Privacy Policy    

                                     
Effective Date: March 1, 2025

  1. Introduction
  1. Welcome to Altibbe, Inc. (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered tool (“the Service”).
  1. The Service comprises of scientific and technological services, combining AI-powered and traditional science-driven transparency reporting, scientific audit assessments, and holistic product evaluations in the field of health and sustainability analysing and validating the composition, processing methods, quality, sustainability, and ethical compliance of food, cosmetics, textiles, wellness and more.
  1. By using the Service, you consent to the practices described in this policy.

2.  Definitions

  • “AI” means  Artificial Intelligence comprising of automated systems and machine-learning algorithms used to analyze self-declared information, validate questionnaire responses, cross-reference regulatory data, and identify potential compliance risks. AI assists in generating preliminary reports, suggesting corrective actions, and enhancing verification through data pattern recognition. However, all AI-generated outputs are subject to human review and finalization to ensure accuracy and contextual relevance.
  • “Personal Data” means any information that can be used to identify an individual, in accordance with applicable privacy laws.
  • “Services” refers to all offerings provided by Altibbe, Inc., including Hedamo and other AI-powered tools, transparency reporting, scientific assessments, and data processing.
  • “User” refers to any individual or entity accessing our services.
  •    Personal Data Provided
  • In this Privacy Policy, references to “personal information” also encompass “Personal Data” as defined under the General Data Protection Regulation 2016/679 (“EU GDPR”) and the UK version of the GDPR (“UK GDPR”).  
  • According to the GDPR, Personal Data refers to any information that directly identifies an individual or can be used to identify them. However, it does not include “anonymous data,” meaning information that has been permanently altered so that the individual can no longer be identified.
    • Participation in the review process and providing information through our Service is entirely voluntary. Users have control over what they submit and may choose to omit certain details. We collect information voluntarily provided by users through questionnaires. The types of information collected includes, but are not limited to:
  • Product details, sourcing information, and compliance documents submitted for review.
  • Responses to validation questions asked by AI.
  • Additional information submitted during the review process.
  • We collect personal information from consumers given voluntarily in compliance with applicable laws. At or before the point of collection, we inform consumers of:
  • The categories of personal information collected and their intended purposes.
  • Whether the information is sold or shared with third parties.
  •  The retention period for each category of personal information, or the criteria used to determine the retention period.
  • We do not collect additional categories of personal information or use collected information for purposes inconsistent with the originally disclosed purposes without providing prior notice.
  • Additionally, when you visit, use, or interact with our Services, we automatically collect certain information about your activity (“Technical Information”):
  • Log Data: We gather details your browser or device sends when using our Services, such as your IP address, browser type and settings, timestamps, and interactions with our platform.
  • Usage Data: We track how you use our Services, including the content you engage with, features you access, actions you take, and details like your time zone, country, device type, user agent, and internet connection.
  • Device Information: We collect details about the device you use, including its name, operating system, unique identifiers, and browser type, depending on your device and settings.
  • Location Information: We may estimate your general location based on your IP address for security purposes and to enhance your experience, such as detecting unusual login activity or providing relevant responses. Some features may allow you to share precise location data from your device’s GPS.
  • Cookies & Similar Technologies: We use cookies and related technologies to operate our Services and enhance your experience. Even if you don’t create an account, we may store certain data via cookies to maintain your preferences across sessions. For more details, see our Cookie Notice.[SBR2] 
  • Retention of Personal Data
  •  
    • We will retain your Personal Data only for as long as necessary to provide our Services or for legitimate business purposes, such as resolving disputes, ensuring security, or meeting legal requirements. The retention period depends on several factors, including:
  • Purpose of Processing: Whether the data is needed to continue providing our Services.
  • Data Characteristics: The volume, type, and sensitivity of the information.
  • Security Risks: The potential harm from unauthorized access or disclosure.
  • Legal Obligations: Any applicable laws that require data retention
  • Depending on your location, you may have legal rights regarding your Personal Data, including the ability to:
  • Access your data and understand how it is processed.
    • Request deletion of your Personal Data.
    • Update or correct your information.
    • Transfer your data to a third party (data portability).
    • Restrict how your data is processed.
    • Withdraw consent at any time, where applicable.
    • Object to data processing.
  • All collected data is stored securely in our Content Management System (“CMS”). Data storage locations include, but are not limited to, India, Bangladesh, Nepal, United States, United Kingdom, European Union (France, Germany, Spain, Italy, Netherlands, etc.), Saudi Arabia & GCC countries (UAE, Qatar, Oman, Bahrain, Kuwait), Canada, Australia, South America, and Africa.
  • If you have any questions regarding the data policy or exercising your rights you can submit a request via email to corp@altibbe.com.
  • The Hedamo tool generates responses based on user input, which means outputs may not always be factually accurate. If you find inaccurate information about yourself and wish to request its correction or removal, you can submit a request via email to corp@altibbe.com. We will review such requests in accordance with applicable laws and the technical constraints of our models.
  •  Sharing of Personal Information
  • We ensure that the collection, use, retention, and sharing of personal information is reasonably necessary and proportionate to achieve the disclosed purposes and is not processed in a manner incompatible with those purposes.
  •  We may use Personal Data for the following purposes:
  • Providing and Maintaining Services: To operate, analyse, and support our Services.
  • Enhancing and Developing Services: To improve existing features, create new functionalities, and conduct research.
  • Communication: To keep you informed about updates, changes, and events related to our Services and latest developments in the field of processing methods, quality, sustainability, and ethical compliance of food, cosmetics, textiles, wellness and more.
  • Security and Fraud Prevention: To detect and prevent fraudulent activities, misuse, and security threats.
  • Legal and Safety Compliance: To meet legal requirements and safeguard the rights, privacy, safety, and property of users, and third parties.
  • Aggregation of Data: we may aggregate or anonymize Personal Data so it no longer identifies you. This data may be used to analyse service usage, enhance features, and support research. We will maintain de-identified data in its anonymized state and will not attempt to re-identify it unless legally required.
  • We may share your Personal Data under the following circumstances:
  • Vendors and Service Providers: We may disclose Personal Data to third-party vendors who assist with our business operations, such as hosting services, customer support, cloud storage, security monitoring, web analytics, email communication, and payment processing. These providers only access and process data as necessary to perform their services based on our instructions.
  • Government Authorities and Legal Compliance: We may disclose Personal Data to government agencies, industry peers, or other third parties if required by law or if we believe it is necessary to: (i) comply with legal obligations, (ii) protect our rights and property, (iii) enforce our terms and policies, (iv) prevent fraud or other illegal activities, (v) ensure the security of our products, employees, users, or the public, or (vi) protect against legal liability. 
  • Affiliates: We may share Personal Data with our affiliated entities, which are organizations under common ownership or control, and they will use the data in accordance with this Privacy Policy.
  • We reserve the right to share personal information with third parties, service providers, or contractors to carry out our services we shall enter into agreements based on applicable laws that:
  • Restrict the use of personal information to specified purposes.
  • Require compliance with applicable privacy obligations.
  • Grant us rights to take reasonable steps to ensure compliance.
  • Obligate notification if the third party can no longer meet its privacy obligations.
  • Allow us to stop and remediate unauthorized use of personal information.
  •  For Residents of the European Economic Area (EEA) and the United Kingdom
  • If you are located in the European Economic Area (EEA) or the United Kingdom, we take measures to ensure that your Personal Data remains protected when it is collected, transferred, and stored outside these regions.
  • Certain third parties with whom we may share your Personal Data as outlined above could be based outside the EEA or the UK. In such cases, we implement legal safeguards to ensure that your data receives the same level of protection as required within the EEA or UK. Depending on the circumstances, we rely on the European Commission’s Standard Contractual Clauses to maintain this level of protection.
  • We will retain your contact details, such as your name and email address, as long as necessary to provide our Services. Additionally, some data, including Personal Data and log files, may be stored in an encrypted format on backup systems for disaster recovery and security purposes for an extended period, potentially up to five years.
  • Legal Basis for Processing Under the GDPR, we must ensure that we have a valid legal basis for processing your Personal Data. The legal bases we rely on include:
  • Contractual Necessity – We process your Personal Data when it is necessary to fulfill a contract we have entered into with you or to take steps at your request before entering into a contract to fulfil the Services you have hired us to complete.
  • Legitimate Interests – We may process your Personal Data when it is necessary for our legitimate business interests, provided that these interests do not override your fundamental rights and freedoms. Our legitimate interests include providing customer support, ensuring the security and proper operation of our services, improving our offerings, and promoting our products and services.
  • Compliance with Law – We process your Personal Data when necessary to comply with legal and regulatory obligations.
  • Consent – In cases where we rely on your consent, we will only process your Personal Data for the specific purpose for which consent was given. You may withdraw your consent at any time.
  • We use your Personal Data for various purposes, including:
  • Responding to your comments, inquiries, and requests, which is based on our legitimate interest in providing customer support.
  • Managing your account, which is based on contractual necessity.
  • Monitoring and maintaining the security and performance of our websites and mobile applications, which is based on our legitimate interest in ensuring proper functionality and security.
  • Providing personalized services and interest-based advertising, which may be based on consent or legitimate interest, depending on the circumstances.
  • Hosting or managing events, which is based on our legitimate interest in promoting our business.
  • Sending you marketing communications, which may be based on your consent or our legitimate interest in promoting our services.
  • Complying with legal and contractual obligations and protecting our legal interests, which may be based on compliance with law or legitimate interests.
  • Creating aggregated, de-identified, or anonymized data, which is based on our legitimate interest in ensuring minimal intrusiveness while processing Personal Data.
  • International Data Transfers

    Your Personal Data may be transferred to countries with different data protection laws than your own. If we transfer Personal Data from Europe to a country that has not been deemed to provide an adequate level of protection, we will ensure that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses or the UK’s International Data Transfer Agreement. Any onward transfer to third parties will also be subject to applicable legal requirements.

  • Data Retention

           We retain your Personal Data for as long as necessary to provide our services, comply with legal obligations, and protect our legal interests. For example, if you register for an account, we will retain your Personal Data while your account remains active and thereafter only as required by law, contractual obligations, or legal claims. Once the data is no longer needed, we take appropriate measures to delete, erase, or anonymize it.

  • Data Subject Rights
  • If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you

have certain rights regarding your Personal Data, including:

  • The right to access your Personal Data and information about how it is processed.
  • The right to correct inaccurate or incomplete Personal Data.
  • The right to request deletion of your Personal Data when there is no legitimate reason for us to keep it.
  • The right to data portability, allowing you to receive a copy of your Personal Data in a structured, machine-readable format and request its transfer to another service.
  • The right to restrict processing in certain circumstances, such as when verifying the accuracy of your data.
  • The right to object to processing where we rely on legitimate interests, including for direct marketing purposes.
  • The right to withdraw consent at any time when processing is based on consent.
  • To exercise your rights, you can access your account settings or contact us at corp@altibbe.com. Please note that some rights may be subject to legal or regulatory limitations.
  • Right to Complain

If you are not satisfied with how we handle your Personal Data, you have the right to file a complaint with your local data protection authority.

  • Your Choices

Providing Personal Data is optional, but if you choose not to provide certain information, some services may not be available to you. You may also use our services without accepting non-essential cookies, although this may limit personalization features.

  • Data Privacy Framework Participation

         We comply with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as established by the U.S. Department of Commerce.

  • For residents of California
  • Based on the criteria outlined in the California Consumer Privacy Act (CCPA), we do not currently meet the requirements for compliance. We collect information only from individuals who express interest in our enterprise products and voluntarily choose to be contacted. However, if you wish to reach out to us, please refer to the Contact section below. 
  • Under the CCPA, California residents have the right to request the following:
  • The categories of personal information we have collected about you.
  • The sources from which we collect your personal information.
  • The business or commercial purpose for collecting or selling your personal information.
  • The categories of third parties with whom we share personal information.
  • The specific pieces of personal information we have collected about you.
  • A list of categories of personal information we have sold, along with the category of any third party to whom we sold it. If we have not sold your personal information, we will confirm this.
  • A list of categories of personal information we have disclosed for business purposes and the third parties with whom we shared it. 
  • Under Section 1798.83 of the California Civil Code, California residents have the right to request details about the types of personal information a business shares with third parties for their direct marketing purposes. This request can also include the identities of the third parties that received such information in the previous calendar year. To request this information, please contact us using the email or mailing address listed in the “Contact Us” section, with “California Privacy Request” in the subject line. Please note that we are only required to respond to such requests once per calendar year and only when submitted to the designated contact information.
  • Some users enable the “Do Not Track” setting in their web browsers to signal websites to stop tracking their activity. Currently, we do not recognize or respond to these settings, meaning we may still collect data about your browsing activity even if you have enabled “Do Not Track” in your browser.
  • You have the right to request this information up to two times within a rolling twelve-month period. The details provided in response to such a request may be limited to personal information collected within the past 12 months. We will respond to your request within one month of receipt. 
  • We do not sell or rent your personal information to third parties for financial or other valuable consideration. However, we may share Personal Data and aggregated or de-identified data for business purposes as permitted under the CCPA. In some cases, transferring personal information to a third party or within our group of companies—without financial exchange—may be classified as a “sale” under California law.
  • For residents of Virginia

Under Sections 59.1-575 to 59.1-584, of the Virginia Consumer Data Protection Act you have  rights regarding their Personal Data, including access, correction, deletion, and portability. You can opt out of targeted advertising and the sale of Personal Data. We shall implement security measures to protect consumer data.

  •  For residents of Colorado

As per Sections 6-1-1301 to 6-1-1313 of the Colorado Privacy Act, we provide transparency regarding data collection and processing after getting your consent which is required before processing sensitive Personal Data. You have rights to access, correction, deletion, and opting out of targeted advertising and profiling.

  1. For Residents of Connecticut

According to Sections 1-17 of the Connecticut Data Privacy Act you have the right to access, correct, delete, and obtain a copy of their Personal Data. We limit data collection and processing to what is necessary for legitimate purposes.

  1. For residents of Utah

As established in Sections 13-61-101 to 13-61-403 of the Utah Consumer Privacy Act (UCPA) you have rights to access and delete their data. The law sets security and transparency obligations for businesses handling consumer data.

  1. For residents of New York

As per the New York SHIELD Act, we implement reasonable data security safeguards to protect your information. Compliance includes administrative, technical, and physical security measures to prevent data breaches.

  1. For residents of Texas

        Under Texas Data Privacy and Security Act (TDPSA)  and the Texas Privacy Protection Act we established data security requirements and obligations for breach notifications. We  implement security measures and report breaches in a timely manner.

  1. For residents of Canada

As per the Personal Information Protection and Electronic Documents Act,  we follow fair data collection principles and ensure transparency. You have rights to access, correct, and withdraw their Personal Data.

  1. For residents of Australia

             As per the Australia Privacy Act, 1988 we employ obligations regarding data collection, retention, and disclosure. You have rights to access and correct their Personal Data.

  1. For residents of Brazil

Under Articles 7-18,  General Data Protection Law, you have rights to data access, correction, and deletion, we ensure lawful data processing based on consent, legal obligation, or contractual necessity.

  1. For residents of India

   As per the Digital Personal Data Protection Act, 2023, sections 4-12,  we have a lawful basis for processing Personal Data. You have rights to access, correction, and erasure of your Personal Data. Consent is required before collecting and processing Personal Data, except under specific legal grounds.

  1. For residents of Nepal

As per the Nepal privacy Act, 2018, you  must provide informed consent before your data can be collected or processed by us.

  1. For residents of United Kingdon

As per the  Data Protection Act 2018, we allow you to access, rectification, erasure, restriction of processing, and data portability.

  • For residents of  Saudi Arabia

Under Personal Data Protection Law we employ lawful data processing, requiring consent for data collection. You have rights to access, correction, and deletion of their data.

  • For residents of  United Arab Emirates

Under Federal Decree-Law No. 45 of 2021 we require explicit consent-based data collection and processing. Your have rights to access, correct, and delete their Personal Data.

  • For residents of South Africa

 We have employed requirements for lawful data processing, consent, and security measures. You  have rights to access and correct their Personal Data.

  •  For residents of  Qatar, Bahrain, Kuwait, and Oman

As per applicable law we established data processing compliance obligations, including obtaining user consent before processing data and adequate data security measures

  • Consumers’ Rights
  • Request Deletion: Consumers may request the deletion of their personal information. If we receive a verifiable request, we will delete the information from our records and instruct our service providers, contractors, and third parties to do the same unless an exception applies (e.g., legal obligations, security purposes, or contractual obligations).
  • Request Correction: Consumers may request corrections to inaccurate personal information, and we will use commercially reasonable efforts to update the information accordingly.
  • Request Access: Consumers may request details regarding:
  • Categories of personal information collected.
    • Sources of personal information.
    • Business or commercial purposes for collection, selling, or sharing.
    • Categories of third parties to whom personal information is disclosed.
    • Specific pieces of personal information collected.
  • To exercise these rights, consumers may submit a verifiable request using the contact information provided in this policy. We will respond within the timeframes required by law and in accordance with our legal obligations.
  • We may deny deletion requests if retention is necessary to:
  • Complete a transaction or fulfill a contractual obligation.
  • Maintain security and integrity.
  • Identify and fix errors.
  • Exercise free speech or comply with legal obligations.
  • Conduct research in accordance with privacy laws.
  • Enable internal uses aligned with consumer expectations.

This Privacy Policy Clause is effective as of the date stated and is subject to amendments in compliance with applicable legal requirements.

  • Data Security


We implement industry-standard security measures to protect your data. We take commercially reasonable technical, administrative, and organizational steps to safeguard Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, no internet or email communication is completely secure or error-free. As a result, you should be cautious about the information you share through the Services. Additionally, we are not liable for any attempts to bypass privacy settings or security measures within the Services or on third-party websites.

  • Information Choices and Changes
  • Our marketing communications include instructions on how to opt out of receiving them. However, even if you choose to opt out, we may still send you non-marketing communications, such as those related to your account or essential business communications.  
  • If you wish to access, update, or change your contact preferences, opt out of data sharing, or update your personal information, you can submit a request using the contact details provided below.
  • You can also manage cookies through your browser settings, where you typically have the option to remove or block cookies. Most browsers are set to accept cookies by default, but you can adjust these settings at any time. Keep in mind that disabling or rejecting cookies may impact the functionality of our Site.
  • We do not intentionally gather personal information from individuals under the age of 16. If we become aware that we have collected personal information from a minor under 16, we will take the necessary legal steps to remove the data. If you suspect that we may have collected information from a child under 16, please reach out to us at corp@altibbe.com.
  •   AI Disclaimer Clause
  • We utilize artificial intelligence (AI) technologies to enhance our services, including but not limited to automated processing, data analysis, and customer interactions.  
  • While we strive for accuracy, AI-generated outputs may contain errors, omissions, or misinterpretations. We do not guarantee the completeness, reliability, or correctness of AI-generated responses, decisions, or recommendations.
  • By using our services, you acknowledge and agree that:
  • AI-generated content is provided on an “as-is” basis without warranties of any kind, express or implied.
  • We are not liable for any inaccuracies, unintended biases, or potential harm resulting from AI-generated outputs.
  • Users should independently verify critical information before relying on AI-generated content for decision-making.
  • If you identify an error, we encourage you to report it so we can improve our systems.
  • For users in the United States, this disclaimer aligns with applicable state and federal AI and consumer protection laws, including but not limited to the FTC Act.
  • For users in the European Union and the United Kingdom, AI-generated content is subject to GDPR and the UK Data Protection Act 2018.
  • For users in Canada, this disclaimer is governed by PIPEDA and provincial privacy laws.
  • For users in Australia, our AI use complies with the Privacy Act 1988 and the Australian Consumer Law.
  • For users in other jurisdictions, local data protection, consumer, and AI regulations may apply.
  • This disclaimer applies to all AI-driven features within our platform and may be updated as AI technology and legal standards evolve.
  • Changes to This Privacy Policy


We may update this policy periodically. Any changes will be posted on this page with an updated effective date.

  • Contact Information


If you have any questions about this Privacy Policy, please contact us at corp@altibbe.com.