1. Introduction

This Privacy Policy describes how our AI-powered customer support platform ("we," "us," or "our") collects, uses, shares, and protects information when you use our website, applications, and services (collectively, the "Service").

This policy applies to:

• Account Holders: Businesses and individuals who register for and use our platform
• Team Members: Users who access the platform through an organization's account
• End Users: Individuals who interact with AI Assistants or live chat agents deployed by our customers
• Website Visitors: Individuals who visit our website

By using our Service, you agree to the collection and use of information in accordance with this policy. Please also review our Terms of Service.

2. Information We Collect

2.1 Information You Provide

Account Information

• Name and email address
• Company name and business information
• Phone number (optional)
• Billing address and payment information
• Account preferences and settings

Content & Data

• Knowledge Base documents and files you upload
• AI Assistant configurations and prompts
• Chat transcripts and conversation history
• Support tickets and communications
• Feedback and survey responses

End User Data

When End Users interact with your AI Assistants, we may collect:

• Chat messages and conversation content
• Name, email, or other identifiers provided by the End User
• CSAT ratings and feedback
• Any information the End User voluntarily provides during conversation

2.2 Information Collected Automatically

Usage Data

• Pages visited and features used
• Time spent on pages and interaction patterns
• AI Credit consumption and usage metrics
• Error logs and performance data

Device & Technical Data

• IP address
• Browser type and version
• Operating system
• Device type and identifiers
• Referring URLs
• Approximate location (city/country based on IP)

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations and billing data from Stripe
• Authentication Providers: Profile information if you use SSO or social login
• Integrations: Data from connected services (CRM, email, etc.) that you authorize
• Analytics Services: Aggregated usage and performance data

3. How We Use Your Information

Purpose	Data Used	Legal Basis (GDPR)
Provide and operate the Service	Account info, content, usage data	Contract performance
Process payments and billing	Billing info, transaction data	Contract performance
Power AI Assistants and responses	Knowledge base, conversation data	Contract performance
Improve and develop features	Usage data, feedback, analytics	Legitimate interest
Customer support	Account info, communications	Contract performance
Security and fraud prevention	Technical data, usage patterns	Legitimate interest
Marketing communications	Contact info, preferences	Consent
Analytics and reporting	Usage data, conversation metrics	Legitimate interest
Legal compliance	Various as required	Legal obligation

3.1 Specific Uses

Service Delivery

• Process and respond to conversations through your AI Assistants
• Enable human agent handoff and live chat features
• Generate reports and analytics for your dashboard
• Manage your account, subscriptions, and billing

Communication

• Send transactional emails (receipts, alerts, notifications)
• Respond to support requests and inquiries
• Send product updates and feature announcements
• Marketing communications (with your consent)

Improvement & Development

• Analyze usage patterns to improve user experience
• Debug issues and fix bugs
• Develop new features and services
• Conduct research and analysis

4. Data Sharing & Disclosure

4.1 Service Providers

We share data with trusted third parties who help us operate our Service:

• Cloud Infrastructure: Hosting and storage providers
• AI Providers: Language model and AI processing services
• Payment Processing: Stripe for billing and payments
• Email Services: Transactional and marketing email providers
• Analytics: Usage analytics and monitoring services
• Customer Support: Help desk and support tools

These providers are contractually bound to protect your data and use it only for specified purposes.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose information when required to:

• Comply with applicable laws, regulations, or legal process
• Respond to lawful requests from government authorities
• Protect our rights, privacy, safety, or property
• Investigate potential violations of our Terms of Service

4.4 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so, such as when enabling integrations with other services.

4.5 Aggregated & De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analysis, or business purposes.

5. AI & Machine Learning

5.1 How AI Uses Your Data

Our AI Assistants process conversation data in real-time to:

• Generate contextually relevant responses
• Reference your Knowledge Base for accurate information
• Determine when to escalate to human agents
• Provide conversation summaries and insights

5.2 AI Training

5.3 Third-Party AI Providers

We use third-party AI services (such as OpenAI or Anthropic) to power certain features. Data sent to these providers:

• Is transmitted securely via encrypted connections
• Is subject to the provider's data processing terms
• Is not used by providers to train their models (per our agreements)

5.4 AI Output Accuracy

AI-generated responses may not always be accurate. We encourage reviewing AI outputs and maintaining human oversight for critical decisions.

6. Cookies & Tracking Technologies

6.1 Types of Cookies We Use

Category	Purpose	Duration
Essential	Authentication, security, core functionality	Session to 1 year
Functional	Preferences, settings, language	Up to 1 year
Analytics	Usage patterns, performance monitoring	Up to 2 years
Marketing	Advertising, retargeting (with consent)	Up to 1 year

6.2 Managing Cookies

You can control cookies through:

• Our cookie consent banner (where applicable)
• Your browser settings
• Third-party opt-out tools

Note that disabling essential cookies may impact Service functionality.

6.3 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals. However, you can use the cookie controls described above to manage tracking preferences.

7. Data Retention

7.1 Retention Periods

Data Type	Retention Period
Account information	Duration of account + 90 days after deletion
Chat history (Starter)	30 days
Chat history (Growth)	90 days
Chat history (Pro/Enterprise)	365 days
Knowledge Base content	Duration of account
Billing records	7 years (legal requirement)
Security logs	1 year
Marketing preferences	Until withdrawal of consent

7.2 Data Deletion

Upon account termination:

• Active data is deleted within 90 days
• Backups are purged within 180 days
• Some data may be retained longer if required by law
• Aggregated/anonymized data may be retained indefinitely

8. Data Security

8.1 Security Measures

We implement industry-standard security measures including:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based permissions, multi-factor authentication
• Infrastructure: SOC 2 compliant cloud providers, firewalls, intrusion detection
• Monitoring: Automated security monitoring and alerting
• Assessments: Regular security audits
• Employee Training: Security-conscious development practices

8.2 Incident Response

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours where required by law
• Provide details about the breach and remediation steps
• Report to relevant authorities as required

8.3 Your Responsibilities

You can help protect your data by:

• Using strong, unique passwords
• Enabling two-factor authentication
• Keeping your account credentials confidential
• Reporting any suspicious activity immediately

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Export: Receive your data in a portable format
• Opt-out: Unsubscribe from marketing communications

9.2 Additional Rights (EEA/UK - GDPR)

If you are in the European Economic Area or UK, you also have the right to:

• Restriction: Request limitation of processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time
• Complaint: Lodge a complaint with a supervisory authority

9.3 California Privacy Rights (CCPA/CPRA)

California residents have the right to:

• Know: What personal information is collected and how it's used
• Delete: Request deletion of personal information
• Opt-Out of Sale: We do not sell personal information
• Non-Discrimination: Exercise rights without discriminatory treatment
• Correct: Request correction of inaccurate information
• Limit Sensitive Data: Limit use of sensitive personal information

9.4 Exercising Your Rights

To exercise your privacy rights:

• Self-Service: Access settings in your account dashboard
• Email: Contact us here
• Verification: We may need to verify your identity before processing requests
• Response Time: We respond to requests within 30 days (or as required by law)

10. International Data Transfers

10.1 Data Location

Our Service is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US or other countries where our service providers operate.

10.2 Transfer Safeguards

For transfers from the EEA/UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Supplementary measures as needed

10.3 Data Processing Agreement

Enterprise customers processing EU personal data may request a Data Processing Agreement (DPA) that includes SCCs. Contact us for more information.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete the information.

If you are deploying AI Assistants that may interact with children, you are responsible for:

• Complying with COPPA and other applicable laws
• Obtaining appropriate parental consent
• Configuring your AI Assistants appropriately

12. Third-Party Links & Services

Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies.

Third-party services we may integrate with include:

• CRM systems (Salesforce, HubSpot, etc.)
• Communication platforms (Slack, email providers)
• Calendar services
• Payment processors
• Analytics services

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last Updated" date at the top
• We will notify you via email or prominent notice on our website
• For significant changes, we may request your acknowledgment

We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights, please contact us:

For general support inquiries, Contact us here.

Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

© 2026 Verlingo. All rights reserved.
Home · Privacy Policy · Terms of Service