This Privacy Policy describes how Carefree Computing (“Carefree Computing,” “we,” “us,” or
“our”) collects, uses, processes, discloses, and safeguards personal information in connection
with our website located at www.carefreecomputing.cloud (the “Site”), and all services,
platforms, software, and related infrastructure we provide, including but not limited to Remote IT
Management (RustDesk), Real-Time Security Monitoring (Wazuh), Nextcloud CRM &
Collaboration, Private AI, SearxNG Private Search, Multilingual Chatbot and AI Automation, and
Custom Web Design services (collectively, the “Services”).
By accessing or using our Site or Services, you acknowledge that you have read, understood,
and agree to be bound by the terms of this Privacy Policy. If you do not agree, please
discontinue use of our Site and Services immediately.
- INFORMATION WE COLLECT
We collect several categories of information depending on how you interact with our Site and
Services:
1.1 Information You Provide Directly
Contact and inquiry information: name, email address, phone number, company name, job title,
and any message content submitted through our contact forms, audit request forms, or chatbot
interfaces.
Account and billing information: name, billing address, payment method details (processed via
third-party payment processors), and subscription preferences.
Configuration and technical data: infrastructure preferences, deployment region selections
(U.S., EU, or local), device information, and service customization requirements.
Communications: correspondence with our support team, email exchanges, and chat
transcripts.
1.2 Information Collected Automatically
Log and usage data: IP addresses, browser type and version, operating system, referring URLs,
pages viewed, time and date of access, and session duration.
Device identifiers: unique device IDs, hardware model, and network information.
Cookies and tracking technologies: session cookies, preference cookies, analytics tokens, and
similar technologies (see Section 10 for details).
Interaction data: how you navigate and interact with our Site, features accessed, and search
queries entered via Aivorys Private Search.
1.3 Information From Third Parties
Integration data: when you connect our Services to third-party platforms (e.g., WhatsApp,
Instagram, Facebook Messenger, Google Sheets), we may receive data transmitted through
those integrations as configured by you.
Business partner data: information shared by referral partners or resellers for account setup
purposes.
1.4 Information Generated Through Service Delivery
Security monitoring data: system event logs, threat alerts, and endpoint telemetry generated by
our Wazuh-based security monitoring services.
Remote session data: connection logs and session metadata generated through our RustDesk
remote IT management platform.
AI interaction data: inputs and outputs from our Private AI Assistant and Multilingual Chatbot,
which may include business content, customer messages, and lead information.
Search queries: anonymized or pseudonymized queries submitted through our SearxNG private
search engine. By design, SearxNG is built to minimize data retention and avoid user profiling.
- METHODS OF COLLECTION
We collect personal information through the following methods:
Directly from you when you submit forms, request a free systems audit, sign up for our Services,
or communicate with our team.
Automatically through standard web server technologies, analytics tools, and cookies placed on
your device when you visit our Site.
Through third-party platform integrations that you authorize as part of your service configuration.
Through our deployed software and infrastructure components (RustDesk, Wazuh, Nextcloud,
Open WebUI) operating on your behalf within your contracted environment. - LEGAL BASES FOR PROCESSING PERSONAL DATA
For individuals located in the European Union, United Kingdom, or other jurisdictions with
similar requirements, we rely on the following legal bases to process personal data:
Performance of a contract: processing necessary to fulfill our obligations under a service
agreement with you, including deploying infrastructure, providing support, and billing.
Legitimate interests: processing necessary for our legitimate business interests, such as
improving our Services, maintaining security, preventing fraud, marketing our Services, and
communicating with prospects, provided such interests are not overridden by your fundamental
rights.
Consent: where required by applicable law, we obtain your explicit consent prior to processing
(e.g., placing non-essential cookies or sending marketing communications). You may withdraw
consent at any time.
Compliance with legal obligations: processing required to comply with applicable laws,
regulations, court orders, or governmental requests. - HOW WE USE YOUR INFORMATION
Carefree Computing uses the information we collect for the following purposes:
4.1 Service Delivery and Operations
To provision, configure, deploy, and manage our Services on your behalf, including RustDesk
remote access, Wazuh security monitoring, Nextcloud CRM, Private AI, SearxNG search, and
chatbot solutions.
To authenticate users, manage account access, and ensure service availability and uptime.
To process payments, generate invoices, and manage billing.
4.2 Customer Support and Communication
To respond to inquiries, service requests, system audit requests, and support tickets.
To provide onboarding, technical configuration assistance, and ongoing managed service
support.
To send transactional communications such as service confirmations, invoices, and scheduled
maintenance notices.
4.3 Security and Fraud Prevention
To monitor, detect, investigate, and respond to security threats, unauthorized access, and abuse
of our platform.
To enforce our Terms and Conditions and protect the integrity of our infrastructure.
4.4 Improvement and Analytics
To analyze usage patterns and service performance for the purpose of improving our platform
features, stability, and scalability.
To conduct internal research, product development, and service optimization.
4.5 Marketing and Business Development
To communicate with prospective clients about our Services, promotions, and updates where
lawful to do so.
To conduct lead qualification through our Multilingual Chatbot, including collecting names, email
addresses, budgets, and intent data that you voluntarily provide.
To send email newsletters or updates, subject to your consent or our legitimate interests, with a
clear option to unsubscribe.
4.6 Legal and Compliance
To comply with applicable law, regulation, or lawful governmental requests.
To enforce our legal rights or defend against legal claims. - DATA SHARING AND THIRD PARTIES
We do not sell your personal information. We do not share your personal data with third parties
for their own independent marketing purposes. We may share your information in the following
limited circumstances:
5.1 Service Providers and Subprocessors
We engage trusted third-party vendors to assist in delivering our Services, including:
Cloud hosting and infrastructure providers (data centers and VPS providers in your selected
region: U.S. or EU).
Payment processors (e.g., Stripe or similar) who process billing information on our behalf under
their own PCI-compliant frameworks.
Email and communication platforms used for transactional and marketing communications.
Analytics tools used to assess Site performance (configured to minimize personal data
collection where possible).
These service providers are contractually required to process data only on our instructions and
to maintain appropriate security safeguards.
5.2 Third-Party Platform Integrations
When you authorize integrations between our Services and third-party platforms (e.g.,
WhatsApp Business API, Instagram Messaging, Facebook Messenger, Google Sheets, or CRM
systems), data shared with or received from those platforms is governed both by this Privacy
Policy and the privacy policies of those third-party platforms. We are not responsible for the
privacy practices of third-party platforms you choose to connect.
5.3 Open-Source Software Components
Our Services are built on open-source software components, including RustDesk, Wazuh,
Nextcloud, Open WebUI, and SearxNG. These tools are deployed within your private
infrastructure environment. We do not share your data with the upstream open-source project
communities.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate
transaction, your personal information may be transferred to the successor entity, subject to the
same privacy protections as described in this Policy.
5.5 Legal Compliance and Protection
We may disclose personal information if required by law, court order, or governmental authority,
or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety
of Carefree Computing, our clients, or the public.
- INTERNATIONAL DATA TRANSFERS
Carefree Computing operates globally and offers infrastructure deployment in your preferred
region (United States or European Union). We endeavor to store and process your data within
the region you select during onboarding.
Where data is transferred across international borders, including transfers from the European
Economic Area (EEA) or United Kingdom to other countries, we ensure appropriate safeguards
are in place in accordance with applicable data protection law. Such safeguards may include:
Standard Contractual Clauses (SCCs) approved by the European Commission.
Adequacy decisions issued by relevant regulatory authorities.
Other lawful transfer mechanisms permitted under GDPR, UK GDPR, or applicable privacy law.
You may request information about the specific transfer mechanisms applicable to your data by
contacting us at the details provided in Section 15.
- SECURITY MEASURES
Carefree Computing takes data security seriously. We implement and maintain a range of
technical, administrative, and physical safeguards designed to protect your information against
unauthorized access, disclosure, alteration, and destruction, including:
Private cloud infrastructure deployed in your selected geographic region, minimizing exposure
to third-party cloud ecosystems.
Real-time threat detection and intrusion monitoring powered by our Wazuh security platform.
Encrypted communications using industry-standard TLS/SSL protocols.
Role-based access controls and authentication requirements for administrative access.
Regular system patching, updates, and vulnerability assessments as part of our managed
service operations.
Offsite encrypted backups included in all service tiers.
Notwithstanding the foregoing, no method of data transmission or storage is completely secure.
While we strive to implement commercially reasonable safeguards, we cannot guarantee
absolute security. You are responsible for maintaining the confidentiality of your account
credentials and for notifying us promptly of any suspected unauthorized access. - DATA RETENTION
We retain personal information for as long as necessary to fulfill the purposes described in this
Privacy Policy, to comply with our legal obligations, resolve disputes, and enforce our
agreements. Our general retention principles are:
Active account data is retained for the duration of your service agreement with us.
Billing and transactional records are retained for a minimum of seven (7) years to comply with
applicable tax and financial regulations.
Security and system event logs generated through Wazuh monitoring are retained in
accordance with your service tier and applicable legal requirements.
Marketing communications and inquiry data are retained until you opt out or request deletion,
whichever comes first.
Chatbot interaction logs and lead data are retained as configured in your service deployment
unless you direct otherwise.
Upon termination of your service agreement, we will securely delete or anonymize your
personal data within a commercially reasonable timeframe unless longer retention is required by
law.
- YOUR RIGHTS AND CHOICES
Depending on your jurisdiction of residence, you may have the following rights with respect to
your personal information:
9.1 Rights Under GDPR (EU/UK Residents)
Right of access: to request a copy of the personal data we hold about you.
Right to rectification: to request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): to request deletion of your personal data where no
legitimate legal basis for continued processing exists.
Right to restriction of processing: to request that we limit how we use your data in certain
circumstances.
Right to data portability: to receive your data in a structured, machine-readable format.
Right to object: to object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent: where processing is based on consent, to withdraw it at any time
without affecting the lawfulness of prior processing.
Right to lodge a complaint: with your relevant national data protection supervisory authority.
9.2 Rights Under CCPA/CPRA (California Residents)
California residents have the following rights under the California Consumer Privacy Act (CCPA)
and California Privacy Rights Act (CPRA):
Right to know: to request disclosure of the categories and specific pieces of personal
information we have collected, the sources of collection, the purposes of use, and the
categories of third parties with whom we share it.
Right to delete: to request deletion of personal information we have collected, subject to
applicable exceptions.
Right to correct: to request correction of inaccurate personal information.
Right to opt out of sale or sharing: we do not sell or share personal information for cross-context
behavioral advertising.
Right to limit use of sensitive personal information: where applicable.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA
rights.
California residents may submit requests by contacting us using the information in Section 15.
We will respond within the timeframes required by applicable law (generally 45 days, with
extensions available).
9.3 Other Jurisdictions
Residents of other jurisdictions with applicable privacy rights (including Canada, Australia, and
other regions) may exercise similar rights to access, correct, or delete their personal data in
accordance with local law. Please contact us to submit a request.
9.4 California Automatic Renewal Law Compliance
We comply with California’s Automatic Renewal Law. We will notify you, the consumer, at least
7 days but no more than 30 days before new fees take effect. To cancel your contract with us,
please notify us in writing by sending an email to contact@Aivorys.com for Aivorys or
contact@carefreecomputing.cloud for Carefree Computing. We will confirm your cancellation
date in writing.
- COOKIES AND TRACKING TECHNOLOGIES
10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our Site. We also use similar
tracking technologies such as web beacons, pixels, and local storage.
10.2 Categories of Cookies We Use
Essential/Strictly Necessary Cookies: Required for core Site functionality such as navigation,
form submission, and security. These cannot be disabled without impairing Site performance.
Functional/Preference Cookies: Used to remember your preferences and settings (e.g.,
language, region selection) to enhance your experience.
Analytics Cookies: Used to collect aggregated data about Site usage patterns and performance.
We configure analytics tools to minimize personal data collection where feasible.
Marketing and Tracking Cookies: We endeavor to minimize the use of third-party marketing
cookies. Where such cookies are deployed by embedded third-party widgets or integrations,
they are governed by the privacy policies of those third parties.
10.3 Your Cookie Choices
You may control cookies through your browser settings. Most browsers allow you to block or
delete cookies. Please note that blocking essential cookies may impair Site functionality. Where
required by applicable law, we present a cookie consent mechanism upon your first visit to our
Site.
10.4 Aivorys Private Search
Our integrated Aivorys Private Search (powered by SearxNG) is specifically designed to provide
anonymous, ad-free, tracking-free search results. Queries submitted through this tool are not
associated with personal identifiers and are not stored for user profiling purposes. - CHILDREN’S PRIVACY
Our Site and Services are not directed to individuals under the age of eighteen (18). We do not
knowingly collect personal information from children under 18. If you are a parent or guardian
and believe that your child has provided personal information to us without your consent, please
contact us immediately at the contact details provided in Section 15. Upon verification, we will
promptly delete such information from our systems.
If you are under 18, please do not access or use our Site or Services or submit any personal
information to us.
- HIPAA NOTICE — HEALTHCARE AND PROTECTED HEALTH
INFORMATION
IMPORTANT NOTICE FOR HEALTHCARE PROVIDERS AND ORGANIZATIONS
The standard services offered by Carefree Computing — including, without limitation, our
Multilingual Chatbot, AI Automation, Private AI Assistant, Remote IT Management, Real-Time
Security Monitoring, Nextcloud CRM, SearxNG Search, and web design services — are NOT
configured, designed, or warranted to comply with the Health Insurance Portability and
Accountability Act of 1996 and its implementing regulations, as amended (collectively, “HIPAA”),
under their default configurations and standard subscription tiers.
Healthcare providers, covered entities, business associates, and any organization that creates,
receives, maintains, or transmits protected health information (“PHI”) as defined under HIPAA
must NOT process, store, transmit, or otherwise handle PHI through Carefree Computing’s
standard platform environment unless a separate, dedicated HIPAA-compliant infrastructure
agreement has been explicitly established with Carefree Computing in writing.
HIPAA-compliant infrastructure is available as a specialized, separately contracted service.
Such services include, where applicable: execution of a Business Associate Agreement (BAA),
deployment of dedicated (non-shared) infrastructure, implementation of HIPAA-required
technical safeguards, access controls, audit logging, and breach notification procedures. These
configurations are not included in any standard subscription tier (Budget, Expanding, Deluxe, or
Full Service).
Carefree Computing expressly disclaims any representation, warranty, or assurance of HIPAA
compliance in connection with its standard Services. Any use of standard Carefree Computing
services for the processing of PHI without a separately executed HIPAA-compliant infrastructure
agreement is undertaken solely at the client’s own risk. Carefree Computing will not be liable for
any regulatory penalties, enforcement actions, or damages arising from such unauthorized use.
To inquire about our dedicated HIPAA-compliant infrastructure solutions, please contact us at:
info@carefreecomputing.cloud. - CHANGES TO THIS PRIVACY POLICY
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our
practices, technology, legal requirements, or for other operational or business reasons. When
we make material changes, we will:
Update the “Last Updated” date at the top of this Privacy Policy.
Post the revised Privacy Policy on our Site at www.carefreecomputing.cloud.
Where required by applicable law or where we deem it appropriate, notify you by email or
through a prominent notice on our Site.
Your continued use of the Site or Services following the posting of changes constitutes your
acceptance of such changes. We encourage you to review this Privacy Policy periodically.
- THIRD-PARTY LINKS
Our Site and Services may contain links to third-party websites, integrations, or services that are
not operated by Carefree Computing. This Privacy Policy does not apply to those third-party
platforms. We encourage you to review the privacy policies of any third-party service before
providing personal information to it. We are not responsible for the content, privacy practices, or
security of any third-party sites. - CONTACT US
If you have questions, concerns, or requests relating to this Privacy Policy, your personal
information, or your rights, please contact us:
Carefree Computing
Email: info@carefreecomputing.cloud
Website: www.carefreecomputing.cloud
Contact Form: www.carefreecomputing.cloud/contact-us/
For EU/EEA residents with GDPR inquiries, or California residents exercising CCPA/CPRA
rights, please include “Privacy Request” in the subject line of your correspondence. We will
endeavor to respond within the timeframes required by applicable law.