Privacy Policy

1. Introduction

Datengem (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chatbot platform and related services.

By using Datengem, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email address, company name)
• Payment information (processed securely by third-party payment processors)
• Documents and data you upload to train your AI chatbot
• Configuration settings and customizations
• Communications with our support team

2.2 Information Collected Automatically

• Usage data (features used, time spent, interactions)
• Device information (IP address, browser type, operating system)
• Cookies and similar tracking technologies
• Chat conversations and analytics data

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our services
• To train and optimize your AI chatbot based on your data
• To process your transactions and manage your account
• To send you technical notices, updates, and support messages
• To respond to your comments, questions, and requests
• To monitor and analyze usage trends and preferences
• To detect, prevent, and address technical issues and fraud
• To comply with legal obligations

3.1 Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services under our agreement with you
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: Where you have given explicit consent for specific processing activities

4. Data Security (SOC 2 Compliance)

We maintain SOC 2 Type II compliance and implement comprehensive security measures to protect your data:

4.1 Technical Security Measures

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication (MFA) and role-based access control (RBAC)
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS)
• Data Isolation: Logical separation of customer data with dedicated encryption keys
• Secure Development: Code reviews, security testing, and vulnerability scanning

4.2 Organizational Security Measures

• Security Training: Regular employee security awareness training
• Background Checks: Comprehensive screening for all personnel with data access
• Incident Response: 24/7 security monitoring and documented incident response procedures
• Third-Party Audits: Annual SOC 2 Type II audits by independent auditors
• Penetration Testing: Quarterly third-party security assessments
• Business Continuity: Disaster recovery and backup procedures tested quarterly

4.3 Data Center Security

• ISO 27001 certified data centers
• Physical access controls with biometric authentication
• 24/7 surveillance and monitoring
• Redundant power and network infrastructure
• Automated backups with geo-redundant storage

Security Breach Notification: In the event of a data breach, we will notify affected users within 72 hours as required by GDPR and applicable laws.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our platform (e.g., cloud hosting, payment processing)
• Legal Requirements: When required by law, subpoena, or court order
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

Important: Your uploaded training data is never used to train other customers' models or shared with third parties without your explicit consent.

6. Your Data Rights (GDPR & CCPA)

Depending on your location, you have the following rights regarding your personal data:

6.1 GDPR Rights (EU/EEA Residents)

• Right of Access (Art. 15): Request confirmation of processing and access to your personal data
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data (“right to be forgotten”)
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Restriction (Art. 18): Request restriction of processing under certain conditions
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting prior processing
• Right to Lodge a Complaint: File a complaint with your local supervisory authority
• Automated Decision-Making (Art. 22): Right not to be subject to solely automated decisions with legal effects

6.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@datengem.com or dpo@datengem.com
• Submit a request through your account settings
• We will respond within 30 days (GDPR) or 45 days (CCPA)
• We may require verification of your identity before processing requests
• There is no fee for exercising your rights (unless requests are excessive)

EU Representative: For EU residents, you may contact our EU representative at eu-representative@datengem.com

7. Data Retention

We retain your information based on the following criteria:

• Active Accounts: Data retained while your account is active and for the period necessary to provide services
• Account Deletion: Personal data deleted or anonymized within 30 days of account closure
• Legal Obligations: Some data retained longer to comply with legal, tax, or regulatory requirements (typically 7 years)
• Backups: Deleted data may persist in backups for up to 90 days before permanent deletion
• Training Data: Your uploaded content is deleted immediately upon account deletion or earlier upon request

You can request early deletion of specific data by contacting privacy@datengem.com

8. International Data Transfers (GDPR Compliance)

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards for international transfers:

8.1 Transfer Mechanisms

• Standard Contractual Clauses (SCCs): EU Commission-approved SCCs for transfers from EU/EEA
• UK Addendum: UK International Data Transfer Agreement for UK transfers
• Adequacy Decisions: Transfers to countries with EU adequacy decisions where applicable
• Data Processing Agreements: Binding contracts with all third-party processors

8.2 Data Residency Options

We offer data residency options for enterprise customers:

• EU/EEA data centers for European data
• US data centers with appropriate safeguards
• On-premise deployment options for maximum control

For questions about international transfers, contact our Data Protection Officer at dpo@datengem.com

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized content and features
• Measure the effectiveness of our marketing campaigns

You can control cookies through your browser settings, though this may affect platform functionality.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. For material changes, we will provide additional notice via email.

12. Sub-Processors and Third Parties

We work with the following categories of sub-processors to provide our services:

• Cloud Infrastructure: AWS, Google Cloud Platform (SOC 2 & ISO 27001 certified)
• Payment Processing: Stripe (PCI DSS compliant)
• Email Services: SendGrid (SOC 2 certified)
• Analytics: Anonymized usage analytics providers
• Customer Support: Support ticket management systems

All sub-processors are contractually bound to GDPR-compliant Data Processing Agreements. We maintain a current list of sub-processors available at datengem.com/subprocessors and will notify customers 30 days before adding new sub-processors.

13. Supervisory Authority

If you are located in the EU/EEA or UK, you have the right to lodge a complaint with your local supervisory authority:

• EU/EEA: Contact your national Data Protection Authority (list available at edpb.europa.eu)
• UK: Information Commissioner's Office (ICO) - ico.org.uk
• US Lead Authority: California Privacy Protection Agency for CCPA matters

We encourage you to contact us first at dpo@datengem.com to resolve any concerns.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us: