Privacy Policy

1. Introduction

This Privacy Policy describes how [Company Name] ("we," "us," or "our") collects, uses, stores, and shares personal information when you use our AI-powered customer support chatbot platform and related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

We are committed to protecting your privacy and handling your data responsibly. If you have questions or concerns, please contact us at [privacy@company.com].

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, company name, job title, phone number, and billing details when you register for an account.
• Chat Conversations: Messages, queries, and any content you or your end users submit through the chatbot interface.
• Support Requests: Information you provide when contacting our support team, including attachments and screenshots.
• Payment Information: Credit card numbers, billing addresses, and other financial data processed through our third-party payment provider.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, session duration, click patterns, and interaction history with the chatbot.
• Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Log Data: Server logs including access times, referring URLs, and error reports.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 8 for details.

2.3 Information from Third Parties

• Integration Partners: If you connect the Service to third-party platforms (e.g., CRM systems, helpdesk tools, messaging apps), we may receive data from those platforms as necessary to provide the Service.
• Business Customers: If you are an end user interacting with our chatbot through one of our business customers, that customer may provide us with information about you in accordance with their own privacy practices.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Maintaining the Service: Processing chat interactions, generating AI-powered responses, and delivering customer support functionality.
• AI Model Performance: Analyzing conversation data to improve the accuracy, relevance, and quality of chatbot responses. Conversations may be reviewed by our team for quality assurance unless you opt out.
• Account Management: Managing your account, processing payments, and communicating about your subscription.
• Analytics and Improvement: Understanding how the Service is used, identifying trends, and improving features and user experience.
• Security and Fraud Prevention: Detecting, investigating, and preventing unauthorized access, abuse, or other harmful activity.
• Legal Compliance: Meeting our legal obligations, responding to lawful requests, and enforcing our terms.
• Communication: Sending service-related notices, updates, security alerts, and, with your consent, promotional materials.

4. AI-Specific Data Practices

4.1 Conversation Data and AI Training

Our AI chatbot processes the content of conversations to generate responses in real time. We want you to understand the following:

• Real-Time Processing: Conversations are processed by our AI models to provide immediate responses. This processing occurs on secure servers and is subject to the safeguards described in this policy.
• Model Improvement: By default, anonymized and aggregated conversation data may be used to improve our AI models. Business customers on Enterprise plans can opt out of this entirely.
• Human Review: A limited subset of conversations may be reviewed by trained personnel for quality assurance, safety monitoring, and model improvement. Reviewers are bound by strict confidentiality obligations.
• Data Retention for AI: Conversation data used for model training is anonymized and stripped of personally identifiable information before use.

4.2 Automated Decision-Making

The Service uses automated processing to classify inquiries, route conversations, suggest responses, and detect sentiment. These automated processes assist human agents and are not used to make decisions that produce significant legal effects on individuals without human oversight.

5. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: With trusted vendors who help us operate the Service (e.g., cloud hosting, payment processing, analytics, email delivery). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Business Customers: If you are an end user, conversation data and related analytics may be shared with the business customer whose chatbot you are interacting with.
• Legal Requirements: When required by law, regulation, or legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent: In any other circumstance where you have given explicit consent.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

• Account Data: Retained for the duration of your account and for up to 12 months following account deletion to address any outstanding matters.
• Conversation Logs: Retained for up to 24 months from the date of the conversation unless a shorter retention period is configured by the business customer.
• Billing Records: Retained for up to 7 years as required by applicable tax and financial regulations.
• Anonymized Data: Aggregated or de-identified data that can no longer be linked to an individual may be retained indefinitely for analytics and research purposes.

You may request deletion of your data at any time, subject to legal and contractual retention requirements. See Section 9 for details.

7. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Access controls and role-based permissions for internal systems.
• Regular security assessments, penetration testing, and vulnerability scanning.
• Employee training on data protection and security best practices.
• Incident response procedures to address potential breaches promptly.

While we strive to protect your information, no method of electronic transmission or storage is entirely secure. We cannot guarantee absolute security but are committed to promptly notifying affected users and relevant authorities in the event of a data breach, as required by law.

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for the Service to function properly (e.g., authentication, session management). These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve it. These can be disabled through your browser settings or our cookie preferences center.
• Functional Cookies: Remember your preferences and settings to provide a more personalized experience.

We do not use advertising or third-party tracking cookies. You can manage your cookie preferences through our in-app settings or your browser's privacy controls.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal data, subject to legal obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we limit how we process your data in certain circumstances.
• Objection: Object to processing of your data for certain purposes, including AI model training.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
• Opt-Out of AI Training: Business customers may opt out of having their conversation data used for AI model improvement by contacting us or adjusting their account settings.

To exercise any of these rights, please contact us at [privacy@company.com]. We will respond to your request within 30 days or as required by applicable law.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

11. Children's Privacy

The Service is not directed at individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly.

12. Region-Specific Provisions

12.1 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing personal data include performance of a contract, legitimate interests (such as improving our Service and ensuring security), compliance with legal obligations, and your consent where applicable. You have the right to lodge a complaint with your local data protection authority.

12.2 California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion, opt out of the sale or sharing of personal information (we do not sell personal information), and not be discriminated against for exercising your rights. To submit a request, contact us at [privacy@company.com] or call [1-800-XXX-XXXX].

12.3 Other Jurisdictions

We comply with applicable privacy laws in the jurisdictions where we operate. If your jurisdiction provides additional rights not listed here, please contact us and we will work to accommodate your request.

13. Third-Party Links and Integrations

The Service may contain links to or integrate with third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website, sending an email notification, or providing an in-app notice. Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

15. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

• Email: [privacy@company.com]
• Mail: [Company Name], Attn: Privacy Team, [Street Address], [City, State, ZIP]
• Data Protection Officer: [dpo@company.com]