Privacy Policy

Who we are

The data controller is Connact Inc., a company established in Taiwan (Republic of China), operating the Seges consulting practice at seges.ai. You can reach our privacy team through seges.ai/contact or at zereo@connact.ai.

Where the law of your country requires a local representative or contact point (for example an EU Article 27 representative, or a registered contact in Nigeria, Kenya, India or Indonesia), we appoint one; ask us and we will give you their current details.

What we collect, and why

We tell you, at the point of collection, exactly what we take and what we do with it. For each category we limit collection to the stated purpose:

• Contact and enquiry data you send us (name, work email, organisation, and the message you write) — to answer you, scope an engagement, and keep a record of our correspondence.
• Engagement and account data, if you become a client (billing contact, the business information you share for a project) — to deliver and administer the service and meet our legal and accounting duties.
• Service-usage data from any paid Seges data or API product you use (the queries you run, basic technical logs) — to operate, secure and improve that product.
• Payment records, processed by our payment provider — we never see or store full card numbers.

The purposes you control

Beyond simply delivering what you asked for, we will only use your personal data for the following purposes if you give us separate, specific consent for each — and you can withdraw any of them at any time without affecting the service itself:

• Analytics — understanding how our services are used so we can make them better.
• Service and product improvement — developing new and improved features.
• Training and improving our AI and machine-learning models — we will tell you plainly when this is the purpose, and we never use special-category data for it.

Our lawful bases

We rely on the most protective basis available where you are. Our primary basis is your consent. Where we provide a service you asked for, we rely on the necessity of performing our contract with you. Where the law of your country recognises it — and only as a secondary basis, never to bypass a consent requirement — we may rely on our legitimate interests in running and improving the service, having weighed those interests against your rights. In several countries (including China, India, Vietnam, Malaysia and Hong Kong) we do not rely on legitimate interest at all; there, the purposes above run only on your consent or on irreversibly de-identified data.

Data we deliberately do not collect

By design, Connact does not collect special-category or sensitive personal data — health, genetic or biometric data, race or ethnicity, religion, political opinions, sex life, criminal records, precise neural data, or government identification numbers. Please do not send us this information. If you do, we will delete it.

Children

Our services are for businesses and professionals and are not directed to children. We do not knowingly collect data from anyone under 18, and we never serve targeted advertising to minors. If you believe a child has provided us data, contact us and we will delete it.

Where your data is processed

We host our services on Google Cloud Platform. By default, personal data of clients in Taiwan and the wider region is processed in Google Cloud's Taiwan region (asia-east1) — it stays on-shore. We do not route personal data through mainland China, Hong Kong or Macau.

When data is processed outside your country, we put a lawful transfer mechanism in place — a data-processing agreement with our providers plus standard contractual clauses or the equivalent your law requires — and, for personal data of people in the EU/EEA and UK, we keep that data in European regions. We describe the specific mechanism for your region below.

How long we keep it, and how we protect it

We keep personal data only as long as needed for the purpose we collected it for, or as the law requires, then delete or irreversibly de-identify it. We protect it with encryption in transit and at rest, access controls, and least-privilege practices. If a personal-data breach occurs, we will notify the relevant regulator and affected individuals within the strictest timeline that applies to us — in most cases within 72 hours of becoming aware — and we keep an internal breach register.

De-identified data

We may create irreversibly de-identified or aggregated data that can no longer be linked to you. Such data is no longer personal data, and we may use it freely — including for analytics and to train and improve our models. We hold ourselves to a high standard of de-identification (data that genuinely cannot be re-identified), and we keep raw personal data out of our training sets.

Your rights

Wherever you are, you can ask us to: confirm what we hold and give you a copy; correct it; delete it; export it in a portable format; restrict or object to a use; object to any direct marketing absolutely; withdraw a consent; and not be subject to a decision based solely on automated processing. These rights cannot be signed away by our terms. Use seges.ai/contact or zereo@connact.ai and we will respond within the strictest period that applies to you (one month in the EU/UK; promptly elsewhere).

Sharing

We share personal data only with service providers who help us run the service (such as our cloud host and payment provider), each under a contract that limits them to our instructions; where the law requires it; or with your direction. We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

Changes

If we change this policy materially we will post the new version with a new effective date and, where appropriate, tell you directly. The version above governs from its effective date.