Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

Account Information

• Professional contact information including name, job title, employer name
• Work email address and phone number
• Company details and business address
• Billing and payment information (processed securely through our payment providers)

Service Data

• Documents, text, and content you upload for AI Agent training
• AI Agent configurations and customization settings
• Chat conversations and interaction logs
• Integration settings and API configurations
• Support tickets and communications

1.2 Information Collected Automatically

Usage Information

• Log data including IP addresses, browser type, and operating system
• Device identifiers and hardware information
• Access times, dates, and referring URLs
• Pages viewed and features accessed
• Performance metrics and error reports

Analytics Data

• Chatbot interaction patterns and response times
• User engagement metrics
• Feature usage statistics
• API call volumes and patterns

1.3 Information from Third-Party Integrations

When you connect third-party services:

• OAuth tokens and authentication credentials (encrypted)
• Profile information from connected platforms (Facebook, WhatsApp)
• Message content from integrated channels
• Page and account metadata from social platforms

2. How We Use Your Information

We process your information for the following purposes:

2.1 Service Provision

• Deliver and maintain the Coniva.ai platform
• Process and train your custom AI AI Agents
• Handle chat interactions and responses
• Manage your account and subscriptions
• Provide customer support and technical assistance

2.2 Service Improvement

• Analyze usage patterns to enhance features
• Develop new functionality and capabilities
• Optimize AI model performance and accuracy
• Conduct research and development
• Monitor system performance and reliability

2.3 Communications

• Send service-related notifications and updates
• Respond to inquiries and support requests
• Provide technical alerts and security notices
• Send marketing communications (with your consent)
• Share product updates and announcements

2.4 Legal and Compliance

• Comply with applicable laws and regulations
• Protect against fraud and security threats
• Enforce our Terms of Service and policies
• Respond to legal requests and proceedings
• Protect our rights and those of our users

3. Data Sharing and Disclosure

We share your information only in the following circumstances:

3.1 Service Providers

We work with trusted third-party providers:

• Infrastructure: AWS for cloud hosting and storage
• AI Providers: OpenAI, Anthropic for language model processing
• Payment Processing: Stripe for secure payment handling
• Analytics: For aggregated usage insights
• Communication: Email and notification services

3.2 Business Transfers

If Coniva.ai is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to different privacy practices.

3.3 Legal Requirements

We may disclose information when required by law, court order, or legal process, or when we believe disclosure is necessary to protect rights, property, or safety.

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

3.5 Aggregated Data

We may share aggregated or anonymized data that cannot reasonably identify you personally.

Important: We do not sell your personal information to third parties.

4. Data Security

We implement comprehensive security measures including:

Technical Safeguards

• End-to-end encryption for data in transit
• Encryption at rest for stored data
• Secure API authentication and authorization
• Regular security audits and penetration testing
• Web Application Firewall (WAF) protection

Organizational Measures

• Access controls and principle of least privilege
• Employee security training and awareness
• Incident response procedures
• Regular security assessments
• Vendor security reviews

Compliance Standards

• SOC 2 Type II compliance (in progress)
• GDPR-compliant data handling
• Industry-standard security practices
• Regular third-party security audits

5. Data Retention

We retain your information for as long as necessary to:

• Provide services to your account
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

Specific retention periods:

• Account data: Duration of account plus 90 days
• Chat logs: 12 months or as configured by you
• Analytics data: 24 months in aggregated form
• Billing records: 7 years for tax compliance

6. Your Privacy Rights

6.1 Access and Portability

You have the right to access your personal information and receive it in a portable format.

6.2 Correction and Update

You can update your information through your account settings or by contacting us.

6.3 Deletion

You can request deletion of your personal information, subject to legal retention requirements.

6.4 Restriction of Processing

You can request that we limit how we process your information.

6.5 Object to Processing

You have the right to object to certain types of processing.

6.6 Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

7. Regional Privacy Rights

7.1 European Economic Area (GDPR)

Legal Basis for Processing:

• Contract performance for service delivery
• Legitimate interests for service improvement
• Legal obligations for compliance
• Consent for marketing communications

Additional Rights:

• Right to lodge complaints with supervisory authorities
• Right to data portability
• Right to be informed about processing

7.2 California (CCPA/CPRA)

California residents have additional rights:

• Right to know what information we collect
• Right to delete personal information
• Right to opt-out of sale (we do not sell data)
• Right to non-discrimination
• Right to correct inaccurate information

7.3 Singapore (PDPA)

Singapore residents have rights under the Personal Data Protection Act (PDPA):

• Right to access personal data
• Right to correct inaccurate information
• Right to withdraw consent
• Right to request data portability
• Protection from unauthorized disclosure

7.4 Other Jurisdictions

We respect privacy rights in all jurisdictions where we operate and will honor applicable local privacy laws.

8. International Data Transfers

As a Singapore-based company, your information may be transferred to and processed in various locations including the United States where some of our service providers are located. We ensure appropriate safeguards through:

• Standard Contractual Clauses for EEA/UK transfers
• PDPA-compliant transfer mechanisms for Singapore data
• Data processing agreements with sub-processors
• Technical and organizational security measures
• Compliance with local data protection laws

9. AI and Machine Learning

9.1 Model Training

• We do NOT use your data to train general AI models
• Your content is processed only for your specific AI Agents
• Chatbot training data remains isolated to your account

9.2 AI Processing

• Content is sent to AI providers (OpenAI, Anthropic) for processing
• We use enterprise agreements that limit provider data retention
• Providers are contractually prohibited from training on your data

10. Children's Privacy

Coniva.ai is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will promptly delete it.

11. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication and security
• Remembering preferences
• Analytics and performance monitoring
• Marketing (with consent)

You can manage cookie preferences through your browser settings or our cookie consent manager.

12. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

13. Facebook and Social Media Integrations

When using Facebook Messenger or WhatsApp integrations:

• We access only data necessary for AI Agent functionality
• Facebook/Meta may have access to conversation metadata
• We comply with Facebook Platform Policies
• Users can disconnect integrations at any time
• We do not use Facebook data for advertising

14. Data Breach Notification

In the event of a data breach that may affect your personal information:

• We will notify affected users within 72 hours
• We will provide details about the nature and scope
• We will outline steps taken to address the breach
• We will offer guidance on protective measures

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy with a new effective date
• Sending email notifications to registered users
• Displaying a prominent notice in the platform

16. Contact Information

For privacy-related questions or to exercise your rights:

Response Time: We aim to respond to all privacy requests within 30 days.

17. Privacy by Design

Coniva.ai incorporates privacy by design principles:

• Data minimization - we collect only what's necessary
• Purpose limitation - data used only for stated purposes
• Privacy defaults - strictest settings by default
• Transparency - clear information about data practices
• User control - comprehensive privacy settings