Policy”) describes how Great House Architecture LLC (“Great House Architecture,” “we,” “us,” or “our”) domiciled at ____________________, Estate of Delaware, United States of America, collects, uses, processes, stores, and protects personal information when providing services through the platform myupgrade.ai (“the Platform”). This Policy applies to all data processed in connection with Great House Architecture’s technological, artificial intelligence, and automation services, including onboarding systems, AI “Helpers,” analytics dashboards, and cloud-based infrastructure. Great House Architecture LLC acts as a Data Controller and/or Data Processor, depending on the nature of the service and the contractual relationship with the client. When Great House Architecture determines the purposes and means of processing, it acts as a Data Controller; when it processes personal data on behalf of a client, it acts as a Data Processor pursuant to documented instructions. Great House Architecture LLC provides services exclusively to corporate clients (B2B), such as clinics, consultants, and enterprises. The Platform is not directed at individual consumers, patients, or the general public, and does not provide medical, financial, or legal advice. Clients remain solely responsible for collecting valid consent and complying with applicable privacy laws in relation to their own end users. This Policy also explains your rights and choices regarding your personal data, including how to access, correct, or request deletion of your information, and how to object to certain types of processing. Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).‍ By using the Platform, accessing our services, or providing data to us, you acknowledge that you have read, understood, and agreed to this Policy.

Great House Architecture’s Guiding Privacy Principles Great House Architecture LLC operates as a technology and artificial intelligence service provider, committed to upholding high standards of confidentiality, cybersecurity, and transparency.
We design all our services with privacy-by-design and privacy-by-default principles. Our guiding privacy principles are: Confidentiality: Personal data will not be disclosed or used for purposes other than those for which it was collected, except with consent or as required by law. Limitation and Minimization: We collect and store only the data strictly necessary to provide our services. No Sale of Personal Data: Great House Architecture LLC does not rent, sell, or trade personal data to any third party. Accuracy: We take reasonable steps to ensure that the data we process is accurate, complete, and up to date. Security: We use strong technical and organizational measures (including encryption, authentication, and network controls) to safeguard your data. Transparency and Access: We enable clients to exercise access, correction, deletion, and portability rights over their data, in accordance with applicable laws.

Scope and Applicability This Policy applies to: all visitors, clients, and users of the myupgrade.ai platform; all data processed by Great House Architecture LLC through its services; all agents, “Helpers,” APIs, or automation modules integrated under the Great House Architecture environment. This Policy does not apply to third-party websites or systems that may be linked through our Platform.

Information We Collect We may collect: Identification data: name, surname, business contact, position, email, telephone. Professional data: company, role, sector, and relevant project or integration details. Operational data: credentials, configuration parameters, and datasets provided by clients. Sensitive data (if applicable): health or financial data processed only under contractual authorization and with enhanced protection (HIPAA-compliant). Technical data: IP address, device identifiers, browser data, and logs for security monitoring. Usage data: AI interactions, reports, responses, and metrics for analytics. Communication data: messages, support tickets, and email exchanges. Great House Architecture does not intentionally collect data directly from minors or end-users of clients (such as patients or consumers). Such data remains the responsibility of the client who uploads or manages it. 5.a Purpose and Use of Data Great House Architecture processes data solely for: providing and maintaining the contracted services; automating and optimizing processes for clients; training and improving AI systems using anonymized or pseudonymized datasets; ensuring service performance, cybersecurity, and fraud prevention; complying with legal and regulatory obligations. We do not use personal data for advertising, resale, or unrelated commercial purposes.
All processing is limited to the purposes strictly necessary for service delivery. 5.b No Data Selling Policy We maintain a strict policy against selling or trading any data. Our primary objective is to offer enhanced user experience and functionalities.

Legal Basis and Responsibility Great House Architecture LLC acts as: Data Processor, when processing personal data on behalf of clients under written instructions. Legal bases for processing include: performance of a contract; legitimate interest in providing secure and efficient services; compliance with U.S. federal and state privacy laws (including CCPA/CPRA and FTC guidelines). Clients remain responsible for obtaining all required consents from end-users and ensuring the lawful basis for data transferred to Great House Architecture.

Data Retention Personal data will be retained only for as long as necessary to fulfill the purposes described above or as required by law. Upon contract termination, all data will be securely deleted or anonymized within thirty (30) business days, following NIST SP 800-88 secure deletion standards.

Security Measures Great House Architecture maintains comprehensive data protection protocols aligned with ISO/IEC 27001, NIST Cybersecurity Framework, SOC 2, and HIPAA where applicable.
Security measures include: Encryption in transit and at rest (TLS 1.3 / AES-256); Multi-factor authentication and role-based access; Continuous vulnerability monitoring; Regular audits and backups; Incident response plan and disaster recovery. Access to data is restricted to authorized personnel bound by confidentiality agreements.

Artificial Intelligence and Human Oversight Great House Architecture employs AI systems and virtual agents (“Helpers”) to assist clients in automation, analysis, and process improvement. All AI systems operate under meaningful human supervision. Clients are responsible for verifying outputs and ensuring lawful use of AI-generated content. Great House Architecture may use anonymized or aggregated data to improve its models, without identifying any individual. No fully automated decisions with legal or equivalent effects are made on end-users.

Transfers of Data and Subprocessors Data may be transferred and stored in the United States, where Great House Architecture’s infrastructure is located.
We may engage sub-processors such as Amazon Web Services (AWS) or equivalent providers under written agreements ensuring: equivalent security standards; no data use for independent purposes; confidentiality obligations. By using our services, you consent to these transfers under recognized safeguards and contractual clauses.

Sharing of Personal Information with Third Parties 11.1. General Overview Great House Architecture LLC may share limited amounts of Personal Information with carefully selected third-party service providers (“Service Providers”) strictly for the purpose of operating, maintaining, and improving our Services. These Service Providers act on behalf of Great House Architecture LLC under written data processing agreements and are bound by contractual obligations of confidentiality, data security, and lawful processing. Form submissions, contact requests, and e-mails sent through our website are automatically transmitted to secure external systems, such as our CRM platforms and technical processors, exclusively for: managing communications and customer support; performing analytics and service optimization; ensuring proper functionality of integrations and automations. These third parties are prohibited from using your Personal Information for independent or unauthorized purposes and may process it only to the extent necessary to provide their contracted services to Great House Architecture LLC.

Rights of Data Subjects Depending on the applicable data protection legislation, data subjects may exercise the following rights with respect to their personal data processed under this Agreement: (a) Right of Access. Data subjects are entitled to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to such data, including information about the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the data has been or will be disclosed. (b) Right to Rectification. Data subjects have the right to request the correction of inaccurate personal data and the completion of incomplete data without undue delay. (c) Right to Erasure (“Right to be Forgotten”). Under certain circumstances, data subjects may request the deletion of their personal data when the data is no longer necessary for the purposes for which it was collected, when consent has been withdrawn, or when the processing is unlawful, subject to legal retention obligations. (d) Right to Restrict Processing. Data subjects may request the restriction of processing of their data, for example, while the accuracy of the data is being verified or when the data subject has objected to processing. (e) Right to Data Portability. Where processing is based on consent or on a contract and carried out by automated means, data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format, and to transmit those data to another controller. (f) Right to Object. Data subjects may object at any time, on grounds relating to their particular situation, to the processing of their personal data, including profiling. The controller shall cease processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject. (g) Rights Related to Automated Decision-Making and Profiling. Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them, except where such decision is necessary for entering into or performing a contract, is authorized by law, or is based on explicit consent. (h) Right to Lodge a Complaint. Data subjects have the right to lodge a complaint with the competent data protection authority in their jurisdiction if they believe that the processing of their personal data infringes applicable data protection laws. Examples of such authorities include the European Data Protection Board (EDPB) member supervisory authorities under the GDPR, the ANPD in Brazil under the LGPD, or the AAIP in Argentina under Law No. 25.326. The identity and contact details of the competent authority depend on the place of residence of the data subject and/or the location of the processing activity. All data subject requests shall be submitted to privacy@myupgrade.ai .Great House Architecture, as sub-processor, shall promptly assist the client in verifying and fulfilling such requests, in accordance with the controller’s documented instructions and within the statutory time limits established by applicable data protection legislation.

External Links and Public Communications 13.1. Links to Third-Party Websites This website may contain links to external platforms, including but not limited to LinkedIn, Instagram, Dribbble, X (formerly Twitter), or other third-party websites. These links are provided for reference or convenience only. Great House Architecture LLC is not responsible for the content, privacy practices, or data processing activities of such external sites. Accessing third-party websites through hyperlinks on our Platform is entirely at the user’s own risk. We strongly encourage all users to carefully read the privacy policies and terms of use of any external website that collects or processes personally identifiable information before providing any data. This Privacy Policy applies exclusively to data collected directly through myupgrade.ai and not to information collected through external or linked websites. 13.2. Chat Rooms, Forums, and Public Interactions The Platform or its integrations may include optional interactive features such as discussion boards, chat functions, public comment sections, or collaborative spaces. Users are advised that any personal information voluntarily disclosed in such public or semi-public areas may be collected and used by third parties beyond Great House Architecture’s control.
By posting personal data in publicly accessible environments, you acknowledge that such information may become visible to others and could result in unsolicited communications, including messages, marketing outreach, or contact from unknown individuals. Great House Architecture LLC shall not be held liable for any loss, misuse, or unauthorized use of personal data voluntarily disclosed by users in open forums, chat areas, or communication channels not managed directly under secure authentication. Users are responsible for exercising discretion and prudence when sharing personal information in online interactions, even within the Platform environment.

Rights Under U.S. and International Privacy Laws 14.1. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) If you are a resident of the State of California, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to: Know what categories of personal information we collect, the sources, and the purpose of use; Request deletion of your personal information, subject to applicable exceptions; Opt out of any sale or sharing of personal information (Great House Architecture LLC does not sell or share personal data for commercial gain); Access the personal information we hold about you, up to two times within a twelve (12) month period; Non-discrimination, meaning you will not be treated differently or denied services for exercising your privacy rights. If you make a verified request, we will provide: The categories and specific pieces of personal information collected; The categories of sources from which the data was obtained; The business or commercial purpose for collecting or disclosing the information; The categories of third parties with whom we share it; Whether any information has been disclosed for a business purpose or de-identified. Requests may be sent to privacy@myupgrade.ai and will be processed in accordance with CCPA verification procedures. Please note that deletion requests may limit our ability to provide certain functionalities dependent on such data. 14.2. California Online Privacy Protection Act (CalOPPA) Great House Architecture LLC complies with the California Online Privacy Protection Act (CalOPPA), which requires commercial websites to provide a clear and accessible privacy policy. In compliance with CalOPPA, we confirm that: Users can visit our website anonymously; Our Privacy Policy link includes the word “Privacy” and is easily accessible from our homepage; Users will be notified of any material changes to this Policy on our Privacy Policy page; Users may update or correct personal information by contacting privacy@myupgrade.ai; We honor “Do Not Track” signals. When a Do Not Track mechanism is enabled in your browser, Great House Architecture LLC does not track, plant cookies, or use advertising technologies inconsistent with that preference. 14.3. Delaware and HIPAA Compliance For personal or regulated information processed within the State of Delaware, Great House Architecture complies with the Delaware Online Privacy and Protection Act (DOPPA) and applicable Federal Trade Commission (FTC) privacy standards. When our services involve health-related data, Great House Architecture also complies with the Health Insurance Portability and Accountability Act (HIPAA), ensuring confidentiality, integrity, and restricted access to protected health information (PHI). Such data is handled only under written agreements and with appropriate safeguards. To delete your personal information: If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.   14.4. Rights Under the General Data Protection Regulation (GDPR) If you are a resident of the European Union (EU) or the European Economic Area (EEA), you are entitled to certain rights under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). These rights include: Access – to know whether we process your personal data and to obtain a copy of such data. Rectification – to request correction of inaccurate or incomplete information. Erasure (“Right to be Forgotten”) – to request deletion of your data where no longer necessary or lawfully processed. Restriction of Processing – to limit data processing in certain circumstances. Data Portability – to receive your data in a structured, commonly used, and machine-readable format. Objection – to object to the processing of your data, including profiling. Withdrawal of Consent – to withdraw consent at any time when processing is based on consent. If you wish to exercise any of these rights, please contact privacy@myupgrade.ai. 
We may request verification of identity before processing such requests.
Please note that in some cases, the inability to process personal data may prevent Great House Architecture from providing certain services. Individuals also have the right to lodge a complaint with their local Data Protection Authority (DPA) regarding the collection or use of their personal data.
A list of DPAs is available at: https://edpb.europa.eu/about-edpb/board/members_en.

Minors Great House Architecture’s Platform and Services are intended exclusively for professional and corporate use and are not designed to collect or process personal data from individuals under eighteen (18) years of age. As a data processor, Great House Architecture acts solely on the documented instructions of the client, who, as data controller, remains responsible for determining the lawful basis for processing and, where applicable, for obtaining verifiable parental or guardian consent prior to collecting any minor’s data. If Great House Architecture becomes aware that personal data of a minor has been submitted or processed through its systems without appropriate authorization, it shall promptly inform the client and, upon the client’s instruction, either delete such data or take other appropriate measures to ensure compliance with applicable data protection laws. Parents or legal guardians seeking to exercise rights on behalf of a minor should address their request directly to the client (controller). Great House Architecture may assist the client in handling such requests as required under this Agreement.

Retention and Deletion upon Termination Upon termination or cancellation of service: client data will be deleted securely or returned upon written request; anonymized datasets used for system improvement will be retained only in non-identifiable form; Great House Architecture will certify the deletion upon request.

Modifications Great House Architecture may modify this Privacy Policy to reflect updates in law, technology, or services.
Any changes will be published on https://myupgrade.ai/privacy-policy , and the revision date will be updated accordingly. Continued use of the Platform after publication constitutes acceptance of the updated Policy.

Governing Law and Jurisdiction This Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, excluding its conflict-of-law rules. Any dispute shall be resolved before the courts of New Castle County, Delaware, or, by agreement, through binding arbitration administered by the American Arbitration Association (AAA).