Privacy Policy

Last updated: 12/31/2025

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

Table of Contents

1Introduction & Scope2Our Relationship with You3What Data We Collect4IP Address Collection & Usage5Minors' Data6Processing Purposes & Legal Basis7Data Sharing & Subprocessors8International Data Transfers9Data Retention Period10Refund & Data Deletion Policy11Security Measures12Your Rights13Changes to This Policy14Contact Us

1. Introduction & Scope

Welcome to our Privacy Policy. This document outlines how we handle your personal data when you use our AI-powered business intelligence platform.

This policy applies to all users of our services, including companies registering on our platform, their representatives, and any individuals interacting with our AI chatbots or services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Our Relationship with You

When you register a company on our platform, you act as a "Data Controller" for the information you provide about your business and customers. We act as a "Data Processor" for the data you entrust to us.

For your personal information (like your email and contact details), we act as a "Data Controller" and process this data to provide you with our services.

We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including GDPR, CCPA, and other regional regulations.

3. What Data We Collect

3.1 Company Registration Data

  • Business name, email address, and contact information
  • Company documents uploaded for AI processing
  • FAQs and business information for chatbot training
  • Payment and billing information
  • Chat logs and interactions with AI services

3.2 Automated Data Collection

  • IP Addresses: We collect your IP address when you access our services
  • Browser type, operating system, and device information
  • Usage patterns and service interaction data
  • Cookies and similar tracking technologies
  • Referral sources and marketing campaign data

3.3 Third-Party Data

  • Geolocation data from IP address lookup services
  • Payment processor information
  • Authentication provider data (if using social login)

4. IP Address Collection & Usage

New

We collect IP addresses to enhance security, prevent fraud, and provide location-based features for better service.

4.1 How We Use IP Addresses

  • Geolocation Services: To provide location-based features, such as suggesting your country code during company registration and profile setup.
  • Security and Fraud Prevention: To detect and prevent fraudulent activities, unauthorized access, security breaches, and to protect our platform and users.
  • Compliance Verification: To assist companies in validating user information for regulatory compliance and anti-fraud purposes.
  • Service Improvement: To analyze usage patterns, optimize performance, and improve our services based on geographic distribution.
  • Network Diagnostics: To troubleshoot technical issues, monitor service quality, and prevent abuse.

4.2 IP Address Processing

When you register a company on our platform, we use your IP address to:

  • Determine your approximate geographical location
  • Suggest an appropriate country code for your business registration
  • Cross-reference this information with other registration details for validation
  • Assist in regulatory compliance and verification processes

4.3 Third-Party IP Lookup Services

We may use reputable third-party services (such as ipapi.co) to convert IP addresses into geographical information. These services process IP addresses according to their own privacy policies. We only receive non-personally identifiable geographical data (country codes) from these services.

4.4 Data Protection & Your Rights

IP addresses may be considered personal data in many jurisdictions. We process them in accordance with applicable data protection laws:

  • GDPR: For EU users, we process IP addresses based on legitimate interests (security, fraud prevention) and contractual necessity
  • CCPA/CPRA: For California residents, we disclose IP collection and provide opt-out mechanisms where applicable
  • Other Jurisdictions: We comply with local data protection laws regarding IP address processing

5. Minors' Data

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information from our systems.

6. Processing Purposes & Legal Basis

PurposeLegal Basis
Service provision and account managementContractual necessity
IP address collection for security and geolocationLegitimate interests
AI model training and improvementLegitimate interests
Marketing communicationsConsent or legitimate interests
Legal compliance and fraud preventionLegal obligation

7. Data Sharing & Subprocessors

We may share your information with:

  • Service Providers: Cloud hosting, payment processors, email services
  • AI Infrastructure: Machine learning platforms and vector databases
  • IP Geolocation Services: Third-party services like ipapi.co for IP-to-location conversion
  • Legal Authorities: When required by law or to protect rights
  • Business Transfers: In connection with mergers or acquisitions

All third-party processors are bound by contractual obligations to protect your data.

8. Facebook Platform Data

When you connect your Facebook Page to our service, we may receive certain data from Meta Platforms, Inc. ("Facebook Data"):

  • Page Information: Page IDs, page names, and metadata
  • Message Content: Text from messages sent to your connected Facebook Page
  • User IDs: Anonymous user identifiers from Facebook Messenger
  • Message Metadata: Timestamps, message types, and conversation threads

Important: We do NOT receive or store:

  • • User profile names or photos
  • • User contact information
  • • User friend lists or personal data
  • • Any data beyond what is necessary for responding to inquiries

8.1 How We Use Facebook Data

  • Process incoming messages to generate AI responses
  • Send automated replies to user inquiries
  • Maintain conversation continuity within Messenger threads
  • Improve our AI response quality (anonymized data only)

8.2 Data Controller Relationship

For Facebook Data, our customers (businesses who connect their Facebook Pages) act as the Data Controller. We act as a Data Processor under their instructions. We process Facebook Data only to provide the contracted service of automated AI responses.

8.3 Data Retention

Facebook message content is retained for 90 days for service improvement and then automatically deleted. Message metadata (without content) may be retained for up to 1 year for analytics.

8.4 User Rights

Users can exercise their data rights through Facebook's privacy tools. We respond to data deletion requests within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions where applicable
  • Data protection agreements with all processors

9. Data Retention Period

We retain data only as long as necessary:

  • Account Data: While your account is active plus 30 days after deletion
  • IP Addresses: 90 days for security monitoring, longer if required for legal compliance
  • Financial Records: 7 years for tax and accounting purposes
  • Chat Logs: 12 months for service improvement
  • Backup Data: Up to 30 days after deletion

10. Refund & Data Deletion Policy

Upon account deletion or service termination, we will:

  • Delete your personal information within 30 days
  • Retain anonymized data for analytics
  • Keep financial records as required by law
  • Remove AI embeddings and trained models associated with your data

Refund requests are handled on a case-by-case basis according to our Terms of Service.

11. Security Measures

We implement robust security measures including:

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Network security and intrusion detection
  • Employee training on data protection

12. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (subject to legal requirements)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

To exercise these rights, please contact us using the information below.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by either:

  • Posting the updated policy on our website
  • Sending email notifications to registered users

Your continued use of our services after changes constitutes acceptance of the updated policy. You should keep checking this page for any updates.

14. Contact Us

For questions, concerns, or to exercise your data rights:

Data Protection Officer

Email: info@aigems.co.ke

Response Time: We aim to respond within 30 days

For EU residents: You have the right to lodge a complaint with your local data protection authority.

© 2025 AI Gems Limited. All rights reserved.

This Privacy Policy is effective as of 12/31/2025