Privacy Policy
We take data protection seriously. This policy explains exactly how we collect, use, and protect your information.
1. Introduction
H2Om.AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://h2om.ai and use our compliance tracking services.
We are a boutique software development agency specializing in mission-critical applications. We take data protection seriously and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide to us:
- •Email Address: When you subscribe to compliance deadline notifications
- •Industry Information: The industry sector you work in (e.g., healthcare, defense)
- •Compliance Preferences: Which frameworks you track (e.g., HIPAA, CMMC, SOC 2)
- •Contact Information: When you reach out through our contact forms
- •Notification Preferences: Your chosen notification timings and digest settings
2.2 Automatically Collected Information
We automatically collect certain information when you visit our website:
- •Usage Data: Pages viewed, time spent, navigation paths
- •Device Information: Browser type, operating system, device type
- •IP Address: For analytics and security purposes (anonymized when possible)
- •Cookies and Similar Technologies: See Section 6 for details
✓2.3 Information We Do NOT Collect
We do not collect:
- ×Social Security Numbers or government-issued ID numbers
- ×Payment or credit card information (we don't process payments on this site)
- ×Precise geolocation data
- ×Health information or Protected Health Information (PHI)
- ×Sensitive personal data unless explicitly necessary and consented to
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- →Sending compliance deadline notifications you subscribed to
- →Providing personalized compliance tracking based on your industry and data types
- →Responding to your inquiries and support requests
3.2 Service Improvement
- →Analyzing usage patterns to improve our website and services
- →Understanding which compliance frameworks are most relevant to our users
- →Testing and optimizing user experience
3.3 Security and Legal Compliance
- →Detecting and preventing fraud, abuse, and security incidents
- →Complying with legal obligations and regulatory requirements
- →Enforcing our Terms of Service
3.4 Marketing (With Consent)
- →Sending monthly compliance digests (only if you opted in)
- →Notifying you of new regulatory developments (only if you opted in)
- →You can unsubscribe from marketing emails at any time
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data based on:
When you subscribe to notifications or opt into communications
Analytics, security, and service improvement
Compliance with applicable laws and regulations
Providing services you requested
5. How We Share Your Information
5.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our website:
- →Amazon Web Services (AWS): Cloud hosting, email delivery (SES), database (DynamoDB)
- →Hosting Providers: Website hosting and content delivery
- →Analytics Providers: Usage statistics and performance monitoring
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
5.2 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to:
- •Comply with legal processes
- •Protect our rights, property, or safety
- •Investigate fraud or security incidents
✓5.4 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. Cookies and Tracking Technologies
We use the following types of cookies:
6.1 Essential Cookies
Required for the website to function properly (e.g., session management, security).
6.2 Analytics Cookies
Help us understand how visitors interact with our website for service improvement.
6.3 Your Cookie Choices
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality. Most browsers allow you to refuse cookies or alert you when cookies are being sent.
7. Data Security
We implement industry-standard security measures to protect your information:
Encryption
Data in transit is encrypted using TLS/HTTPS
Access Controls
Strict access limitations to personal data
Secure Infrastructure
AWS infrastructure with enterprise-grade security
Regular Audits
Security reviews and vulnerability assessments
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Data Retention
We retain your personal information for as long as necessary to:
- •Provide our services (while you have an active subscription)
- •Comply with legal obligations (e.g., tax records, audit logs)
- •Resolve disputes and enforce our agreements
Specific retention periods:
9. Your Privacy Rights
9.1 Rights for All Users
Access
Request a copy of your personal information
Correction
Update inaccurate or incomplete data
Deletion
Request deletion of your data (with exceptions for legal obligations)
Opt-Out
Unsubscribe from marketing emails at any time
9.4 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: privacy@h2om.ai
Subject Line: "Privacy Rights Request"
Response Time: We will respond within 30 days (45 days for complex requests)
You may be required to verify your identity before we process your request.
10. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@h2om.ai.
11. International Data Transfers
Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
For EEA users, we ensure adequate protection through:
- •Standard Contractual Clauses approved by the European Commission
- •Adequacy decisions for certain countries
- •Appropriate safeguards as required by GDPR
12. Do Not Track Signals
Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals, as there is no industry consensus on how to interpret them. We will update this policy if industry standards emerge.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
Your continued use of our services after changes become effective constitutes acceptance of the updated policy.
14. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
H2Om.AI Privacy Team
For GDPR-related inquiries, you may also contact your local data protection authority.
By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
Last Updated: January 5, 2026