개인정보처리방침

1. Information We Collect

We collect information that you provide directly to us, information collected automatically when you use our Service, and information received from third-party integrations you authorize.

Information You Provide

• Account registration information (name, email address, company name, password)
• Contact form submissions (name, email, company, message content)
• Beta application data (company name, industry, ERP system, team size)
• Payment and billing information processed through our third-party payment processor
• Communications you send to us (support requests, feedback, correspondence)
• Business data you connect to our platform through integrations
• AI Employee configuration data, including roles, authority limits, instructions, and workflow definitions
• OAuth authorization tokens when you connect third-party services (we do not store your third-party login credentials)

Information from Third-Party Integrations

When you authorize connections to third-party services, we may receive and process data from those services, including:

• Google (Calendar, Gmail): Calendar events, availability data, email content, contact information, and email metadata
• Microsoft (Outlook, Teams): Calendar events, email content, contact information, and messaging data
• Calendly: Event types, availability windows, booking details, and scheduling preferences
• Acuity Scheduling: Appointment details, client information, intake form responses, and service types
• QuickBooks (Intuit): Invoices, customer records, vendor records, inventory data, and financial transaction information
• Shopify: Order data, product information, customer records, and inventory levels
• Slack: Messages in designated channels, direct messages, user profiles, and workspace information
• Telegram: Messages, chat data, and user identifiers from connected Telegram channels

Information Collected Automatically

• Device and browser information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent, click patterns)
• Log data (access times, referring URLs, error logs)
• Cookies and similar tracking technologies (see Cookie Policy below)
• AI Employee interaction data, including prompts, instructions, AI-generated outputs, task execution logs, and communication records

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your account registration and manage your subscription
• Process your data through artificial intelligence models to power AI Employee actions, including reading, interpreting, and generating communications, creating business documents, and executing tasks within your connected systems
• Synchronize data between the Service and your connected third-party platforms (e.g., creating invoices in QuickBooks, booking appointments in Google Calendar, sending messages via Slack or Telegram)
• Respond to your inquiries, support requests, and contact form submissions
• Send you technical notices, updates, security alerts, and administrative messages
• Communicate with you about products, services, and events (with your consent)
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Personalize and improve your experience with the Service
• Comply with legal obligations and enforce our terms and policies

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on one or more of the following legal bases:

• Contract Performance: Processing necessary to provide the Service you have requested
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and Service improvement, where those interests are not overridden by your rights
• Consent: Processing based on your explicit consent, such as marketing communications
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

3. AI Data Processing and Automated Decision-Making

How AI Employees Process Your Data

AI Employees use large language models (LLMs) and other artificial intelligence technologies to read, interpret, and act on your business data. Your data is processed to generate communications, execute business tasks, make operational decisions within configured authority limits, and create or modify business documents and records in your connected systems.

Automated Decision-Making

AI Employees may make automated decisions that affect your business operations, including approving or processing transactions, sending communications, creating records, scheduling appointments, and escalating issues. All automated decisions operate within the authority limits and parameters configured by the account administrator. You have the right to:

• Request human review of any decision made by an AI Employee
• Restrict or disable automated decision-making at any time through your account settings
• Obtain meaningful information about the logic involved in automated decision-making

AI Output Accuracy

AI Employees are powered by artificial intelligence that may produce inaccurate, incomplete, or inappropriate outputs. AI-generated content — including emails, documents, calculations, and business recommendations — should be reviewed by a qualified human before being relied upon for material business decisions. ianai does not guarantee the accuracy, completeness, or fitness for purpose of any AI-generated output.

AI Model Sub-Processors

Your data may be processed by third-party AI model providers to generate AI Employee outputs. These providers are bound by data processing agreements and are contractually prohibited from using your data for their own model training or any purpose other than providing inference services to ianai.

4. Third-Party Integrations and Data Sharing

Third-Party Platform Integrations

When you connect third-party services to AI Employee, data flows between the Service and those platforms as necessary to perform the tasks you configure. Below is a summary of the primary integrations and the types of data shared:

• Google (Calendar, Gmail):AI Employees can read and write calendar events, read email content, and send emails on your behalf. Data shared includes calendar event details, email content, contact information, and availability data. ianai's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
• Microsoft (Outlook, Teams): AI Employees can manage calendar events, read and send emails, and participate in Teams conversations. Data shared includes calendar details, email content, contact information, and chat messages.
• Calendly: AI Employees can read your availability and create bookings. Data shared includes event types, availability windows, and booking details.
• Acuity Scheduling: AI Employees can manage appointments, intake forms, and reminders. Data shared includes appointment details, client information, and service types.
• QuickBooks (Intuit): AI Employees can read and write invoices, customer records, vendor records, inventory data, and financial transactions. Data shared includes financial records, business contact information, and transaction history.
• Shopify: AI Employees can access and manage order data, product information, and customer records.
• Slack: AI Employees can read and send messages in designated channels and direct messages.
• Telegram: AI Employees can receive and respond to messages through connected Telegram channels and bots.

Additional integrations may be added over time. We will update this Privacy Policy to reflect new integrations as they become available.

OAuth Authorization

Connecting a third-party service grants ianai permission to access specific data and perform specific actions in that service on your behalf, as defined by the scope of the OAuth authorization. You can revoke this access at any time through the Service's settings or through the third-party service's authorization management interface.

Other Data Sharing

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. This applies to all users, including California residents under the CCPA. We may share your information in the following circumstances:

• Service Providers: We share information with third-party vendors who perform services on our behalf, such as cloud hosting, AI model inference, analytics, payment processing, and customer support. These providers are bound by contractual obligations to keep your information confidential and to process it only as directed by us.
• AI Model Providers: Your data may be sent to third-party AI model providers to generate AI Employee responses. These providers process data solely for inference and are contractually prohibited from using your data for their own purposes, including model training.
• Business Transfers: If ianai is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Protection of Rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, or situations involving potential threats to the safety of any person.
• With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Encryption of OAuth tokens and API credentials at rest using industry-standard encryption
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Isolation of customer data in AI processing pipelines — your business data is not commingled with other customers' data during AI inference
• Audit logging of all AI Employee actions and data access events
• Employee training on data protection and security best practices
• Incident response procedures for potential data breaches

In the event of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by GDPR and applicable state laws.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: You have the right to request access to the personal information we hold about you.
• Correction: You have the right to request that we correct any inaccurate or incomplete personal information.
• Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions.
• Portability: You have the right to receive a copy of your personal information in a structured, machine-readable format.
• Objection: You have the right to object to the processing of your personal information for certain purposes, including direct marketing.
• Withdrawal of Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.
• Automated Decision-Making: You have the right to obtain meaningful information about the logic involved in automated decision-making by AI Employees, as well as the significance and envisaged consequences of such processing. You may request human review of any automated decision.
• Restrict AI Processing: You have the right to request that we limit or disable automated processing by AI Employees on your data.
• Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at support@ianai.co. You may also designate an authorized agent to submit requests on your behalf. We will acknowledge your request within 10 business days and fulfill verifiable requests within 45 days (CCPA) or 30 days (GDPR), with the possibility of a one-time extension with notice.

7. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

Categories of Personal Information We Collect

• Identifiers: Name, email address, IP address, account credentials
• Commercial Information: Billing records, subscription history, purchase history
• Internet/Electronic Activity: Browsing history, usage data, interaction with the Service
• Professional/Employment Information: Company name, job title, industry
• Inferences: Inferences drawn from AI Employee processing of your business data

Your CCPA/CPRA Rights

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of your sensitive personal information to that which is necessary to provide the Service.

To exercise your CCPA/CPRA rights, please contact us at support@ianai.co with the subject line "CCPA Request." We will not discriminate against you for exercising any of your rights.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under the age of 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at support@ianai.co.

9. Cookie Policy

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that are sent to your browser from a website and stored on your device.

Types of cookies we use:

• Essential Cookies: Required for the Service to function properly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website. We use Google Analytics (GA4) which sets cookies such as _ga and _ga_* to collect anonymized usage data. See Google's Privacy Policy for more information.
• Marketing Cookies: We use Meta Pixel (Facebook) for conversion tracking and analytics. See Meta's Privacy Policy for more information.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your language preferences.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Do Not Track Signals:Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals due to the absence of a uniform industry standard for interpreting them. We will update this policy if a standard is established.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account Data: Retained for the duration of your account plus 90 days after account termination to allow for data export
• AI Employee Activity Logs: Retained for up to 24 months for audit and compliance purposes
• Communication Records: Content of communications processed by AI Employees is retained for up to 12 months
• OAuth Tokens: Retained until you revoke the integration or terminate your account
• Analytics Data: Retained per the default retention settings of our analytics providers (Google Analytics, Meta Pixel)
• Backup Data: Retained for up to 30 days after deletion from primary systems

When we no longer need your personal information, we will securely delete or anonymize it. Your data is never used to train AI models.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there.

For users in the European Economic Area (EEA) and United Kingdom, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a legal mechanism for data transfers to the United States and other countries that have not received an adequacy decision. We also implement supplementary technical and organizational measures, including encryption and access controls, to ensure the protection of your data during transfer and processing.

Our sub-processors may process data in the United States and other jurisdictions. A list of our primary sub-processors and their locations is available upon request by contacting support@ianai.co.

12. AI Output Disclaimer

AI Employees may generate, send, or act upon data that is inaccurate, incomplete, or inconsistent with your intentions. ianai is not responsible for any consequences arising from AI Employee outputs, including but not limited to:

• Incorrect financial calculations or transactions
• Miscommunications sent to customers, vendors, or other parties
• Scheduling conflicts or missed appointments
• Incorrect data entries in connected third-party systems (QuickBooks, Google Calendar, Calendly, etc.)
• Unintended actions taken within connected third-party platforms

You acknowledge that AI technology is inherently probabilistic and that outputs may vary. You are responsible for establishing appropriate review and approval processes for all AI Employee activity. AI Employee outputs do not constitute legal, financial, tax, medical, or any other form of professional advice.

13. Third-Party Links and Services

The Service integrates with third-party platforms, each of which has its own privacy policy and terms of service. ianai is not responsible for the privacy practices, data handling, or security of third-party services. We encourage you to review the privacy policies of any third-party services you connect to the platform, including:

• Google Privacy Policy
• Microsoft Privacy Statement
• Intuit (QuickBooks) Privacy Statement
• Calendly Privacy Policy
• Acuity Scheduling (Squarespace) Privacy Policy
• Shopify Privacy Policy
• Slack Privacy Policy
• Telegram Privacy Policy

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes that affect how we process your data through AI Employees or share data with third-party integrations, we will provide at least 30 days' advance notice via email to the address associated with your account, in addition to posting the updated policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page, unless otherwise specified in the notice.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: support@ianai.co
• Through our contact page

For GDPR-related inquiries, you may also contact your local data protection authority. For CCPA requests, please email support@ianai.co with the subject line "CCPA Request."