Privacy & Data Sovereignty.
This policy outlines how AI Automation Services Agency collects, processes, and strictly protects your proprietary data. We treat your data as an asset, not a product.
1. Data Collection & Scope
We collect only the strictly necessary data required to configure and maintain your automation workflows. This includes:
- Identity Data: Name, work email, phone number, and company details provided during the onboarding process.
- Input Data (Business Logic): Documents (PDFs, Excel), API Keys, CRM records, and internal workflows shared for automation configuration.
- Usage Logs: Metadata regarding how you interact with our AI agents (timestamps, token usage count) for billing purposes.
2. AI & Model Training Policy
We adhere to a strict "Data Sovereignty" architecture. Our stance on LLM training is absolute:
We DO NOT use your proprietary data to train, fine-tune, or improve our foundation models (or public models like GPT-4/Claude) without your explicit written consent.
Ephemeral Processing: Data sent to our AI Agents is processed in "Stateless Mode." It exists in the inference memory only for the duration of generating the response and is not permanently stored by the foundation model provider (e.g., via OpenAI Enterprise Zero-Retention API).
3. Purpose of Processing
We process your data strictly to:
- Service Delivery: To build chatbots, voice agents, and automation pipelines as per the Master Services Agreement (MSA).
- Billing & Metering: To calculate API token consumption and generate monthly invoices.
- Maintenance: To debug specific errors in your automation flows upon your request.
5. Security Protocols
We implement defense-in-depth security measures to protect your intellectual property:
- Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 standards.
- Secret Management: Your API Keys (e.g., Stripe, Salesforce) are stored in a secured Vault, never in plain text code.
- Access Control: Only authorized engineers with MFA (Multi-Factor Authentication) enabled have access to the production environment.
6. Your Data Rights
Under global privacy standards (including GDPR and India's DPDP Act), you have the right to:
- Access: Request a copy of all data we store about your company.
- Deletion: Request a complete "hard delete" of your data from our servers ("Right to be Forgotten").
- Portability: Receive your vector embeddings and chat logs in a machine-readable format (JSON/CSV).
7. Contact Information
If you have questions about data privacy or wish to exercise your rights, please contact our Data Protection Officer: