We collect and process personal data solely for the purpose of providing AI-powered conversation services and document processing capabilities. This includes:

• Customer Data: Information necessary for account management, agent configuration, communication, and service provision.
• Conversation Data: Messages and interactions between users and AI agents for service delivery and improvement.
• Document Data: Files uploaded for processing and AI context, stored securely for agent-specific use.

We do not use this data for any other purposes without explicit consent.

Access to personal data is strictly limited:

• Authorized Personnel Only (Zero Trust Principles): Only employees who need access to perform their job duties are granted permission.
• Role-Based Access: Access rights are assigned based on job function and are regularly reviewed.
• 2FA: All employees use Two Factor Authentication
• Confidentiality Agreements: All employees and contractors sign binding agreements to protect customer and candidate data.

We employ robust security measures to protect data:

• Encryption: All data is encrypted both in transit and at rest using industry-standard protocols.
• Secure Infrastructure: Our servers are hosted in secure facilities with advanced physical and network security.
• Regular Audits: We conduct periodic security assessments and vulnerability scans to identify and mitigate risks.
• Firewall and Antivirus Protection: Continuous monitoring to prevent unauthorized access and malware threats.

We enforce strict policies to prevent unauthorized data dissemination:

• No Unauthorized Sharing: We do not share personal data with third parties unless required by law or with explicit customer consent.
• Data Handling Procedures: Clear guidelines are in place for data processing, storage, and disposal.
• Monitoring and Alerts: Systems are in place to detect and alert us to any unusual data access or transfer activities.

In the unlikely event of a data breach:

• Immediate Action: We will promptly identify, contain, and mitigate the breach.
• Notification: Affected customers and, if necessary, regulatory bodies will be informed without undue delay.
• Investigation: A thorough investigation will be conducted to determine the cause and extent.
• Preventive Measures: Steps will be taken to prevent future incidents, including policy updates and additional security measures.

• Retention Period: Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
• Secure Deletion: Upon request or when data is no longer needed, we securely delete or anonymize personal information.

We comply with all applicable data protection laws and regulations, including:

• Local Data Protection Laws: Compliance with country-specific regulations where we operate.
• General Data Protection Regulation (GDPR): For customers and candidates within the European Union.

Individuals have the right to:

• Access Data: Request a copy of the personal data we hold about them.
• Rectify Data: Request corrections to any inaccurate or incomplete data.
• Erase Data: Request deletion of their personal data, subject to legal and contractual obligations.
• Restrict Processing: Request limitations on how their data is used.
• Data Portability: Receive their data in a structured, commonly used format.

• Employee Training: Regular training is provided to all staff on data protection principles and cybersecurity best practices.
• Policy Updates: Policies are reviewed and updated regularly to reflect changes in laws, technology, and operational practices.

For any questions, concerns, or requests regarding this Privacy and Data Protection Statement, please contact our Data Protection Officer: