PRIVACY POLICY

Effective Date: May 6, 2025

We at Such Much AI, Inc., located at 131 Continental Dr., Suite 305, Newark, 19702, United States, and our wholly owned subsidiary, “Such Much AI” UAB, company code 306405204, registered at Bukčių g. 6, Vilnius, 04127, Lithuania, (together referred to as “we”, “RFPX”, or “Such Much AI”) are committed to protecting your personal data.

We process your personal data lawfully, fairly, and transparently in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"),
- The EU Artificial Intelligence Act ("AI Act"), and
- The Law on Legal Protection of Personal Data of the Republic of Lithuania.

We do not use your data for AI model training unless you explicitly request this and confirm it in writing.

1. WHAT IS THIS DOCUMENT?

This Privacy Policy explains how we collect, use, disclose, and protect your data when you use our website www.rfpx.com, our AI services, and our social media pages (collectively the “Websites”). By using the Websites, you agree to the terms of this Privacy Policy. If you disagree, please do not use our services.

"Personal data" means any information that identifies or can be used to identify you directly or indirectly.

2. WHO ARE WE?

The Websites are managed by Such Much AI, Inc. and “Such Much AI” UAB, operating under the RFPX brand. We are joint controllers of your personal data and jointly determine the purposes and means of processing. You may contact either entity to exercise your rights. A summary of our joint controller arrangement is available upon request.

3. PRINCIPLES WE FOLLOW

We commit to:
- Complying with GDPR, the AI Act, and Lithuanian data protection laws;
- Processing data lawfully, fairly, and transparently;
- Limiting data use to specific, legitimate purposes;
- Ensuring accuracy, confidentiality, and security;
- Retaining data only as long as necessary;
- Not disclosing data without a lawful basis;
- Using appropriate technical and organizational security measures.

4. HOW WE COLLECT YOUR PERSONAL DATA

We collect data:
- When you provide it (e.g., contact forms, account creation, submitted or generated documents);
- Automatically via cookies or browser data (e.g., IP address, device type);
- By combining data from different sources for service improvement.

5. WHAT DATA WE PROCESS AND WHY

We process your data for the following purposes:

a) To provide services
-
Categories: Email, IP address, login credentials, user queries
- Legal basis: Contract (Terms of Service)
- Retention: 1 year after last login

b) To communicate with you
-
Categories: Email, phone, inquiry content
- Legal basis: Contract, Legitimate interest
- Retention: 5 working days from resolution

c) For direct marketing (with consent)
-
Categories: Email, social media contacts
- Legal basis: Consent
- Retention: 1 year after consent

d) To improve services and functionality
-
Categories: Cookie data, usage metrics
- Legal basis: Legitimate interest, Consent

Sensitive data: We do not intentionally process special categories of personal data. If such data is provided voluntarily and inseparable from other data, it will be processed lawfully based on your actions.

Training prohibition: We never use your personal data for AI model training unless you request and confirm this in writing.

6. DIRECT MARKETING

We only send marketing communications with your explicit consent. You may withdraw consent:
- Via your user profile settings;
- Through the “unsubscribe” link in emails;
- By emailing info@rfpx.com

Withdrawal does not affect the lawfulness of prior processing.

7. COOKIES

We use cookies to:
- Ensure core website functionality;
- Monitor usage and enhance performance;
- Personalize user experience;
- Deliver targeted ads (with consent).

You may manage cookies via our settings banner or your browser settings. For full details, refer to our Cookie Policy.

8. SHARING YOUR DATA

We only share data with:
- Trusted processors necessary to deliver services;
- Legal and compliance advisors;
- Public authorities when required by Lithuanian or EU law.

If personal data is transferred outside the EU/EEA, we apply safeguards such as Standard Contractual Clauses or adequacy decisions.

9. DATA RETENTION

We retain data:
- As long as necessary for stated purposes or required by law;
- In accordance with the terms stated in Section 5.

Outdated personal data is deleted unless retained for compliance or legal defense purposes.

10. DATA STORAGE AND SECURITY

We store personal data:
- Within the EU/EEA, or with partners offering equivalent safeguards.

Security measures include:
- Data encryption in transit and at rest;
- Role-based access control;
- Confidentiality agreements with staff and processors;
- Routine audits and penetration testing.

We will promptly notify you of any data breach affecting your rights.

11. CHILDREN’S PRIVACY

Our services are not intended for children under 16. If we become aware that personal data has been collected from a child, we will delete it without delay.

12. YOUR RIGHTS UNDER LITHUANIAN AND EU LAW

You have the right to:
- Access your personal data;
- Correct inaccurate or incomplete data;
- Request deletion of your data (right to be forgotten);
- Restrict or object to processing;
- Withdraw consent at any time;
- Request data portability in a structured, commonly used format;
- File a complaint with the State Data Protection Inspectorate of Lithuania.

13. COMPLAINTS

We encourage you to contact us first at info@rfpx.com with any concerns. If unresolved, you may file a complaint with:

Valstybinė duomenų apsaugos inspekcija (State Data Protection Inspectorate)
Address: L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
Website: vdai.lrv.lt

14. CHANGES TO THIS POLICY

We may revise this Privacy Policy from time to time. Significant changes will be communicated directly if feasible. The most current version is always available on www.rfpx.com.

15. CONTACT US

Email: info@rfpx.com

United States Address:
Such Much AI, Inc.
131 Continental Dr., Suite 305
Newark, 19702
United States

European Union Address:
Such Much AI UAB
Bukčių g. 6
Vilnius, 04127
Lithuania