Privacy Policy

Introduction

Borzai ("we," "us," or "our"), operated by GameReady Limited, provides an AI-powered assistant service for business communication through third-party platform integrations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, or applications.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy regulations.

Important Notice: Our services utilize artificial intelligence technology. By using our services, you acknowledge that you may be interacting with AI-powered systems that process and analyze communications to provide intelligent assistance.

1. Information We Collect

1.1 Information You Provide Directly

• Account registration data (name, email address, organization details)
• Payment information (processed by third-party payment processors)
• Communication preferences and settings
• Support requests and correspondence
• Feedback and survey responses

1.2 Information We Collect Automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, session duration)
• Cookies and similar tracking technologies
• API usage logs and performance metrics

1.3 Information from Third-Party Integrations

• Communication platform data (including Meta WhatsApp messages, contacts, media shared through our service)
• Business productivity platform data (including Google Workspace emails, calendar events, documents as authorized)
• Authentication data from single sign-on providers

1.4 AI Training and Analysis Data

We may process communication data to improve our AI models and provide better service. This includes analyzing message patterns, response effectiveness, and user interactions with our AI assistant.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: To provide our AI assistant services and fulfill our agreement with you
• Legitimate Interest: To improve our services, ensure security, and provide customer support
• Consent: For marketing communications and optional data processing activities
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest: To protect the safety and security of our users and services

3. How We Use Your Information

3.1 Service Delivery

• Providing AI-powered assistance through third-party business platforms and communication services
• Processing and routing communications
• Maintaining and improving service functionality
• Providing customer support and technical assistance

3.2 AI Processing and Improvement

• Training and improving our AI models (subject to your preferences)
• Analyzing communication patterns for service optimization
• Developing new AI features and capabilities
• Quality assurance and performance monitoring

3.3 Business Operations

• Processing payments and managing subscriptions
• Sending service-related notifications and updates
• Conducting research and analytics for business improvement
• Ensuring security and preventing fraud or abuse

3.4 Marketing and Communications (with consent)

• Sending promotional materials and product updates
• Personalizing marketing communications
• Conducting surveys and collecting feedback

4. Information Sharing and Disclosure

We do not sell personal information. We may share information in the following circumstances:

4.1 Service Providers and Partners

• AI model providers (OpenAI, Anthropic, Google AI, OpenRouter, and other major providers) for processing requests
• Cloud infrastructure providers for hosting and data storage
• Payment processors for billing and subscription management
• Communication platforms (Meta, Google, and other business platforms) for integration services
• Analytics and monitoring service providers

4.2 Legal Requirements

• To comply with applicable laws, regulations, or legal processes
• To respond to government requests or court orders
• To protect our rights, property, or safety, or that of others
• To prevent fraud, security breaches, or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the new entity, subject to appropriate privacy protections.

4.4 With Your Consent

We may share information for other purposes with your explicit consent or at your direction.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect information about how you use our services.

5.1 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality and security
• Performance Cookies: Help us understand how visitors interact with our website
• Functionality Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

5.2 Cookie Management

Most web browsers allow you to control cookies through their settings. You can choose to accept, reject, or delete cookies. However, disabling certain cookies may affect your ability to use some features of our services.

5.3 Third-Party Tracking

Our website may include third-party analytics tools (such as Google Analytics) and social media plugins that may track your online activities. These third parties have their own privacy policies governing their use of information.

6. International Data Transfers

As a global service, we may transfer personal information to countries outside your residence, including the United States and other jurisdictions where our service providers operate.

6.1 Transfer Safeguards

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for transfers to countries with adequate protection
• Binding corporate rules and other appropriate safeguards
• International Data Transfer Agreement (IDTA) for UK transfers

6.2 AI Model Processing

Data processed by AI model providers may be transferred internationally. We ensure all such transfers are subject to appropriate safeguards and that providers comply with applicable data protection requirements.

7. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations.

7.1 Retention Periods

• Account Data: Retained for the duration of your account plus 2 years
• Communication Data: Retained for 2 years from last activity for service continuity
• Payment Data: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you withdraw consent or 3 years of inactivity
• Support Records: Retained for 3 years for quality assurance
• Legal Hold Data: Retained as required by applicable law or pending legal matters

7.2 Data Deletion

Upon expiration of retention periods or upon your request (where legally permissible), we securely delete or anonymize personal information in accordance with our data deletion procedures.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 GDPR Rights (EU/UK Residents)

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of processing activities
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File complaints with data protection authorities

8.2 CCPA Rights (California Residents)

• Right to Know: Request information about personal information collected and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Equal service regardless of privacy choices

8.3 Exercising Your Rights

To exercise your privacy rights, contact us at privacy@borzai.com or through our support system. We will respond to verified requests within the timeframes required by applicable law (generally 30 days for GDPR requests and 45 days for CCPA requests).

8.4 Identity Verification

To protect your privacy, we may require verification of your identity before processing certain requests. This may involve confirming account ownership or providing additional identification.

9. Automated Decision-Making and AI Transparency

9.1 AI-Powered Features

Our services use artificial intelligence for automated communication processing, response generation, and service optimization. These AI systems may make automated decisions that affect your experience with our services.

9.2 Types of Automated Processing

• Message routing and prioritization
• Automated response suggestions and generation
• Content analysis for service improvement
• Fraud detection and security monitoring
• Personalization of service features

9.3 Your Rights Regarding Automated Decisions

Under GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. If you believe our automated processing significantly affects you, you may:

• Request human intervention in the decision-making process
• Express your point of view regarding the automated decision
• Contest the decision and request review

9.4 AI Model Training

We may use communication data to improve our AI models, but only in accordance with your preferences and applicable privacy laws. You can opt-out of AI training data usage by contacting us at privacy@borzai.com.

10. Data Security

We implement comprehensive security measures to protect your personal information:

10.1 Technical Safeguards

• Encryption of data in transit and at rest
• Multi-factor authentication and access controls
• Regular security audits and vulnerability assessments
• Secure development practices and code reviews
• Network security monitoring and intrusion detection

10.2 Organizational Safeguards

• Employee training on data protection and security
• Confidentiality agreements and access limitations
• Incident response procedures and breach notifications
• Vendor security assessments and agreements
• Regular policy reviews and updates

10.3 Data Breach Response

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify relevant supervisory authorities within 72 hours and affected individuals without undue delay, as required by applicable law.

11. Children's Privacy

Our services are not intended for children under the age of 16 (or the minimum age for digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@borzai.com so we can delete such information.

12. Business and Professional Use

12.1 B2B and B2C Services

Our services support both business-to-business (B2B) and business-to-consumer (B2C) use cases. When processing personal data on behalf of business customers, we act as a data processor, and our customers act as data controllers.

12.2 Employee Data Processing

When our business customers use our services to process their employees' or customers' data, those individuals' privacy rights are primarily governed by our customer's privacy practices. However, we maintain appropriate safeguards for all personal data we process.

12.3 Data Processing Agreements

For business customers processing personal data subject to GDPR or similar regulations, we provide Data Processing Agreements (DPAs) that outline our respective responsibilities and ensure compliance with applicable data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website and notify you of material changes through email or service notifications.

The "Last updated" date at the top of this policy indicates when the most recent changes were made. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us:

14.1 Supervisory Authority Contacts

EU Residents: You may lodge complaints with your local data protection authority or the lead supervisory authority in Ireland (Data Protection Commission).

UK Residents: Information Commissioner's Office (ICO) - https://ico.org.uk/

California Residents: California Attorney General's Office - https://oag.ca.gov/

15. Effective Date and Scope

This Privacy Policy is effective as of the "Last updated" date shown above and applies to all personal information processed by Borzai in connection with our services, regardless of how that information is collected or submitted.