Privacy Policy

1. About this policy and our role

This Privacy Policy explains how Customer2.AI ("Customer2.AI", "we", "us", or "our") handles personal information in connection with our AI customer-engagement platform and websites (the "Service"). We act in two roles: (a) as a controller for information about our account holders, website visitors, and prospects; and (b) as a processor / service provider when we process personal information on behalf of our business Customers about their own end users ("Customer Data"). For Customer Data, the Customer is the controller and its privacy notice governs; this policy describes our practices and we process such data under our agreement with the Customer.

2. Information we collect

Account & profile: name, business name, email, phone, password (hashed), role, and preferences. Billing: plan, transaction history, and limited payment details handled by our payment processor (we do not store full card numbers). Usage & device: log data, IP address, device/browser information, request identifiers, and feature usage. Communications: content of chats, calls, emails, and SMS handled through the Service, including transcripts, recordings (where enabled and lawful), and the contact details and messages of End Users. Support: information you provide when you contact us. Cookies & similar technologies: as described in Section 7.

3. How we use information

We use information to provide, operate, secure, and improve the Service; authenticate users and prevent fraud and abuse; process payments and manage subscriptions; generate AI responses and route communications you configure; provide support; send service and transactional messages (including verification codes); comply with legal obligations; and, where permitted, communicate about products and offers (you can opt out). We process Customer Data only to provide and support the Service per our Customer agreement and instructions.

4. AI processing

The Service uses AI models (our own and trusted third-party providers) to generate responses and perform tasks you configure. To do this, conversation and knowledge data may be sent to those providers solely to provide the Service to you. We do not sell personal information and we do not use your Customer Data for advertising. We seek to use AI providers that do not train their general-purpose models on data submitted through their business interfaces; however, third-party providers process data under their own terms, which we encourage you to review. AI Output may be inaccurate; see our Terms of Service regarding AI limitations.

5. Legal bases (where applicable)

Where the GDPR or similar laws apply, we rely on: performance of a contract (to provide the Service); legitimate interests (to secure and improve the Service and run our business); consent (for certain communications and cookies); and compliance with legal obligations. You may withdraw consent at any time where processing is based on consent.

6. How we share information

We share information with: sub-processors and service providers that help us run the Service (for example, cloud hosting, payment processing, telephony and SMS delivery, email delivery, and AI model providers), under contracts that limit their use of the data; integrations you enable, at your direction; professional advisors and authorities where required by law or to protect rights, safety, and the integrity of the Service; and a successor in a merger, acquisition, or asset sale. We do not sell personal information. Consistent with our SMS Policy, mobile opt-in information is not shared with third parties or affiliates for their own marketing.

7. Cookies and similar technologies

We use cookies and similar technologies for authentication, security, preferences, and analytics. You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required, we obtain consent for non-essential cookies.

8. Data retention

We retain personal information for as long as needed to provide the Service, comply with legal, tax, and accounting obligations, resolve disputes, and enforce agreements. We retain Customer Data per our Customer agreement and delete or return it within a reasonable period after termination, subject to legal requirements and backups that age out on a rolling basis.

9. Security

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit, encryption of sensitive credentials at rest, access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. International transfers

We and our service providers may process information in the United States and other countries. Where we transfer personal data across borders, we use appropriate safeguards (such as standard contractual clauses) where required by law.

11. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to opt out of the "sale" or "sharing" of personal information (we do not sell or share it for cross-context behavioral advertising). You also have the right not to receive discriminatory treatment for exercising these rights. To exercise rights, use your account settings or our contact page; we will verify your request as required. If your information was provided to us by a business Customer as an End User, please direct your request to that business, and we will assist them as their processor. You may opt out of non-essential email via the unsubscribe link, and of SMS by replying STOP.

12. Children's privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under 18. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.

13. Third-party sites and services

The Service may link to or integrate with third-party sites and services that we do not control. Their privacy practices are governed by their own policies, and we are not responsible for them.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "last updated" date and, where appropriate, by additional notice. Your continued use of the Service after changes are posted constitutes acceptance.

15. Contact us

Customer2.AI — for privacy questions or to exercise your rights, reach us through our contact page. Mailing address: 9414 E. San Salvador Dr., Suite 250, Scottsdale, AZ 85258.