iTeh Standards logo
EURUSD
Your shopping cart is empty.

Privacy Policy

Privacy Policy

Last updated: 2026-05-23.

iTeh Inc. ("iTeh", "we", "us"), a Delaware corporation, operates standards.iteh.ai (the "Site" or "Platform"). This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how long we keep it, and the rights you have over it.

This Privacy Policy is incorporated into the Terms and Conditions and Customer Licence Agreement by reference. Capitalized terms not defined here have the meaning given to them in the Terms and Conditions.

By using the Site you agree to the collection, use, and disclosure of information as described in this Privacy Policy.

1. Data controller and contact

iTeh Inc. is the controller of personal data processed on the Platform. For any privacy-related request — including access, correction, deletion, portability, or objection — contact our Data Protection Officer at support@iteh.ai.

2. What we collect

2.1 Information you provide

  • Account data — name, email address, password (stored hashed), language preference, profile photo.
  • Organization data — company name, address, VAT/Tax ID, website, member list, role assignments (Admin/User).
  • Billing data — billing address, country, VAT/Tax ID, purchase order or requisition numbers you enter at checkout.
  • Order data — items purchased, quantities, access intervals selected, coupons used, communication preferences.
  • Engineering Workplace annotations — text, highlights, freehand drawings, and comments you create while reading Documents under a Subscription, together with the page/text anchors used to position them.
  • AI Chat conversations — the messages you send to AI Chat and the responses generated, for the duration of your access to the related Document.
  • Support communications — the content of emails, chat, and tickets you send to support.

2.2 Information collected automatically

  • Log data — IP address, browser type and version, device type, the pages you visit, referrer, the time and date of access, and the time spent on each page.
  • Telemetry and error data — application performance metrics, exception traces, and feature-usage signals processed through Azure Application Insights.
  • Cookies and similar technologies — see Section 5.
  • Reading and access activity — which Documents you open, when, and (for licence-enforcement purposes) from which Account and Subscription.
  • API and MCP usage — when you or an AI agent you authorize calls our APIs or MCP endpoints, we log the request, the authenticated Account, and the response status for rate-limiting, abuse prevention, and billing.

2.3 Information from third parties

  • Payment confirmations from Stripe and PayPal (transaction status, anonymized card metadata, payer email, country) — see Section 6.2.
  • Bank-transfer reconciliation data from our bank.
  • Single sign-on profile data (name, email, public profile photo) if you choose to register or sign in with Google or another social provider you connect to your Account.

We do not receive or store full payment card numbers; those are handled by Stripe under its own PCI-DSS controls.

3. How we use your data

We process personal data on the legal bases set out in Section 4. The purposes include:

  • creating and operating your Account and organization memberships;
  • processing your Orders, recurring Subscription charges, refunds, and disputes;
  • delivering the Documents and access rights you purchase;
  • providing the Engineering Workplace and AI Chat features;
  • sending transactional emails — Order confirmations, Subscription renewal notices, security alerts, and platform outages (invoices themselves are made available from your Account profile, not sent by email);
  • sending newsletters and product announcements only to the extent you have opted in;
  • improving the Site, debugging errors, and analyzing aggregate usage;
  • detecting and preventing fraud, licence abuse, and security incidents;
  • complying with tax, accounting, audit, and other legal obligations.

When you purchase a Document, the "follow" flag on that Document is enabled by default so that you receive notices of corrigenda, revisions, or withdrawals affecting Documents you own. You can disable this before checkout or manage your followed Documents from Account → My Documents.

4. Legal bases for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

PurposeLegal basis
Account registration, Order fulfilment, Subscription billing, supportPerformance of a contract (Art. 6(1)(b))
Tax invoicing, accounting retention, fraud prevention, statutory record-keepingLegal obligation (Art. 6(1)(c))
Security monitoring, abuse prevention, service improvement, basic analyticsLegitimate interests (Art. 6(1)(f))
Marketing emails, non-essential cookies, optional analyticsConsent (Art. 6(1)(a)) — withdrawable at any time

You can withdraw consent at any time without affecting the lawfulness of prior processing.

5. Cookies and similar technologies

We use cookies and similar technologies in three categories:

  • Strictly necessary — authentication, session state, cart contents, CSRF tokens, language preference. These cannot be disabled if you want to use the Site.
  • Functional — remembers preferences such as recently viewed Documents, viewer zoom, and UI panel state.
  • Analytics — aggregate usage statistics via Google Analytics and Azure Application Insights. Loaded only with your consent.

You can refuse non-essential cookies through the cookie banner or through your browser settings. Refusing strictly-necessary cookies will prevent the Site from functioning.

6. How we share your data

We do not sell your personal data. We share data with the following categories of recipients, only as needed for the purposes described above:

6.1 Service providers (processors)

  • Google Cloud Platform — hosting, storage, search indexing, prerender (US/EU regions).
  • Microsoft Azure — Application Insights telemetry.
  • SendGrid — transactional and (where opted in) marketing email.
  • Cloudflare or equivalent — content delivery and DDoS protection.

6.2 Payment processors

  • Stripe — card payments. See https://stripe.com/privacy.
  • PayPal — PayPal payments. See PayPal's privacy policy.
  • Our banking partner — for bank-transfer reconciliation.

6.3 AI providers

When you use AI Chat, the text of the Document you are reading and the messages you exchange with the assistant are sent to a third-party AI provider — currently OpenAI and/or Anthropic — for inference. These providers process the data under their own terms and do not use customer content from API requests to train their general-purpose models. We send only what is required to fulfil the request; we do not send your Account identifiers, payment data, or unrelated content. See Section 8.

6.4 Publishers and standards bodies

We share aggregated, non-identifying sales statistics with the issuing bodies of the Documents you purchase. We may share identifying data (your billing organization, country, Order quantity) where required by our distribution agreements with a specific publisher, on the same confidentiality basis the publisher applies to its own direct customers.

6.5 Legal disclosures

We may disclose personal data when required to comply with a lawful order from a competent authority, to protect our rights, to enforce our terms, or to investigate fraud or security incidents.

6.6 Corporate transactions

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction, subject to the recipient honouring at least the protections described in this Privacy Policy.

7. International data transfers

We are headquartered in the United States and operate infrastructure in the United States and the European Union. Where personal data is transferred outside your jurisdiction, we rely on appropriate safeguards — typically the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms — and additional technical and organizational measures where required.

8. AI Chat data handling

AI Chat is a paid add-on whose data flow merits its own section.

  • What is sent. Each message you type, plus the text of the single Document you are reading, plus any prior turns of the same conversation needed for context.
  • What is not sent. Your name, email, payment data, IP address, other Documents in your library, conversations from other Documents, annotations from the Engineering Workplace, or activity outside the open AI Chat session.
  • Retention by AI providers. Subject to the provider's own retention windows for abuse prevention (typically up to 30 days), after which inputs and outputs are deleted by the provider. We do not authorize the provider to use the content for model training.
  • Retention by iTeh. Conversation history is stored for the duration of your access to the Document. When the access window ends, the history is no longer accessible from the reader and is deleted from our systems within a reasonable period thereafter.
  • No professional advice. AI Chat outputs are reading aids, not compliance, legal, or engineering opinions. Do not rely on them without verifying against the underlying Document.

9. Engineering Workplace data

Annotations you create are stored in our database for as long as your Account or Subscription is active. On a business Subscription, annotations you explicitly publish are visible to other members of the organization who have access to the same Subscription; unpublished annotations remain visible only to you.

When a Subscription ends or you leave an organization, annotations are not silently purged — see the Terms and Conditions, Section 7, for details on what is retained and reappears on renewal or rejoin.

10. Business accounts and member visibility

If you are a member of a business Account (organization), other members of that organization may see — depending on their role:

  • Your name, email, and profile photo in the member directory.
  • Documents and Subscriptions held by the organization (visible to all members).
  • Published Engineering Workplace annotations attributed to you (visible to all members of the same Subscription).
  • Order and invoice history (visible to Admins only).

If you do not want other members of an organization to see your activity, do not join the organization or do not place Orders under the organization's Account.

11. Communications

We send transactional emails about your Orders, Subscriptions, support tickets, and account security. These are necessary for the service and cannot be opted out of while you have an active Account.

We send marketing emails (product announcements, newsletters, promotional offers) only to recipients who have opted in. You can opt out at any time using the unsubscribe link in any marketing email or from Account → Profile → Preferences.

12. Security

We protect personal data with administrative, technical, and physical safeguards proportionate to the sensitivity of the data and the risks involved. Measures include:

  • TLS 1.3 in transit, with TLS 1.2 fallback where required.
  • Encryption at rest for databases, backups, and document storage.
  • Hashing of passwords with a modern, salted KDF.
  • Role-based access control and audit logging for administrative access.
  • Regular dependency scanning, vulnerability patching, and incident response drills.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we do commit to investigating and notifying you of any incident affecting your personal data, in accordance with applicable breach-notification laws.

13. Data retention

We retain personal data only as long as needed for the purposes described above. Indicative retention periods:

CategoryRetention
Account profile dataUntil the Account is deleted, plus a grace period for restoration
Order and invoice recordsAt least 10 years for tax and audit purposes
Engineering Workplace annotationsFor the lifetime of the Account or owning organization (see Section 9)
AI Chat conversation historyFor the duration of access to the related Document
Log data, telemetryTypically 90–180 days for operational purposes
Marketing consent recordsUntil withdrawn, plus a record of withdrawal
Support communications24 months from resolution

We will keep data longer where required by law or to defend our legal rights.

14. Your rights

Depending on the jurisdiction you are in, you may have the following rights:

  • Access — obtain a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of data we no longer need.
  • Restriction — limit how we process your data while a request is being resolved.
  • Portability — receive your data in a structured, commonly used, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdrawal of consent — at any time, for processing based on consent.
  • Lodge a complaint — with your local data protection authority.

Where fulfilling a request requires unreasonable effort or exceptional cost, we may charge a reasonable fee or decline the request and explain why. Erasure requests are considered against our tax, audit, contractual, and fraud-prevention obligations.

14.1 California residents

If you reside in California, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what categories of personal information we collect, sell, or share (we do not sell), the right to delete, and the right to non-discrimination for exercising your rights.

14.2 How to exercise your rights

Send an email to support@iteh.ai from the address associated with your Account, describing the right you wish to exercise. We may ask for additional information to verify your identity. We respond within the timeframe required by applicable law (typically 30 days under GDPR, 45 days under CCPA).

15. Children

The Site is not directed at children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact us and we will delete it.

16. Automated decision-making

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing. AI Chat generates content but is a reading aid; it does not approve or reject Orders, grant or revoke access, or otherwise determine your rights on the Platform.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. For material changes, we will notify you by email or by placing a prominent notice on the Site before the change takes effect. Continued use of the Site after the change becomes effective constitutes acceptance of the revised Privacy Policy.

18. Contact

Questions, requests, or complaints: support@iteh.ai.

iTeh Inc. Delaware, USA.