Your data, what we do with it, and your rights

Adoomi Ltd., [registered address — TBD], company registration [TBD], VAT [TBD]. Contact: privacy@adoomi.ai.

We collect personal data in three categories:

• Account data — email address, display name, workspace name, password reset tokens, IP address at signup, locale. Provided by you when you create or use an account.
• Operational data — bot configurations, knowledge sources you connect (URLs, uploaded documents, manual Q&A), chat transcripts between your bot and your end-users, usage events (messages, tokens, response times), billing records via Stripe.
• End-user data — when your bot talks to a visitor on your site, we process the visitor’s messages, optionally their email if they enter it during the conversation, IP address (anonymised per your retention setting), and session identifiers. You are the data controller for this end-user data; we are the processor.

Under GDPR Art 6, we rely on three legal bases depending on the data and purpose:

• Art 6(1)(b) — performance of contract: to provide the service you signed up for. Includes account creation, sign-in, billing, sending transactional confirmations (deletion, billing failure, Calendly booking confirmations), processing chat traffic between your bot and your end-users.
• Art 6(1)(f) — legitimate interests: operational alerts the user benefits from (cap-approaching warnings, integration health alerts), fraud prevention, security monitoring, product analytics on aggregated/anonymised data. You can opt out of operational email alerts at any time in your dashboard.
• Art 6(1)(a) — consent: optional notifications you actively turn on (escalation alerts, negative-feedback alerts, etc. — default off until you toggle them), and any future marketing email (not yet sent).

A canonical mapping of each transactional/notification email to its legal basis is documented internally and available on request.

By default, Adoomi processes and stores customer data in the European Union (EU-Frankfurt and EU-Ireland regions). All primary databases, vector indexes, edge workers, and background jobs run in the EU. We do not transfer customer data to the United States unless you explicitly enable a sub-processor that requires it (today: none mandatory).

A UK regional data plane is provisioned but inactive — see the sub-processor list for the current routing.

We use a small number of third-party processors to deliver the service. They are bound by data processing agreements. The full list of categories, purposes, locations, and links lives at our sub-processor page.

We do not sell personal data. We do not share personal data with advertisers. We do not use customer chat transcripts to train our own AI models or those of any third-party provider.

Account data: for as long as your account exists, plus a short grace period (typically 7 days) after deletion before final purge. Conversation transcripts: configurable per workspace (default 90 days — adjust under /dashboard/settings/privacy). IP addresses on chat traffic: anonymised after the window you set (default 30 days). Anonymous demo sessions: 24 hours (see the dedicated notice).

When you request account deletion, we run an asynchronous purge that removes your data from primary storage, vector indexes, and sub-processor systems we control. Some aggregated/anonymised analytics rows that contain no personal identifiers may persist for product-improvement purposes.

Under GDPR you can:

• Access — get a copy of your personal data
• Rectify — correct inaccurate data via dashboard settings or by emailing us
• Erase — request account deletion (right to be forgotten, Art 17)
• Restrict — limit processing in specific circumstances
• Object — to processing based on legitimate interest
• Portability — export your data in machine-readable format
• Withdraw consent — for any consent-based processing, at any time

Most of these are self-service in your dashboard (/dashboard/settings/privacy). For anything else, email privacy@adoomi.ai. We aim to respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. [Adoomi’s lead supervisory authority — TBD].

We use a small number of cookies, all explained on the Cookie Policy page.

We’ll update the “Last updated” date at the top of this page when we make material changes. For significant changes that affect existing customers, we’ll email account owners at least 30 days before the change takes effect.