Irisyo
Products Services Pricing Explore About Us Contact
EN | RO
Become a Partner
Go to App

Terms of Service (EULA)

End User License Agreement for Irisyo eye tracking analytics platform

Last Updated: December 2024

1. Definitions

"Provider" means Irisyo Labs, a company incorporated under Romanian law, operating the cloud-based eye-tracking analytics platform ("the Platform").

"Customer" means any individual or organization that registers an account, uploads data, or otherwise uses the Platform.

"Data" means any video, gaze, or related file uploaded by the Customer.

"Results" means analytics, heatmaps, graphs, or other outputs produced by the Platform from uploaded Data.

"Applicable Law" means the EU General Data Protection Regulation (GDPR), Romanian data-protection law, and any other relevant regulations.

2. Scope of Service

The Platform provides cloud-based analysis tools for eye-tracking recordings and associated data files. Customers may upload Data collected through third-party eye-tracking devices or software. The Platform automatically processes such Data to generate aggregated or statistical Results, which the Customer may view, download, or delete through their account.

3. Roles and Responsibilities

  • The Customer acts as the Data Controller for all Data uploaded to the Platform.
  • The Provider acts as Data Processor, handling Data solely on documented instructions from the Customer.
  • The Customer confirms that all Data have been collected and processed lawfully and that all participants have been properly informed and consented where required.
  • The Provider is not responsible for verifying how or under what legal basis the Customer collected the Data prior to upload.

4. Upload, Processing, and Storage

Uploaded Data are processed exclusively for generating the Results requested by the Customer. Provider personnel do not manually inspect Customer Data except for maintenance or security review. Data are stored securely in EEA-based cloud infrastructure with encryption in transit and at rest.

4A. Automated Anonymization Tool

The Platform includes an optional automated anonymization feature that may apply machine-learning models to obscure identifiable information (such as faces) in uploaded recordings. This functionality is provided solely as a technical aid to assist the Customer in its own anonymization and data-protection obligations.

The Customer acknowledges and agrees that:

  • The anonymization tool operates on a best-effort basis and may not remove or obfuscate all identifiable elements in every case.
  • Benchmark accuracy rates published by the Provider are theoretical and indicative only and do not constitute a performance guarantee.
  • The Customer remains solely responsible for ensuring that any uploaded content is processed, anonymized, or pseudonymized in compliance with Applicable Law.
  • The Provider does not warrant that use of the anonymization tool will render Data anonymous or exempt from data-protection legislation.
  • The Customer must review the processed output before any further use or disclosure.
  • The Provider may record anonymization performance metrics for quality-assurance and model-improvement purposes, using de-identified technical logs only.

5. Retention and Deletion

Data are retained for a maximum of 12 months from the last processing date unless extended by Customer request (up to 5 years). Upon deletion, Provider permanently removes Data from active storage and purges backups within 60 days. Upon request, Provider issues a deletion certificate.

6. Optional Data Use for Model Improvement

Customer may voluntarily opt-in to allow Provider to use de-identified Data for internal research and model-training purposes. By opting in, the Customer warrants that all participants were informed and consented. Consent may be withdrawn at any time.

7. Security Measures

Provider maintains encryption, access control, regular security testing, and breach notification procedures.

8. Sub-Processors

Provider may engage vetted sub-processors under equivalent data-protection terms. A current list is available upon request.

9. Data Subject Requests

Provider assists the Customer in responding to data-subject requests (access, rectification, deletion, restriction, or portability) where feasible.

10. Limitation of Liability

Each party remains responsible for its own GDPR compliance. The Provider's liability is limited to direct damages up to the fees paid in the previous 12 months. The Provider is not liable for indirect or consequential losses.

11. Governing Law and Jurisdiction

This Agreement is governed by Romanian law and EU data-protection regulations. Jurisdiction lies with the courts of Bucharest, Romania.

Your Data Protection is Our Priority

We are committed to maintaining the highest standards of data security and privacy. All data is processed in compliance with GDPR and stored securely within the European Economic Area.

Questions About Our Terms?

Our team is here to clarify any questions about these terms of service and how they apply to your use case.

Contact Us