Privacy Policy

1. INTRODUCTION AND SCOPE

This Privacy Policy ("Policy") governs the collection, use, processing, storage, and disclosure of personal information by Converzium Inc., a Delaware corporation ("Company," "we," "us," or "our"), through our artificial intelligence-powered conversational platform and related services (the "Services"). This Policy applies to all users of our Services worldwide and complies with applicable privacy laws including but not limited to:

• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• The European Union General Data Protection Regulation (GDPR)
• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• State privacy laws including Virginia CDPA, Colorado CPA, Connecticut CTDPA, and others
• All other applicable federal, state, provincial, and international privacy laws

ARTIFICIAL INTELLIGENCE DISCLOSURE: Our Services utilize artificial intelligence and machine learning technologies that are fully automated. All AI models, algorithms, and decision-making processes are computer-generated without human intervention unless specifically stated otherwise. By using our Services, you acknowledge and consent to automated processing and AI-generated outputs.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect the following categories of personal information:

• Identity Information: Name, email address, phone number, business information
• Account Information: Username, password, profile preferences, subscription details
• Communication Data: All conversations, messages, and interactions with our AI systems
• Technical Information: IP address, browser type, device information, cookies, session data
• Usage Analytics: Platform usage patterns, feature utilization, performance metrics
• AI Training Data: Content you provide for training custom AI models
• Business Data: Company information, industry sector, customer personas, sales data
• Payment Information: Billing address, payment method details (processed securely through third-party processors)
• Biometric Information: Voice recordings (if using voice features), which may constitute biometric identifiers under applicable laws

2.2 Sensitive Personal Information

We may process sensitive personal information including:

• Account login credentials and authentication data
• Communications content that may contain personal, financial, or confidential information
• Precise geolocation data (only if explicitly permitted)
• Personal information revealing ethnic origin, political opinions, religious beliefs (only if voluntarily provided in communications)

3. HOW WE USE YOUR INFORMATION

We process personal information for the following business and commercial purposes:

3.1 Service Provision

• Providing, maintaining, and improving our AI-powered conversational platform
• Training and customizing AI models based on your specific business needs
• Generating AI responses and recommendations
• Processing customer support requests and technical assistance
• Managing user accounts and authentication

3.2 AI Model Training and Development

• Training machine learning algorithms using anonymized and aggregated data
• Improving natural language processing capabilities
• Developing new AI features and functionalities
• Quality assurance and performance optimization

3.3 Business Operations

• Analytics and business intelligence
• Fraud prevention and security monitoring
• Compliance with legal obligations
• Marketing communications (with consent where required)
• Billing and payment processing

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area, we process personal information based on the following legal grounds:

• Contract Performance: Processing necessary to perform our services contract with you
• Legitimate Interest: For business operations, security, and service improvement
• Consent: Where you have provided explicit consent for specific processing activities
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interests: To protect the vital interests of you or another person

5. INFORMATION SHARING AND DISCLOSURE

5.1 Third-Party Service Providers

We may share personal information with vetted third-party service providers who assist us in:

• Cloud hosting and data storage (AWS, Google Cloud, Microsoft Azure)
• Payment processing (Stripe, PayPal)
• Email communications and marketing automation
• Analytics and performance monitoring
• Customer support platforms

5.1.1 SaaS Infrastructure Sharing

SAAS CLOUD INFRASTRUCTURE: As a Software as a Service platform, we process data using:

• Multi-Tenant Architecture: Your data is logically separated but may reside on shared physical infrastructure
• Content Delivery Networks (CDNs): For improved performance, data may be cached across global CDN nodes
• Load Balancers and Auto-Scaling: Traffic and data processing is distributed across multiple servers
• Database Clustering: Data may be replicated across multiple database instances for reliability
• Backup and Disaster Recovery: Data is automatically backed up to geographically distributed locations
• API Gateway Services: Third-party API management services may process API requests
• Monitoring and Logging: SaaS monitoring tools may access metadata for performance optimization

All third-party infrastructure providers are contractually bound to protect your data according to industry standards.

5.2 Legal Disclosures

We may disclose personal information when required by law, including:

• Compliance with court orders, subpoenas, or government requests
• Protection of our legal rights and property
• Prevention of fraud or illegal activities
• Protection of user safety and security

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

6. DATA RETENTION

We retain personal information for the following periods:

• Account Information: Until account deletion plus 7 years for legal compliance
• Communication Data: Until account deletion or as required for service provision
• AI Training Data: Anonymized and aggregated indefinitely for model improvement
• Technical Logs: 24 months maximum unless required for security investigations
• Marketing Data: Until consent withdrawal plus 1 year for compliance
• Financial Records: 7 years as required by applicable accounting and tax laws

We regularly review and delete personal information that is no longer necessary for the purposes for which it was collected.

6.1 SaaS Data Management

SOFTWARE AS A SERVICE DATA HANDLING:

• Real-Time Processing: SaaS data is processed in real-time and may be temporarily cached across multiple servers
• Automated Backups: Data is automatically backed up according to our backup schedule (daily/weekly/monthly)
• Data Replication: For reliability, data may be replicated across multiple geographic regions
• Cache Expiration: Cached data expires automatically based on predefined policies
• Database Archival: Older data may be moved to long-term archival storage with reduced accessibility
• Subscription Termination: Upon subscription cancellation, data deletion begins within 30 days unless legally required to retain
• Data Export Window: You have 90 days post-termination to request data export before permanent deletion

7. YOUR PRIVACY RIGHTS

7.1 Universal Rights

Subject to applicable law, you have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a structured format
• Opt-Out: Opt out of the sale or sharing of personal information
• Limit Processing: Request limitation of processing activities

7.2 California Residents (CCPA/CPRA Rights)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to opt out of automated decision-making and profiling
• Right to non-discrimination for exercising privacy rights
• Right to limit use of sensitive personal information

7.3 EU/UK Residents (GDPR Rights)

EU and UK residents have additional rights including:

• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with supervisory authorities
• Right to not be subject to automated decision-making

7.4 Exercising Your Rights

To exercise your privacy rights, contact us at [email protected] or through your account settings. We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days).

8. DATA SECURITY

We implement comprehensive security measures including:

• Encryption: End-to-end encryption for data in transit and at rest
• Access Controls: Role-based access and multi-factor authentication
• Security Monitoring: Continuous monitoring and threat detection
• Regular Audits: Periodic security assessments and penetration testing
• Employee Training: Regular security awareness training for all personnel
• Incident Response: Comprehensive data breach response procedures

While we employ industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your information.

9. INTERNATIONAL DATA TRANSFERS

Our Services may involve transferring personal information to countries outside your jurisdiction. For transfers from the EU/UK, we rely on:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Your explicit consent for specific transfers

We ensure that all international transfers are protected by appropriate safeguards to maintain the security and confidentiality of your personal information.

10. ARTIFICIAL INTELLIGENCE AND AUTOMATED DECISION-MAKING

10.1 AI Processing Disclosure

IMPORTANT: Our platform uses artificial intelligence and machine learning algorithms that operate autonomously without human intervention. All AI models are fully automated and computer-generated. This includes:

• Natural language processing and response generation
• Conversation analysis and optimization recommendations
• Lead scoring and customer interaction predictions
• Content personalization and targeting
• Performance analytics and insights

10.2 Automated Decision-Making Rights

You have the right to:

• Request human review of automated decisions that significantly affect you
• Challenge automated decisions and request manual review
• Understand the logic behind automated decision-making
• Opt out of automated decision-making where technically feasible

10.3 AI Model Training

We may use anonymized and aggregated data to improve our AI models. You can opt out of your data being used for AI training by contacting us at [email protected].

11. CHILDREN'S PRIVACY

Our Services are not designed for or directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will delete such information promptly.

For California residents under 16, we do not sell or share personal information without affirmative authorization. For those under 13, we require verifiable parental consent.

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for:

• Essential website functionality and user authentication
• Analytics and performance monitoring
• Personalization and user experience optimization
• Security and fraud prevention

You can control cookie settings through your browser preferences. However, disabling certain cookies may limit your ability to use some features of our Services.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify users of material changes through:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications

Your continued use of our Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

14. CONTACT INFORMATION

For privacy-related questions, concerns, or to exercise your rights, contact us:

14.1 EU Representative

For EU residents, our EU representative can be contacted at: [email protected]

14.2 Supervisory Authorities

EU residents have the right to lodge complaints with their local supervisory authority. UK residents can contact the Information Commissioner's Office (ICO).

15. JURISDICTION-SPECIFIC PROVISIONS

15.1 Nevada Residents

Nevada residents have the right to opt out of the sale of personal information. Contact us at [email protected] to exercise this right.

15.2 Brazilian Residents (LGPD)

Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD). Contact our Data Protection Officer at [email protected] for assistance.

15.3 Canadian Residents

Canadian residents have rights under PIPEDA and provincial privacy laws. We ensure compliance with all applicable Canadian privacy requirements.