Privacy Policy

Last updated: September 2, 2025

1. Introduction

At Deliverists ("we," "our," or "us"), we are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ChatlyBot services.

Our Commitment: We do not sell, rent, or share your personal data with third parties for their commercial purposes. We use your data solely for providing and improving our Services.

1.1 Data Controller Information

Data Controller: Deliverists.IO

Email: support@deliverists.io

1.2 Data Processing Records

As required by GDPR Article 30, we maintain records of all processing activities. This Privacy Policy serves as our public-facing data processing record. For detailed processing records, contact our Data Protection Officer.

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly to us:

  • Account Information: Name, email address, company name, business address
  • Authentication Data: Username, password (encrypted)
  • Billing Information: Payment details processed securely by our payment processors
  • Communications: Messages you send to us, support requests, feedback
  • Profile Data: Preferences, settings, and configuration choices

2.2 Usage and Technical Data

We automatically collect certain information when you use our Services:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Chat Data: Conversations with AI, interaction timestamps, response quality feedback
  • Performance Data: Service usage statistics, error logs, performance metrics
  • Content Data: Documents uploaded for AI training, file metadata

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for basic functionality and security
  • Analytics Cookies: Help us understand how you use our Services
  • Preference Cookies: Remember your settings and preferences
  • Session Cookies: Maintain your session during use

You can control cookie preferences through your browser settings.

3. Legal Basis for Processing (GDPR)

For users in the European Union, we process your data based on the following legal grounds:

3.1 Contract Performance (Article 6(1)(b) GDPR)

Processing necessary for:

  • Account creation and management
  • Service provision and delivery
  • Billing and payment processing
  • Customer support and communication

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing necessary for our legitimate interests:

  • Service Improvement: Analyzing usage to enhance functionality
  • Security: Preventing fraud and ensuring system security
  • Business Operations: Managing our business efficiently
  • Legal Compliance: Meeting regulatory requirements

Impact Assessment: We balance our interests against your privacy rights and only process data when our interests are not overridden by your rights.

3.3 Consent (Article 6(1)(a) GDPR)

Processing based on your explicit consent for:

  • Marketing communications (where applicable)
  • Non-essential cookie usage
  • Advanced analytics and personalization

You can withdraw consent at any time without affecting service provision.

3.4 Legal Obligations (Article 6(1)(c) GDPR)

Processing required by law for:

  • Tax compliance and financial reporting
  • Legal proceedings and investigations
  • Regulatory reporting requirements

4. How We Use Your Information

We use your information solely for the following purposes:

4.1 Service Provision

  • Creating and managing your account
  • Providing AI chat functionality
  • Processing documents for knowledge base creation
  • Delivering customer support

4.2 Service Improvement

  • Analyzing usage patterns to improve functionality
  • Training AI models with anonymized data
  • Developing new features and capabilities
  • Monitoring system performance and security

4.3 Communication

  • Sending service updates and notifications
  • Responding to your inquiries and support requests
  • Providing billing and account information

4.4 Legal Compliance

  • Enforcing our Terms of Service
  • Preventing fraud and abuse
  • Complying with legal obligations
  • Protecting our rights and those of others

5. Data Sharing and Third Parties

5.1 Our Policy on Data Sales

We do not sell, rent, lease, or otherwise monetize your personal data to third parties. We use your data exclusively for providing and improving our Services.

5.2 Limited Sharing

We may share your information only in the following limited circumstances:

  • Service Providers: Trusted partners who help us operate (payment processors, hosting providers, analytics services)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit permission

5.3 Data Processing Agreements

All third-party service providers are bound by data processing agreements that require them to:

  • Maintain appropriate security measures
  • Use data only for specified purposes
  • Comply with applicable data protection laws
  • Delete data when no longer needed

6. International Data Transfers

Your data may be transferred to and processed in countries other than your own. When we transfer data internationally:

  • We ensure adequate protection through standard contractual clauses
  • We comply with GDPR requirements for international transfers
  • We maintain the same level of protection regardless of location

7. Data Security

We implement comprehensive security measures to protect your data:

7.1 Technical Measures

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Multi-factor authentication for administrative access
  • Secure API endpoints with JWT token authentication
  • Database encryption and access logging
  • Regular security patches and updates

7.2 Organizational Measures

  • Employee training on data protection and GDPR compliance
  • Regular security assessments and audits
  • Incident response procedures and breach notification protocols
  • Background checks for personnel with data access
  • Access controls based on role and necessity (principle of least privilege)

7.3 Privacy by Design

We incorporate privacy considerations into all our systems and processes:

  • Data Minimization: We collect only necessary data for service provision
  • Purpose Limitation: Data is used only for stated purposes
  • Storage Limitation: Data is retained only as long as necessary
  • Security by Design: Security measures are built into all systems

7.4 Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

  • AI model training and data processing
  • Large-scale data analysis
  • New technology implementations
  • International data transfers

8. Data Retention

We retain your data only as long as necessary:

  • Account Data: Retained while your account is active and for 3 years after closure
  • Chat Data: Retained for 2 years for service improvement and legal compliance
  • Billing Data: Retained for 7 years for tax and accounting purposes
  • Analytics Data: Anonymized and retained indefinitely for service improvement

You may request deletion of your data at any time, subject to legal retention requirements.

9. Your GDPR Rights

If you are in the European Union, you have the following rights:

9.1 Information and Access

  • Right to Information: Receive clear information about how we process your data
  • Right of Access: Request a copy of your personal data we hold

9.2 Modification and Control

  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests

9.3 Data Portability and Consent

  • Right to Data Portability: Receive your data in a structured format
  • Right to Withdraw Consent: Withdraw consent for processing based on consent

10. Automated Decision Making

We use automated processing for:

  • AI chat responses based on your conversations
  • Fraud detection and security monitoring
  • Service optimization and personalization

You have the right to human review of automated decisions that significantly affect you.

11. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay
  • Provide clear information about the breach and mitigation measures

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on our website
  • Send email notification of material changes
  • Provide at least 30 days' notice for significant changes
  • Update the "Last updated" date at the top of this policy

14. Contact Information

For privacy-related questions or to exercise your rights: