VeetFlow Logo

VeetFlow

Privacy Policy

Last updated: December 2024

Privacy Policy

VeetFlow Technology

Last Updated: January 15, 2025

Effective Date: January 15, 2025

1. Scope and Definitions

This Privacy Policy applies to the information we collect when you use our Services.

  • "Personal Data" means any information that relates to an identified or identifiable individual.
  • "Customer" refers to the organization that subscribes to our Services.
  • "End-User" refers to the individual who interacts with the chatbot services provided by our Customer.
  • "Services" refers to the VeetFlow AI-powered customer service chatbot platform and related services.

2. Information We Collect

We collect various types of information to provide and improve our Services:

2.1 Information You Provide as a Customer

  • Account Information: When you create an account, we collect your name, email address, company name, password, and billing information.
  • Profile Data: We collect your user preferences, settings, and configurations for the Services.
  • Content and Communications: We collect information you submit through support tickets, feedback forms, and other communications with us.

2.2 Information Processed on Behalf of Customers (End-User Data)

  • Chatbot Conversations: We process the conversations that End-Users have with the chatbots deployed on our platform. This data is owned by our Customers.
  • End-User Information: Depending on the Customer's implementation, we may process names, email addresses, or other identifiers provided by End-Users during a conversation.

2.3 Automatically Collected Information

  • Usage Data: We collect metadata and analytics about how you and your End-Users interact with our Services, such as pages visited, features used, time spent, and interaction patterns.
  • Device and Connection Information: We collect IP address, browser type, operating system, device identifiers, and connection speed.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to manage sessions, remember preferences, and perform analytics. See our "Cookies and Tracking" section for more details.

2.4 Information from Third Parties

  • Integration Data: If you connect third-party services (e.g., CRM, ERP, social media platforms), we may receive information from them as configured in the integration.
  • Authentication Data: If you sign in using a third-party service (like Google), we receive your name and email address from that service for authentication purposes.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To Provide and Maintain the Services: We use your information to operate our platform, provide chatbot functionality, manage accounts, and offer customer support.
  • To Improve and Optimize the Services: We analyze usage patterns and feedback to improve user experience, enhance performance, and guide feature development.
  • For AI Model Training and Service Improvement:
    • We do not use your Customer Data or any Personal Data from End-User conversations to train our general, multi-tenant AI models.
    • We may use anonymized and aggregated data (Service-Generated Data) to analyze performance, identify trends, and improve our algorithms and service quality.
    • You may be offered an option to opt-in to share data for model improvement in the future, which would require your explicit consent.
  • To Communicate with You: We send you service-related updates, security alerts, billing notifications, and support messages.
  • To Process Payments: We use your billing information to process payments and manage subscriptions through our payment processor.
  • For Security and Fraud Prevention: We monitor for and prevent fraudulent, abusive, or unauthorized activities.
  • To Comply with Legal Obligations: We may use your information to comply with applicable laws, legal processes, or to enforce our Terms of Service.

4. Third-Party Integrations

Our platform integrates with various third-party services to enhance functionality. These include:

  • AI Providers: OpenAI, Google AI, Anthropic Claude for natural language processing.
  • Payment Processors: Stripe for secure payment processing.
  • Analytics Tools: Google Analytics for usage insights.
  • Hosting and Infrastructure: Virtual Private Servers (VPS) and dedicated server providers for hosting and data storage.

Note: These third parties have their own privacy policies and data processing practices. We recommend reviewing their policies as they may differ from ours. When you authorize an integration, you are allowing us to share data with that third party as necessary to provide the functionality.

5. Data Security

We implement robust, industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (using TLS 1.2 or higher) and at rest (using AES-256).
  • Access Controls: We enforce strict authentication and role-based access control protocols to limit data access to authorized personnel only.
  • Regular Audits and Monitoring: We conduct periodic security assessments, vulnerability testing, and continuous monitoring of our systems to detect and respond to threats.
  • Data Backups: We perform regular, encrypted backups to prevent data loss and ensure business continuity.

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining a high standard of protection.

6. Data Retention

We retain your Personal Data only for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy.

6.1 Retention Periods

  • Active Account Data: Retained for the duration of your active account
  • Conversation Logs: 12 months by default (configurable by customers from 30 days to 7 years)
  • Deleted Account Data: 90 days after account deletion, then permanently deleted
  • Waitlist Data: 2 years or until conversion to paying customer
  • Marketing Communications: Until you unsubscribe or withdraw consent
  • Financial Records: 7 years (required by tax and regulatory laws)
  • Support Tickets: 3 years from last interaction
  • Security and Audit Logs: 2-7 years depending on type
  • Anonymous Analytics: 26 months

6.2 Deletion Process

When a Customer deletes their account:

  1. Immediate: Account access disabled, services stopped
  2. Days 1-30: Grace period for accidental deletion recovery
  3. Days 31-90: Data moved to secure isolated storage
  4. Day 90+: Permanent deletion using secure deletion methods (NIST 800-88 compliant)

We use industry-standard secure deletion methods including:

  • Multi-pass overwrite for electronic data
  • Cryptographic erasure for encrypted data
  • Physical destruction for decommissioned hardware
  • Automated backup purge on 90-day rotation

Exceptions: We may retain certain data longer when required by:

  • Legal or regulatory obligations (e.g., financial records for 7 years)
  • Ongoing legal proceedings or disputes
  • Fraud prevention and security (limited data only)

6.3 Detailed Retention Policy

For complete details on our data retention periods, deletion procedures, and your deletion rights, please see our comprehensive Data Retention & Deletion Policy.

7. Your Data Protection Rights

Depending on your location and applicable data protection laws (such as GDPR or CCPA), you may have the following rights regarding your Personal Data:

  • Right to Access: You can request a copy of the Personal Data we hold about you.
  • Right to Rectification: You can request to correct inaccurate or incomplete information.
  • Right to Erasure (Deletion): You can request the deletion of your Personal Data, subject to our legal and contractual retention obligations.
  • Right to Data Portability: You can request to receive your data in a structured, machine-readable format.
  • Right to Restrict Processing: You can request that we limit the processing of your Personal Data in certain circumstances.
  • Right to Object to Processing: You can object to our processing of your data for direct marketing or other specific reasons.
  • Right to Withdraw Consent: Where we rely on your consent to process data, you can revoke that consent at any time.

To exercise these rights, please contact us at privacy@veetflow.com. We will respond to your request in accordance with applicable laws.

8. Data Processing Addendum (DPA)

For our Customers who are subject to the GDPR or other data protection laws that require a DPA, we offer a Data Processing Addendum that governs the processing of personal data. Please contact us at legal@veetflow.com to request a copy of our DPA.

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Functionality: Remember your preferences, settings, and login state.
  • Analytics: Analyze site traffic, user behavior, and the performance of our Services.
  • Security: Maintain security and prevent fraudulent activities.

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

10. Children's Privacy

Our Services are not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child without verifiable parental consent, we will take steps to delete it promptly.

11. International Data Transfers

Your information may be transferred to, and processed in, countries other than your own, including the United States, where our servers are located. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws. For transfers of data from the European Economic Area (EEA), we rely on mechanisms such as the Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. We will notify you of significant changes via email or through a prominent notice on our website at least 30 days before the changes take effect. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

VeetFlow Technology

Data Protection Officer

Email: privacy@veetflow.com

Website: https://veetflow.com