Last Updated: January 2025
AskAloud ("we," "us," or "our") operates the AskAloud platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Please read this Privacy Policy carefully. By using AskAloud, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Username and password (stored encrypted)
- First and last name
- Date of birth (optional)
- Gender (optional)
- Profile image URL
1.2 Workspace and Team Data
When you create or join a workspace, we collect:
- Workspace name
- Your role within the workspace (owner, admin, member, viewer)
- Team membership information
1.3 Conversation Data
When visitors interact with your AI agents, we collect:
- Full conversation transcripts (text messages)
- Audio recordings of voice conversations
- Sentiment analysis scores
- Intent detection results
- Lead qualification scores and answers
1.4 Lead and Contact Information
Through your AI agents, we may collect from your website visitors:
- Full name
- Email address
- Phone number
- Job title and seniority level
- Company name and information
- Any additional form fields you configure
1.5 Visitor Tracking Data
For website visitors interacting with your agents, we collect:
- Browser fingerprint (optional, for session continuity)
- UTM parameters (source, medium, campaign)
- Referrer URL
- First and last visit timestamps
- IP-derived location (country/region level)
1.6 Billing Information
When you subscribe to a paid plan, our payment processor (Stripe) collects:
- Payment method details
- Billing address
- Transaction history
We store your Stripe customer ID and subscription status, but do not store full payment card details.
1.7 Knowledge Base Content
Content you upload or create, including:
- FAQs and answers
- Product information
- Business knowledge and agent configurations
2. How We Use Your Information
We use collected information to:
- Provide our services: Power AI conversations, lead capture, and CRM integrations
- Process payments: Manage subscriptions and billing through Stripe
- Improve our platform: Analyze usage patterns to enhance features
- Communicate with you: Send service updates, security alerts, and support responses
- Ensure security: Detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations: Meet regulatory requirements and respond to legal requests
3. Third-Party Services
We share data with the following categories of service providers:
3.1 AI/ML Processing Services
| Provider | Data Shared | Purpose |
|---|---|---|
| OpenAI | Conversation messages, audio files | Generate AI responses, transcribe audio |
| Anthropic | Conversation context | Alternative AI processing |
| Groq | Audio files | Audio transcription |
These providers process data to deliver our AI functionality. They are contractually bound to protect your data.
3.2 Authentication Services
| Provider | Data Shared | Purpose |
|---|---|---|
| Google OAuth | Email, profile information | Social login authentication |
3.3 CRM Integrations (Optional)
| Provider | Data Shared | Purpose |
|---|---|---|
| HubSpot | Lead data, contact information | Sync leads to your CRM |
CRM integrations are optional and only activated when you connect your accounts.
3.4 Payment Processing
| Provider | Data Shared | Purpose |
|---|---|---|
| Stripe | Billing information, subscription details | Process payments |
Stripe handles payment processing in compliance with PCI-DSS standards.
3.5 Cloud Infrastructure
| Provider | Data Shared | Purpose |
|---|---|---|
| Amazon Web Services (S3) | Images, documents, audio files | File storage |
| Cloud hosting providers | All application data | Infrastructure |
4. Cookies and Tracking
4.1 Cookies We Use
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
access_token | Authentication | 3 days | Essential |
refresh_token | Session maintenance | 30 days | Essential |
Both cookies are set with HttpOnly, Secure, and SameSite flags for security.
4.2 No Third-Party Tracking
We do not use third-party tracking cookies, advertising cookies, or share data with ad networks.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| User account data | Until account deletion request |
| Conversation sessions | Until workspace deletion or deletion request |
| Audio recordings | Until workspace deletion or deletion request |
| Widget visitor sessions | 24 hours (session data), indefinite (captured leads) |
| Authentication tokens | 3-30 days (auto-expiry) |
| Billing records | As required by law (typically 7 years) |
6. Data Security
We implement appropriate security measures including:
- Encryption in transit: All data transmitted via HTTPS/WSS
- Secure authentication: JWT tokens with HttpOnly cookies
- Token rotation: Automatic token refresh and blacklisting
- Rate limiting: Protection against abuse and DDoS
- Access control: Role-based permissions within workspaces
- Multi-tenancy isolation: Data separated between workspaces
7. Your Rights
Depending on your location, you may have the following rights:
7.1 Access
You can view your profile information and conversation data through your account dashboard.
7.2 Correction
You can update your profile information at any time through account settings.
7.3 Deletion
To request deletion of your account and associated data, contact us at support@askaloud.co.
7.4 Data Portability
To request a copy of your data, contact us at support@askaloud.co.
7.5 Opt-Out
- You can disconnect CRM integrations at any time
- You can cancel your subscription through the billing portal
8. Children's Privacy
AskAloud is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers through standard contractual clauses and other mechanisms.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on our website
- Updating the "Last Updated" date
- Sending an email notification for significant changes
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: support@askaloud.co
AskAloud
12. Additional Disclosures
For California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
For European Residents (GDPR)
If you are in the European Economic Area, you have rights under the General Data Protection Regulation including the right to lodge a complaint with your local supervisory authority.
Our legal basis for processing your data includes:
- Contract performance: To provide services you requested
- Legitimate interests: To improve our services and prevent fraud
- Consent: Where you have given explicit consent
- Legal obligations: To comply with applicable laws