Privacy Policy

1. Introduction

Welcome to Agent AI, a platform developed by AI Software Services. We respect your privacy and are committed to protecting the personal data you provide to us. This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Collection

2.1 Personal Data Collected

We collect the following types of personal data:

• Identification data: first name, last name, email address
• Authentication data: password (encrypted), session tokens
• Usage data: conversations with Agent AI, preferences, activity history
• Payment data: information about subscriptions and transactions (processed through Stripe)
• Technical data: IP address, browser type, operating system
• Communication data: messages sent to the support team

2.2 Collection Methods

We collect data through the following methods:

• Information provided directly by you during registration and use
• Data collected automatically through platform usage
• Information received from payment partners (Stripe)
• Data from cookies and similar technologies

2.3 Voice and Audio Data

If you use our Voice AI features, we may collect and process the following voice-related data:

• Voice recordings: Audio samples and recordings from voice conversations
• Voice transcripts: Text transcriptions of voice interactions generated through speech-to-text processing
• Voice biometric characteristics: Voice features such as pitch, tone, accent, and speech patterns
• Call metadata: Call duration, timestamps, phone numbers (when applicable)
• Voice model data: Voice samples used for voice cloning or synthesis features (with explicit consent)

2.4 Voice Data Storage

Voice data is stored and processed as follows:

• Storage location: Secure cloud servers with encryption at rest and in transit
• Temporary processing: Some voice data is processed in real-time for immediate responses and may not be permanently stored
• Voice recordings retention: Stored for 90 days or until user deletion request (whichever comes first)
• Transcripts retention: Stored alongside conversation history according to standard data retention periods
• Voice models: Retained until explicit consent is withdrawn or account deletion

3. Data Usage

We use your personal data for the following purposes, based on the following legal grounds:

3.1 Provision of Services (Legal Basis: Contract Performance)

• Creating and managing your account
• Providing Agent AI services
• Processing conversations and generating responses
• Managing subscriptions and payments
• Providing technical support

3.2 Service Improvement (Legal Basis: Legitimate Interests)

• Analyzing usage to improve the platform
• Developing new features
• Optimizing system performance
• Research and development in AI

3.3 Communications (Legal Basis: Consent or Legitimate Interests)

• Sending important service notifications
• Marketing communications (only with your consent)
• Responses to support inquiries
• Updates about service changes

3.4 Legal Compliance (Legal Basis: Legal Obligation)

• Fulfilling tax and accounting obligations
• Cooperating with competent authorities
• Preventing fraud and illegal activities

4. Data Sharing

We do not sell, rent, or share your personal data with third parties except in the following situations:

4.1 Service Providers

• Stripe: for payment processing
• Hosting providers: for hosting the platform
• Email services: for sending communications
• Analytics services: for analyzing usage (only with your consent)

4.1.1 Third-Party AI and Language Model Providers

Our Voice AI services are powered in part by third-party artificial intelligence providers. When you use Voice AI features, your data may be shared with:

• OpenAI (ChatGPT API): Processes conversation text and voice transcripts to generate AI responses. Data is sent to OpenAI servers (primarily US-based). See OpenAI Privacy Policy
• Anthropic (Claude API): Processes conversation text for AI response generation. Data may be processed in the US. See Anthropic Privacy Policy
• Voice AI synthesis providers: Process voice recordings for voice synthesis and cloning features (with explicit consent)

4.2 Legal Obligations

We may disclose your data if:

• We are required by law or court order
• It is necessary to protect our legal rights
• It is necessary to prevent fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner, with prior notice.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

5.1 Technical Measures

• Encryption of data in transit and at rest
• Secure authentication and session management
• Firewalls and intrusion detection systems
• Regular backups and recovery plans
• Regular security updates

5.1.1 Voice Data Security

Voice and audio data receives additional security protections due to its sensitive biometric nature:

• Encryption standards: Voice recordings are encrypted using AES-256 encryption at rest
• Transmission security: All voice data is transmitted over TLS 1.3 encrypted connections
• PII Redaction: Personally identifiable information (names, addresses, phone numbers, credit card numbers) is automatically detected and redacted from voice transcripts using NLP technology
• Access controls: Voice data access is restricted to authorized personnel only and logged for audit purposes
• Secure deletion: Voice recordings are securely overwritten upon deletion to prevent recovery

5.2 Organizational Measures

• Restricted access to personal data
• Training staff in data protection
• Security policies and procedures
• Monitoring and auditing data access

6. User Rights

In accordance with GDPR, you have the following rights:

6.1 Right to Information

You have the right to be informed about the processing of your personal data (this policy).

6.2 Right of Access

You have the right to request a copy of the personal data we process about you.

6.3 Right to Rectification

You have the right to request correction of inaccurate or incomplete data.

6.4 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your data in certain circumstances.

6.5 Right to Restrict Processing

You have the right to request restriction of processing in certain situations.

6.6 Right to Data Portability

You have the right to receive your data in a structured format and transfer it to another controller.

6.7 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing.

6.8 Right Not to Be Subject to Automated Decisions

You have the right not to be subject to decisions based solely on automated processing.

6.9 Voice-Specific Rights

In addition to the rights above, if you use our Voice AI features, you have specific rights regarding your voice data:

• Right to access voice recordings: You can request copies of all voice recordings we have stored
• Right to delete voice data separately: You can request deletion of voice recordings and transcripts while keeping your text-based conversation history
• Right to export voice transcripts: You can download your voice conversation transcripts in a machine-readable format (JSON, CSV)
• Right to withdraw consent for voice cloning: You can withdraw consent for voice model creation or usage at any time, and we will delete all associated voice models within 30 days
• Right to opt-out of voice data retention: You can configure your account to process voice data in real-time only, without persistent storage (this may limit some features)

7. Cookies and Similar Technologies

We use cookies and similar technologies for:

7.1 Essential Cookies

• Authentication and session management
• Security and fraud prevention
• Core platform functionality

7.2 Analytics Cookies (with your consent)

• Understanding how the platform is used
• Improving performance and user experience
• Anonymized usage statistics

7.3 Marketing Cookies (with your consent)

• Personalizing content and ads
• Measuring campaign effectiveness
• Retargeting and remarketing

You can manage cookie preferences through the consent panel or via your browser settings.

8. Data Retention

We retain your personal data only as long as necessary for:

8.1 Retention Periods

• Account data: until account closure + 30 days
• AI conversations: until deleted by the user or account closure
• Voice recordings: 90 days from creation date, or until user deletion request (whichever comes first)
• Voice transcripts: until deleted by the user or account closure (same as AI conversations)
• Voice models (cloning): until explicit consent is withdrawn or account closure, then deleted within 30 days
• Call metadata: 12 months for billing and quality assurance purposes
• Payment data: 7 years (tax legal obligation)
• Audit logs: 3 years
• Marketing data: until consent is withdrawn

8.2 Automatic Deletion

We implement automated processes for deleting expired data in accordance with retention policies.

9. International Transfers

Your data may be transferred and processed in countries outside the European Economic Area (EEA). In such cases, we ensure that:

• The destination country provides an adequate level of protection (EU adequacy decision)
• Adequate safeguards are implemented (standard contractual clauses)
• Specific transfer derogations apply (your explicit consent)

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under this age. If we learn that we have collected such data, we will delete it immediately.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us.

10.1 Voice Data and Children

Voice biometric data is considered a special category of sensitive personal data. We take extra precautions to ensure we do not collect voice recordings or biometric voice data from children under 16. If we discover that we have inadvertently collected voice data from a child, we will:

• Immediately delete all voice recordings and transcripts
• Permanently remove any voice biometric characteristics from our systems
• Notify the parent or guardian
• Document the incident in our compliance logs

10.2 Call Recording Consent

When you use our Voice AI features to make or receive phone calls, we will:

• Play an audible disclosure: "This call may be recorded for quality and training purposes" at the beginning of each call
• Obtain explicit consent: Continue recording only if the other party remains on the line after the disclosure
• Allow opt-out: If the other party objects to recording, the call will continue without recording, or terminate if recording is essential for service delivery
• Comply with two-party consent laws: In jurisdictions requiring all-party consent (e.g., California, Canada), we obtain explicit verbal consent before recording

10.3 Data Breach Notification (Voice Data)

In the event of a data breach involving voice recordings or voice biometric data, we will:

• Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
• Provide detailed information: What voice data was compromised, when the breach occurred, and what actions we are taking
• Notify supervisory authorities: Report the breach to ANSPDCP (Romanian DPA) and other relevant data protection authorities
• Offer remedial measures: Credit monitoring, identity theft protection, or other appropriate remedies depending on the severity
• Enhanced notification for biometric data: Given the sensitive nature of voice biometric data, we will provide expedited notification and additional support resources

11. Changes to this Policy

We may update this Privacy Policy periodically. We will notify you of important changes by:

• Email to the address registered in your account
• In-platform notification
• Updating the "Last updated" date at the top

We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact