PRIVACY POLICY
PRIVACY POLICY
Effective Date: [2026]
Entity: UIRIX AI (“UIRIX”, “we”, “us”, “our”)
Privacy Contact: [email protected]
This Privacy Policy (“Policy”) describes how UIRIX collects, uses, discloses, and protects Personal Data in connection with our websites, applications, dashboards, APIs, and related services (collectively, the “Service”).
If you do not agree with this Policy, do not use the Service.
1. Definitions
“Personal Data” means information that identifies or can reasonably be used to identify an individual, directly or indirectly, as defined by applicable law.
“Customer” means the individual or legal entity that creates an account or uses the Service.
“End Users” means individuals who interact with a Customer’s AI agents or Customer’s deployments via the Service (e.g., callers, website visitors, chat participants).
“Customer Content” means any data, content, files, documents, transcripts, recordings (if enabled), chats, logs, URLs for scanning, configurations, prompts, and other information that Customer or its End Users submit to or process through the Service.
2. Roles: Controller vs. Processor (Key Allocation of Responsibility)
Depending on the context, UIRIX may act as either a Controller or a Processor:
Account, billing, and Service operations data. UIRIX generally acts as a Controller of Personal Data relating to account administration, billing, support, security, and operation of the Service.
Customer Content / End User data. Where Customer uses the Service to process End User data (e.g., calls, chats, transcripts, recordings, CRM data, uploaded knowledge), Customer is generally the Controller and UIRIX acts as a Processor (or “service provider”/equivalent role) processing such data on Customer’s instructions to provide the Service.
Customer is solely responsible for: (a) determining the lawful basis for processing End User data; (b) providing all required notices; (c) obtaining any required consents (including for call recording/transcription where applicable); and (d) complying with laws applicable to Customer’s business (including marketing/telecommunications rules, and data protection laws). UIRIX is not responsible for Customer’s compliance obligations toward End Users.
3. Personal Data We Collect
We collect Personal Data from several sources:
3.1 Data you provide directly
Account data: name, email address, phone number, company/organization details (if provided), and authentication data (e.g., SSO identifiers).
Support and communications: messages you send us, support tickets, and files you choose to share for troubleshooting.
Customer Content: content you upload or process through the Service, such as documents, knowledge sources, agent configurations, prompts, URLs submitted for scanning, and related materials.
3.2 Data collected automatically
Usage and device data: log data (timestamps, actions taken in the Service), IP address, browser/device characteristics, approximate location derived from IP, diagnostics, crash reports, and security events.
Agent interaction data (if enabled by Customer): metadata about calls/chats (time, duration, status, channel), and interaction content (e.g., chat messages, call transcripts, and recordings if enabled).
3.3 Payment and billing data
Payments are typically handled by third-party payment processors. We may receive limited billing-related information (e.g., billing contact details, invoice details, payment status, transaction identifiers). We generally do not store full payment card details.
4. How We Use Personal Data
We use Personal Data only as necessary to operate and improve the Service, including to:
Provide and maintain the Service (account creation, authentication, agent deployment, knowledge management, integrations, and service delivery).
Security, fraud prevention, and abuse detection (monitoring, risk analysis, access control, and investigating suspicious activity).
Support and troubleshooting (responding to inquiries, diagnosing issues, and providing customer support).
Billing and subscription management (invoicing, payment status, account administration).
Service improvement and analytics (performance optimization, reliability, capacity planning, feature development).
Compliance and enforcement (meeting legal obligations, enforcing our Terms of Service, protecting our rights and users, and managing disputes).
We do not guarantee that our systems will detect or prevent all misuse or security incidents.
5. Aggregated / De-identified Data
We may create and use aggregated, statistical, and/or de-identified data derived from the Service (including usage patterns and performance metrics) for purposes such as analytics, product improvement, security, benchmarking, capacity planning, and business reporting. To the extent permitted by law, UIRIX may use such aggregated or de-identified data without restriction, and such data is not intended to identify any individual.
6. Monitoring & Abuse Prevention
To protect the Service, our users, and our business, we may monitor, log, analyze, and review Service activity (including system logs and operational telemetry) to:
detect and prevent fraud, spam, malicious activity, and policy violations;
enforce our Terms of Service and security controls;
maintain service integrity and reliability.
We may take actions we deem appropriate, including limiting functionality, requiring additional verification, suspending access, or terminating accounts, subject to applicable law.
7. Cookies and Similar Technologies
We may use cookies and similar technologies (e.g., local storage, pixels) to:
enable essential functionality (authentication, security, preferences);
analyze performance and usage;
support marketing (where enabled and permitted by law).
You can control cookies through browser settings and, if available, through cookie preference tools on our site. Blocking certain cookies may impair functionality.
8. Legal Bases for Processing (Where Applicable)
Where required by law (e.g., in certain jurisdictions), we rely on one or more of the following legal bases:
Contractual necessity (to provide the Service you requested);
Legitimate interests (security, fraud prevention, service improvement, business operations);
Legal obligation (tax, accounting, compliance, lawful requests);
Consent (where required, e.g., certain cookies or specific processing activities).
9. How We Share Personal Data
We share Personal Data only as necessary and as described below:
9.1 Service providers / sub-processors
We may share data with vendors who help us operate the Service (e.g., cloud hosting, storage, monitoring, analytics, communications, telephony, transcription/voice providers, AI model providers, and customer support tooling). They are authorized to process data only as needed to provide services to us and are subject to contractual protections where required.
9.2 Customer-directed integrations
If Customer enables third-party integrations (e.g., CRM, calendar, marketing tools), we may transmit data to those third parties as instructed by Customer. Customer’s use of third-party services is governed by the third party’s terms and policies. UIRIX is not responsible for third-party services not under our control.
9.3 Legal, compliance, and protection
We may disclose information if we believe in good faith that disclosure is necessary to:
comply with applicable law, regulation, legal process, or governmental request;
enforce our Terms of Service and agreements;
protect the rights, safety, and security of UIRIX, Customers, End Users, or the public;
detect, prevent, or address fraud, abuse, or security incidents.
We may not be able to provide advance notice of disclosure when legally prohibited or where doing so could compromise security or investigations.
9.4 Corporate transactions
We may disclose information in connection with a merger, acquisition, restructuring, financing, or sale of all or a portion of our business or assets, subject to reasonable safeguards.
No sale of Personal Data. We do not sell Personal Data in the ordinary sense of “selling” personal information for monetary consideration. If a jurisdiction defines “sale” or “sharing” differently, we will comply as required.
10. International Data Transfers
Your data may be stored or processed in countries other than your own, depending on our operations and vendors. Where required, we will use appropriate safeguards for international transfers (e.g., contractual protections), consistent with applicable law.
11. Security
We implement reasonable technical and organizational measures designed to protect Personal Data (such as access controls, monitoring, encryption in transit, and operational security practices). However:
no system is perfectly secure;
we cannot guarantee absolute security; and
we are not responsible for security incidents resulting from Customer configuration, weak credentials, Customer systems, or third-party services not under our control.
12. Data Retention and Deletion
Retention Period. All data stored in the Service is retained for twelve (12) months from the date it is created, uploaded, received, or last updated (as applicable).
Automatic Deletion. After the retention period, the data will be automatically deleted.
Backups. Residual copies may remain in backups for a limited period as part of routine backup and disaster recovery processes and will be overwritten or deleted according to normal cycles.
Legal/claims retention. We may retain certain data for longer where required by law or to establish, exercise, or defend legal claims, or to address security/fraud issues.
13. Sensitive Data — Prohibited/Restricted
Unless expressly agreed in writing by UIRIX and Customer (and appropriate safeguards are implemented), Customer must not upload, submit, or process through the Service:
protected health/medical information subject to specialized regimes (e.g., HIPAA or equivalent);
full payment card details, CVV codes, bank credentials, passwords in plaintext, or other highly sensitive authentication secrets;
biometric identifiers, precise government ID numbers (unless legally required and properly safeguarded), or sensitive data about minors;
any other data categorized as “sensitive” under applicable law requiring heightened protections without ensuring such protections.
Customer is solely responsible for determining whether data is sensitive and for lawful processing. UIRIX disclaims liability arising from Customer’s processing of sensitive data in violation of this section.
14. Your Rights and Requests
Depending on your jurisdiction, you may have rights regarding your Personal Data (e.g., access, correction, deletion, restriction, objection, portability, and withdrawal of consent).
How to exercise rights. Contact [email protected]
. We may require identity verification.
Limitations. To the extent permitted by law, we may deny or limit requests where: (a) we cannot verify identity; (b) requests are excessive, repetitive, or manifestly unfounded; (c) compliance would violate law; or (d) we must retain information for legal compliance, security, or claims defense.
End Users (Customer’s users). If you are an End User interacting with a Customer’s agent, requests about your data should generally be directed to the Customer (the Controller). We may redirect requests accordingly.
15. Children
The Service is not intended for children under 13 (or under 16 where required by applicable law). We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, contact [email protected]
.
16. Changes to This Policy
We may update this Policy from time to time. We will post the updated Policy with a new Effective Date. Where required by law, we will provide additional notice. Your continued use of the Service after the update becomes effective constitutes acceptance of the updated Policy, to the extent permitted by law.
17. Contact Us
For privacy inquiries or requests: [email protected]
Effective Date: [2026]
Entity: UIRIX AI (“UIRIX”, “we”, “us”, “our”)
Privacy Contact: [email protected]
This Privacy Policy (“Policy”) describes how UIRIX collects, uses, discloses, and protects Personal Data in connection with our websites, applications, dashboards, APIs, and related services (collectively, the “Service”).
If you do not agree with this Policy, do not use the Service.
1. Definitions
“Personal Data” means information that identifies or can reasonably be used to identify an individual, directly or indirectly, as defined by applicable law.
“Customer” means the individual or legal entity that creates an account or uses the Service.
“End Users” means individuals who interact with a Customer’s AI agents or Customer’s deployments via the Service (e.g., callers, website visitors, chat participants).
“Customer Content” means any data, content, files, documents, transcripts, recordings (if enabled), chats, logs, URLs for scanning, configurations, prompts, and other information that Customer or its End Users submit to or process through the Service.
2. Roles: Controller vs. Processor (Key Allocation of Responsibility)
Depending on the context, UIRIX may act as either a Controller or a Processor:
Account, billing, and Service operations data. UIRIX generally acts as a Controller of Personal Data relating to account administration, billing, support, security, and operation of the Service.
Customer Content / End User data. Where Customer uses the Service to process End User data (e.g., calls, chats, transcripts, recordings, CRM data, uploaded knowledge), Customer is generally the Controller and UIRIX acts as a Processor (or “service provider”/equivalent role) processing such data on Customer’s instructions to provide the Service.
Customer is solely responsible for: (a) determining the lawful basis for processing End User data; (b) providing all required notices; (c) obtaining any required consents (including for call recording/transcription where applicable); and (d) complying with laws applicable to Customer’s business (including marketing/telecommunications rules, and data protection laws). UIRIX is not responsible for Customer’s compliance obligations toward End Users.
3. Personal Data We Collect
We collect Personal Data from several sources:
3.1 Data you provide directly
Account data: name, email address, phone number, company/organization details (if provided), and authentication data (e.g., SSO identifiers).
Support and communications: messages you send us, support tickets, and files you choose to share for troubleshooting.
Customer Content: content you upload or process through the Service, such as documents, knowledge sources, agent configurations, prompts, URLs submitted for scanning, and related materials.
3.2 Data collected automatically
Usage and device data: log data (timestamps, actions taken in the Service), IP address, browser/device characteristics, approximate location derived from IP, diagnostics, crash reports, and security events.
Agent interaction data (if enabled by Customer): metadata about calls/chats (time, duration, status, channel), and interaction content (e.g., chat messages, call transcripts, and recordings if enabled).
3.3 Payment and billing data
Payments are typically handled by third-party payment processors. We may receive limited billing-related information (e.g., billing contact details, invoice details, payment status, transaction identifiers). We generally do not store full payment card details.
4. How We Use Personal Data
We use Personal Data only as necessary to operate and improve the Service, including to:
Provide and maintain the Service (account creation, authentication, agent deployment, knowledge management, integrations, and service delivery).
Security, fraud prevention, and abuse detection (monitoring, risk analysis, access control, and investigating suspicious activity).
Support and troubleshooting (responding to inquiries, diagnosing issues, and providing customer support).
Billing and subscription management (invoicing, payment status, account administration).
Service improvement and analytics (performance optimization, reliability, capacity planning, feature development).
Compliance and enforcement (meeting legal obligations, enforcing our Terms of Service, protecting our rights and users, and managing disputes).
We do not guarantee that our systems will detect or prevent all misuse or security incidents.
5. Aggregated / De-identified Data
We may create and use aggregated, statistical, and/or de-identified data derived from the Service (including usage patterns and performance metrics) for purposes such as analytics, product improvement, security, benchmarking, capacity planning, and business reporting. To the extent permitted by law, UIRIX may use such aggregated or de-identified data without restriction, and such data is not intended to identify any individual.
6. Monitoring & Abuse Prevention
To protect the Service, our users, and our business, we may monitor, log, analyze, and review Service activity (including system logs and operational telemetry) to:
detect and prevent fraud, spam, malicious activity, and policy violations;
enforce our Terms of Service and security controls;
maintain service integrity and reliability.
We may take actions we deem appropriate, including limiting functionality, requiring additional verification, suspending access, or terminating accounts, subject to applicable law.
7. Cookies and Similar Technologies
We may use cookies and similar technologies (e.g., local storage, pixels) to:
enable essential functionality (authentication, security, preferences);
analyze performance and usage;
support marketing (where enabled and permitted by law).
You can control cookies through browser settings and, if available, through cookie preference tools on our site. Blocking certain cookies may impair functionality.
8. Legal Bases for Processing (Where Applicable)
Where required by law (e.g., in certain jurisdictions), we rely on one or more of the following legal bases:
Contractual necessity (to provide the Service you requested);
Legitimate interests (security, fraud prevention, service improvement, business operations);
Legal obligation (tax, accounting, compliance, lawful requests);
Consent (where required, e.g., certain cookies or specific processing activities).
9. How We Share Personal Data
We share Personal Data only as necessary and as described below:
9.1 Service providers / sub-processors
We may share data with vendors who help us operate the Service (e.g., cloud hosting, storage, monitoring, analytics, communications, telephony, transcription/voice providers, AI model providers, and customer support tooling). They are authorized to process data only as needed to provide services to us and are subject to contractual protections where required.
9.2 Customer-directed integrations
If Customer enables third-party integrations (e.g., CRM, calendar, marketing tools), we may transmit data to those third parties as instructed by Customer. Customer’s use of third-party services is governed by the third party’s terms and policies. UIRIX is not responsible for third-party services not under our control.
9.3 Legal, compliance, and protection
We may disclose information if we believe in good faith that disclosure is necessary to:
comply with applicable law, regulation, legal process, or governmental request;
enforce our Terms of Service and agreements;
protect the rights, safety, and security of UIRIX, Customers, End Users, or the public;
detect, prevent, or address fraud, abuse, or security incidents.
We may not be able to provide advance notice of disclosure when legally prohibited or where doing so could compromise security or investigations.
9.4 Corporate transactions
We may disclose information in connection with a merger, acquisition, restructuring, financing, or sale of all or a portion of our business or assets, subject to reasonable safeguards.
No sale of Personal Data. We do not sell Personal Data in the ordinary sense of “selling” personal information for monetary consideration. If a jurisdiction defines “sale” or “sharing” differently, we will comply as required.
10. International Data Transfers
Your data may be stored or processed in countries other than your own, depending on our operations and vendors. Where required, we will use appropriate safeguards for international transfers (e.g., contractual protections), consistent with applicable law.
11. Security
We implement reasonable technical and organizational measures designed to protect Personal Data (such as access controls, monitoring, encryption in transit, and operational security practices). However:
no system is perfectly secure;
we cannot guarantee absolute security; and
we are not responsible for security incidents resulting from Customer configuration, weak credentials, Customer systems, or third-party services not under our control.
12. Data Retention and Deletion
Retention Period. All data stored in the Service is retained for twelve (12) months from the date it is created, uploaded, received, or last updated (as applicable).
Automatic Deletion. After the retention period, the data will be automatically deleted.
Backups. Residual copies may remain in backups for a limited period as part of routine backup and disaster recovery processes and will be overwritten or deleted according to normal cycles.
Legal/claims retention. We may retain certain data for longer where required by law or to establish, exercise, or defend legal claims, or to address security/fraud issues.
13. Sensitive Data — Prohibited/Restricted
Unless expressly agreed in writing by UIRIX and Customer (and appropriate safeguards are implemented), Customer must not upload, submit, or process through the Service:
protected health/medical information subject to specialized regimes (e.g., HIPAA or equivalent);
full payment card details, CVV codes, bank credentials, passwords in plaintext, or other highly sensitive authentication secrets;
biometric identifiers, precise government ID numbers (unless legally required and properly safeguarded), or sensitive data about minors;
any other data categorized as “sensitive” under applicable law requiring heightened protections without ensuring such protections.
Customer is solely responsible for determining whether data is sensitive and for lawful processing. UIRIX disclaims liability arising from Customer’s processing of sensitive data in violation of this section.
14. Your Rights and Requests
Depending on your jurisdiction, you may have rights regarding your Personal Data (e.g., access, correction, deletion, restriction, objection, portability, and withdrawal of consent).
How to exercise rights. Contact [email protected]
. We may require identity verification.
Limitations. To the extent permitted by law, we may deny or limit requests where: (a) we cannot verify identity; (b) requests are excessive, repetitive, or manifestly unfounded; (c) compliance would violate law; or (d) we must retain information for legal compliance, security, or claims defense.
End Users (Customer’s users). If you are an End User interacting with a Customer’s agent, requests about your data should generally be directed to the Customer (the Controller). We may redirect requests accordingly.
15. Children
The Service is not intended for children under 13 (or under 16 where required by applicable law). We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, contact [email protected]
.
16. Changes to This Policy
We may update this Policy from time to time. We will post the updated Policy with a new Effective Date. Where required by law, we will provide additional notice. Your continued use of the Service after the update becomes effective constitutes acceptance of the updated Policy, to the extent permitted by law.
17. Contact Us
For privacy inquiries or requests: [email protected]