Privacy Policy

RIZON AI ("Company," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, and products.

This Privacy Policy applies to all information collected through our services, whether collected online or offline. Please read this policy carefully. If you do not agree with our policies and practices, please do not use our services.

2.1 Information You Provide Directly

Account Registration: name, email address, phone number, company name, job title, business address, payment information (credit card, bank details), username and password.

Service Usage: customer data you upload or integrate, communication records (emails, chat logs, call recordings), business information and settings, API keys and credentials (stored securely), files and documents you upload, feedback and support requests.

Communications: messages you send to our support team, survey responses, testimonials and reviews, inquiries and requests.

2.2 Information Collected Automatically

Website and Service Usage: IP address, browser type and version, operating system, pages visited and time spent, links clicked, referral source, device information, device ID and identifiers.

Cookies and Tracking Technologies: session cookies (expire when browser closes), persistent cookies (remain on device), web beacons and pixels, analytics data, advertising identifiers.

Service Performance: login history, feature usage patterns, AI agent interactions (anonymized), system performance metrics, error logs and debugging information.

2.3 Information from Third Parties

Integrated Services: Google Calendar data (with your permission), email service data (with your permission), payment processor data (Stripe, PayPal, Razorpay), CRM data (with your permission), WhatsApp, Instagram, Facebook data (with your permission).

Other Sources: business partners and affiliates, public databases, data brokers, social media platforms.

3.1 Service Delivery

Set up and configure your AI agents, integrate with your business systems, provide customer support, process payments, deliver and maintain services, monitor service performance, troubleshoot issues.

3.2 Communication

Send service announcements, respond to your inquiries, send billing and account information, notify you of policy changes, send promotional emails (with consent), provide customer support.

3.3 Analytics and Improvement

Analyze service usage patterns, improve user experience, optimize features and functionality, conduct research and analytics, test new features, generate performance reports.

3.4 Marketing and Business Development

Create case studies (with your consent), use for testimonials and success stories, feature in marketing materials (with consent), send promotional content (with consent), conduct market research, develop new services.

3.5 Legal and Compliance

Comply with legal obligations, enforce Terms of Service, prevent fraud and abuse, protect rights and safety, respond to legal requests, maintain security and safety.

3.6 Anonymized and Aggregated Data

Create anonymized statistics, develop benchmarks and reports, improve AI models, train algorithms, share industry insights, publish research.

4.1 Third Parties We Share With

Service Providers: hosting and infrastructure providers, payment processors, email service providers, analytics providers, customer support tools, cloud storage providers.

Integrated Services (with permission): Google (Calendar, Gmail), Microsoft (Outlook, Office), Stripe, Razorpay, PayPal, WhatsApp, Instagram, Facebook, Shopify, WooCommerce, popular CRM platforms.

Legal Requirements: law enforcement (with valid legal request), government agencies, courts and legal proceedings, as required by law.

Business Transfers: merger or acquisition, sale of assets, bankruptcy proceedings, change of ownership.

With Your Consent: any third party you authorize, for purposes you explicitly approve.

4.2 Data We Do NOT Share

We do NOT sell, rent, or share your customer data, confidential business information, payment information (beyond payment processors), personal data without consent, or data for unauthorized marketing.

5.1 Security Measures

We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encryption at rest (AES-256), firewalls and intrusion detection, access controls and authentication, regular security audits, vulnerability assessments, secure API connections, data isolation and segmentation, secure password hashing, multi-factor authentication options.

5.2 Security Limitations

While we maintain security measures, no system is 100% secure. We cannot guarantee absolute security of transmitted data, protection against all cyber attacks, prevention of unauthorized access, or complete immunity from breaches.

5.3 Data Breach Notification

If we discover a breach affecting your personal data, we will notify affected individuals, notification within legally required timeframes, details of what data was compromised, steps being taken to mitigate risk, and recommendations for protecting yourself.

6.1 Access and Portability

You have the right to request access to your personal data, download your data in portable format, understand what data we hold, and request data from third-party services.

6.2 Correction and Deletion

You have the right to correct inaccurate information, request deletion of your data, request removal from marketing lists, and withdraw consent at any time.

6.3 Opt-Out

You can opt-out of marketing emails (unsubscribe link), promotional communications, analytics and tracking, cookies (browser settings), targeted advertising.

6.4 Restrictions

You may request we limit how we use your data, restrict processing of your information, stop using data for specific purposes, or suspend data sharing.

6.5 How to Exercise Rights

To exercise any of these rights send written request to our Data Protection Officer, include your name and email address, specify which right you're exercising, provide identification verification if needed. We will respond within 30 days.

7.1 Types of Cookies We Use

Essential Cookies: session management, security and authentication, CSRF protection, necessary for service functionality.

Performance Cookies: analytics (Google Analytics), performance monitoring, error tracking, user behavior analysis.

Functionality Cookies: remember your preferences, store login information, maintain service settings.

Marketing Cookies: retargeting advertisements, campaign tracking, conversion tracking, audience segmentation.

7.2 Managing Cookies

You can control cookies through browser settings, cookie consent banner on our website, opt-out preferences, Do-Not-Track requests, cookie management tools.

7.3 Third-Party Tracking

Third parties may use cookies to display advertisements, track your behavior across sites, collect analytics, and measure campaign performance.

8.1 Retention Periods

Active Account Data: retained while you use our services; deleted 30 days after account cancellation; backup copies retained for 90 days.

Payment Data: retained for tax and accounting purposes; deleted after legally required period; separate from personal data.

Communications: support tickets retained 2 years, marketing emails until opt-out, chat logs 1 year unless extended, call recordings 1 year (for compliance).

Analytics and Logs: anonymized analytics indefinitely; IP logs 90 days; error logs 30 days; server logs 90 days.

Customer Data (your customers): retained while you use services; deleted within 30 days of cancellation; automatic deletion after 30 days; export available during retention period.

8.2 Deletion Requests

Upon request, we will delete personal data within 30 days, remove from backups within 90 days, maintain anonymized copies, and retain data required by law.

9.1 Data Location

Your data may be stored on servers in multiple locations, transferred across borders, processed in different countries, subject to varying laws.

9.2 GDPR and International Transfers

For EU residents we ensure adequate data protection, use Standard Contractual Clauses, implement supplementary measures, provide appropriate safeguards, and comply with GDPR requirements.

9.3 Data Privacy Agreements

We have data processing agreements that comply with applicable laws, ensure data protection, limit use of data, require security measures, and enforce contractual obligations.

We do NOT knowingly collect information from children. Our services are not intended for anyone under 18. We do not knowingly collect data from minors. If we discover a child's information, we delete it. Parents and guardians should supervise internet use. If you believe we have a child's data, notify us immediately.

11.1 External Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Review their privacy policies. We do not control external sites. Their policies apply when you visit.

11.2 Third-Party Integrations

When you integrate third-party services, your data is shared per integration, third-party privacy policies apply, we are not responsible for their practices, review their terms before integrating.

12. CALIFORNIA PRIVACY RIGHTS (Applies Globally)

If you are in California or similar jurisdictions, you may have the right to:

Right to Know: what personal information is collected, how it's used, who it's shared with.

Right to Delete: request deletion of personal information, exceptions for legal requirements, we comply within 45 days.

Right to Opt-Out: opt-out of data sales (we don't sell), opt-out of targeted advertising, opt-out of profiling.

Right to Correct: request correction of inaccurate data, we update within 45 days.

Right to Non-Discrimination: no discrimination for exercising rights, no penalty for opting out, equal service and pricing.

13. EUROPEAN UNION PRIVACY RIGHTS (GDPR, Applies Globally)

If you are in the EU or similar jurisdictions with GDPR-like laws, you have:

Right of Access: request access to your personal data, receive copy in portable format, understand how data is used.

Right to Rectification: correct inaccurate information, complete incomplete data.

Right to Erasure: request deletion ("Right to be Forgotten"), exceptions for legal obligations, we comply within 30 days.

Right to Restrict Processing: limit how we use your data, stop processing for specific purposes.

Right to Data Portability: receive data in structured format, transfer to another controller, machine-readable format.

Right to Object: object to processing, stop marketing communications, opt-out of analytics.

Rights Related to Profiling: know when profiling occurs, understand profiling logic, object to automated decisions.

Right to Lodge a Complaint: file complaint with data protection authority, report violations of privacy rights.

If you are subject to GDPR:

14.1 Our Role

We act as Data Processor for Client data. Client acts as Data Controller. We only process data per Client instructions. We comply with GDPR Article 28.

14.2 Data Processing Agreement

Available upon request. Standard Contractual Clauses included. Sub-processor disclosures provided. International transfer mechanisms in place.

14.3 Data Subject Rights Support

We assist you in responding to data subject requests, provide data access assistance, support deletion requests, facilitate portability requests.

Some browsers include Do Not Track features. We honor Do Not Track where feasible. Some tracking may continue for functionality. We comply with applicable DNT regulations.

16.1 Policy Updates

We may update this policy at any time. Changes effective immediately upon posting. Material changes: 30 days notice. Continued use equals acceptance of changes. We will highlight significant changes.

16.2 Your Rights Upon Changes

You can review updated policy anytime, opt-out if changes are unacceptable, cancel services if you disagree, no penalty for canceling due to changes.

For privacy questions or requests submit written request for data access, request data deletion, exercise privacy rights, report privacy concerns, submit data breach reports.

How to Submit Requests: send written request via mail, include your name and contact info, specify which right you're exercising, provide identification verification. Response within 30 days.

18.1 Case Studies and Marketing

We use your data with permission for case studies, success metrics used for marketing, company name may appear as reference, customer data kept confidential, you can request anonymity.

18.2 AI Model Training

Anonymized interactions improve our AI. Your actual conversations not used for training. Customer data never used for AI training. Aggregate metrics only. No identification of your business.

18.3 Analytics and Reporting

Performance dashboards created. Monthly reports generated. Benchmarking with anonymized data. Industry insights shared. Your specific metrics kept confidential.

19.1 If Your Data Is Compromised

We will investigate immediately, notify affected parties within legally required timeframe, provide details of incident, explain impact and mitigation, offer credit monitoring (if applicable), work with authorities.

19.2 Your Responsibilities

Change your password immediately, monitor accounts for fraud, enable multi-factor authentication, report suspicious activity, follow our guidance.

For questions about this Privacy Policy submit detailed request describing your concern, include your name and account information. We will investigate and respond. Response provided within 30 days. Escalation available if needed.

We maintain privacy compliance program, regular audits and assessments, staff training on privacy, data protection impact assessments, privacy by design approach, incident response procedures, privacy documentation.

If this Privacy Policy conflicts with our Terms of Service, Terms control. With Data Processing Agreement, DPA controls for that data. With local privacy law, local law controls. With industry-specific regulations, those regulations control.

23. CALIFORNIA CONSUMER PRIVACY ACT (CCPA, Extended to All Users)

Consumer Rights (Available to All):

Right to Know: you have the right to request categories of personal information collected, sources of personal information, business purpose for collection, categories of third parties shared with.

Right to Delete: you have the right to request deletion of personal information. Limited exceptions for legal requirements. Business necessity. Response within 45 days.

Right to Opt-Out: you have the right to opt-out of selling personal information, opt-out of sharing for cross-context behavioral advertising, opt-out of profiling for decisions, no retaliation for opting out.

Right to Correct: you have the right to request correction of inaccurate data. We verify and update within 45 days.

Right to Limit Use: you have the right to limit use of sensitive personal information. Use limited to service delivery. We comply unless necessary for operations.

Submitting Requests: send written request, include name and email, verify your identity. Response within 45 days.

We may collect payment card information (for processing only), government identifiers (ID verification), biometric data (if you opt-in for authentication), health information (if you voluntarily provide), financial information (billing and payment).

We limit use to service delivery and payment processing, legal compliance and fraud prevention, security and safety, your explicit purposes.

This Privacy Policy is binding and incorporates our commitment to protecting your privacy. By using our services, you acknowledge you have read and agree to this policy.

If you have concerns about our privacy practices, please contact us. Your privacy matters to us.

ACKNOWLEDGMENT

By using RIZON AI services, you acknowledge that you have read, understood, and agree to this Privacy Policy.