Privacy Policy AI Chatbot

This Privacy Policy outlines how NinjaiBot, an AI chatbot based on the OpenAI GPT model (“Chatbot”), collects, uses, stores, and safeguards the personal data of its users (“Users”).
By using Chatbot service, you agree to the collection and use of information in accordance with this policy.
Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).

The Chatbot aims to assist users in navigating websites and primarily does not collect personal data unless necessary for its operation.
The Chatbot never requires the input of special and sensitive data, and users are urged not to transmit such types of data to the Chatbot.

Types of Personal Data Collected or that may be collected

Chat Interactions: Texts shared with the Chatbot.
Technical Data: IP addresses.
Session Cookie and Usage Data: Interaction times with the Chatbot.
Contact Information (only in the case where email subscription is proposed against explicit consent): Includes names, email addresses, and phone numbers.

Purpose and Legal Basis for Processing

The collected data is utilized to:

• Deliver chatbot services, enhancing user experience through personalized responses (based on user consent).
• Improve Chatbot performance and user interaction quality (necessary for our legitimate interests).

Processing is based on user consent, the need to fulfill our service provision contract, and compliance with legal obligations.

Data Retention

Collected data is retained only as long as necessary for the purposes outlined, or to comply with our legal obligations, resolve disputes, and enforce our agreements.
Chatbot conversation data is retained only as long as necessary to calibrate and enhance the chatbot’s response accuracy, after which it is deleted.

Data Sharing and Transfers

Data are or may be shared with:

• OpenAI for processing chat interactions. See their privacy policy at OpenAI EU Privacy Policy (European Economic Area, UK, and Switzerland) or https://openai.com/policies/privacy-policy (outside European Economic Area, UK, and Switzerland).
• Service providers that facilitate the operation of the Chatbot.
• Authorities, under legitimate requests or legal requirements.

This type of service has the purpose of hosting data and files that enable this application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data are stored.
Cloud servers are managed by Liquid Web (Privacy Policy).
The chatbot management platform is developed and provided by Jargon Handlers (www.jargonhandlers.com).
Only clients, acting as data controllers, and the service provider (us) as data processor, have the capability to access the encrypted data.
This ensures that the privacy and integrity of conversations and visitor information are preserved, guaranteeing an elevated level of confidentiality and security.

Payment Information

We may provide paid products and/or services within the chatbot service. In that case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.
These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of payment information.
Users are encouraged to review the privacy policies of the respective payment gateways for detailed information on how their personal data is handled:

• PayPal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
• Stripe: https://stripe.com/privacy
• Razorpay: https://razorpay.com/privacy/

User Rights

Users have the right to:

• Access their data: Users may request to know what personal data has been collected and how it is used.
• Rectify their data: Users may request the correction of their personal data if it is inaccurate or incomplete.
• Delete their data: Users may request the deletion of their personal data in certain cases.
• Restrict the processing of their data: Users may request to limit the processing of their personal data in certain cases.
• Object to the processing of their data: Users may object to the processing of their personal data for certain purposes.
• Port their data to another controller: Users may request to receive their personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
• You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
• You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Children’s Privacy

Our service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18.
If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.
If we become aware that we have collected personal data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, We may require your parent’s consent before we collect and use that information.

Your California Privacy Rights

As a Californian consumer you have certain rights under the California Consumer Privacy Act (CaCPA) AB 375, some of these rights are:

• The right of Californians to know what personal information is being collected about them.
• The right of Californians to know whether their personal information is sold or disclosed and to whom.
• The right of Californians to say no to the sale of their personal information.
• The right of Californians to access their personal information.
• The right to data portability. You have the right to request your personal information that you provided to us and use them for your own purposes. We will provide your data to you within 30 days of your request.
• The right of Californians of the deletion of their personal information.
• The right of Californians of equal service, price, and not being discriminated against even if they exercise their privacy rights.
• One or more designated means for Californian consumers to submit requests under the CACPA including (at minimum) a toll-free number, and if the business maintains an Internet website, a website address.
• These rights include the right to request what personal information we collect and disclose about consumers.

Personal information includes:

• Categories of personal information that a business collected about the consumer.
• Categories of sources from which the personal information was collected.
• Specific pieces of personal information that the business has collected about consumers.
• Categories of third parties with whom the business shares personal information.
• The business or commercial purpose of collecting or selling personal information.

Security Measures

Appropriate technical and organizational measures are implemented to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
The security of your personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure.
While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site.
We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Privacy Policy Changes

We may update Our Privacy Policy from time to time.
We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this page.

Data Controller – Contact Information

For inquiries or requests regarding this privacy policy, please contact Data Controller: Daniele Luciani at support@NinjaiBot.com.

Last Updated: 2024-03-18