Privacy Policy

1. Introduction and Scope

Aislon ("Company," "we," "us," or "our") operates an autonomous AI workforce platform that provides AI agents to perform tasks on behalf of users. This Privacy Policy ("Policy") describes how we collect, use, disclose, retain, and protect information when you use our platform, AI agents, website, APIs, and related services (collectively, the "Service").

This Policy applies to all users of the Service, including individual users, business users, and any third parties whose information may be processed by AI agents on behalf of our users.

By accessing or using the Service, you acknowledge and consent to the collection, use, and disclosure practices described in this Policy. If you do not agree, you must immediately discontinue use of the Service.

2. Definitions

• "Personal Information" means any information that identifies, relates to, describes, or could reasonably be linked to you or your household, including but not limited to name, email, IP address, device identifiers, and usage data.
• "Sensitive Personal Information" means Personal Information that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status, genetic or biometric data, precise geolocation, contents of communications, or financial account credentials.
• "User Content" means any data, documents, text, images, files, or information you provide to the Service, including data processed by AI agents on your behalf.
• "Third-Party Data" means personal information about your customers, employees, contacts, or other individuals that you provide to or process through the Service.
• "AI Agent Data" means data processed, generated, or accessed by AI agents while performing tasks on your behalf, including inputs, outputs, and interaction logs.
• "Usage Data" means information automatically collected about how you interact with the Service, including logs, analytics, performance metrics, and behavioral data.
• "Biometric Data" means data generated from voice patterns, facial features, or other physiological characteristics that may be processed by AI agents for voice calls, video analysis, or authentication purposes.

3. Information We Collect

We collect information from the following sources:

3.1 Information You Provide Directly

• Account Information: Name, email address, password, phone number, company name, job title, and billing information when you register for an account.
• Profile Information: Any additional information you add to your profile, preferences, or settings.
• Payment Information: Billing address and payment method details. Note: Full payment card numbers are processed by our PCI-compliant payment processors and are not stored on our servers.
• Communications: Messages you send to us, support requests, feedback, surveys, and correspondence.
• User Content: Documents, data, instructions, prompts, and files you provide to AI agents or upload to the Service.
• Testimonials and Reviews: If you provide testimonials, reviews, or feedback that we display publicly, we may collect and publish this information with your consent.

3.2 Information from Third-Party Integrations

• Connected Services: When you connect third-party services (email, social media, CRM, etc.), we access data from those services as authorized by you to enable AI agent functionality.
• OAuth/API Credentials: Access tokens and credentials you provide to enable integrations.
• Third-Party Data: Information about your contacts, customers, or other individuals accessed through connected services.

3.3 Information Collected Automatically

• Device Information: IP address, browser type and version, operating system, device identifiers, hardware model, and mobile network information.
• Usage Data: Pages visited, features used, actions taken, time spent, click patterns, scroll depth, and navigation paths.
• AI Agent Logs: Inputs provided to AI agents, outputs generated, actions taken, errors encountered, and performance metrics.
• Log Data: Server logs, error reports, timestamps, referring URLs, and system activity.
• Cookies and Tracking: Information collected through cookies, pixels, beacons, and similar technologies (see Section 14).
• Cross-Device Data: We may link your activity across multiple devices using device identifiers, login information, or probabilistic matching to provide a seamless experience.
• Session Recordings: We may record user sessions, including mouse movements, clicks, scrolls, and keystrokes (excluding sensitive fields) for analytics and quality improvement.

3.4 Voice and Call Data

• Voice Recordings: When you use AI voice agents (such as Clide), phone calls may be recorded for quality assurance, training, and service delivery purposes.
• Voice Biometrics: Voice patterns may be analyzed for authentication, transcription, and AI processing.
• Call Metadata: Phone numbers, call duration, timestamps, and call disposition data.
• Transcriptions: Audio may be transcribed to text for processing and logging.

3.5 Information from Third Parties

• Authentication Providers: Information from social login or SSO providers you use to access the Service.
• Business Partners: Information from partners, resellers, or referrers.
• Public Sources: Publicly available information for fraud prevention and identity verification.
• Analytics Providers: Aggregated insights about user behavior and demographics.

4. Sensitive Personal Information

We may process Sensitive Personal Information in the following contexts:

• Biometric Data: Voice patterns processed by AI voice agents for authentication and call handling.
• Precise Geolocation: If you enable location services, we may collect precise location data.
• Communications Content: Contents of emails, messages, and documents processed by AI agents.
• Financial Information: Financial data processed by AI agents performing finance-related tasks.
• Health Information: If you use AI agents to process health-related data (e.g., customer support for healthcare businesses).

BY USING THE SERVICE, YOU EXPLICITLY CONSENT TO THE PROCESSING OF SENSITIVE PERSONAL INFORMATION AS DESCRIBED HEREIN. IF YOU DO NOT CONSENT, DO NOT PROVIDE SUCH INFORMATION TO THE SERVICE.

To limit the use of Sensitive Personal Information, contact us at [email protected].

5. How We Use Your Information

We use collected information for the following purposes:

5.1 Service Delivery

• Providing, operating, and maintaining the Service
• Enabling AI agents to perform tasks on your behalf
• Processing transactions and managing subscriptions
• Providing customer support and responding to inquiries
• Personalizing your experience and settings

5.2 Service Improvement and Development

• Analyzing usage patterns to improve features and functionality
• Training and improving AI models and algorithms
• Developing new products, features, and services
• Conducting research and analytics
• Testing and quality assurance

5.3 Security and Compliance

• Protecting against fraud, abuse, and security threats
• Enforcing our Terms of Service and policies
• Complying with legal obligations and regulatory requirements
• Responding to law enforcement and government requests
• Conducting audits and maintaining records

5.4 Communications

• Sending service-related notices, updates, and security alerts
• Sending billing and account information
• Sending promotional communications (with your consent or as permitted by law)
• Conducting surveys and collecting feedback

5.5 AI Model Training

We may use anonymized and aggregated data, including AI agent interaction patterns, to train, improve, and develop our AI models. By using the Service, you grant us a perpetual, worldwide, royalty-free license to use such anonymized data for machine learning and AI development purposes. To request exclusion from AI training, contact us at [email protected]. Such exclusion may limit certain Service features.

6. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service under our agreement with you.
• Legitimate Interests: Processing for our legitimate business interests, including fraud prevention, security, service improvement, and marketing, where these interests are not overridden by your rights.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.
• Consent: Processing based on your explicit consent, which you may withdraw at any time.
• Vital Interests: Processing necessary to protect someone's life.

7. Automated Decision-Making and Profiling

AI agents perform automated processing of your data, which may include profiling and automated decision-making. This includes:

• Task Automation: AI agents autonomously decide how to perform tasks based on your instructions and data.
• Content Generation: AI agents generate content, responses, and recommendations automatically.
• Prioritization: AI agents may prioritize, categorize, or filter information automatically.
• Risk Assessment: We may use automated processing for fraud detection and security purposes.

UNDER GDPR ARTICLE 22, YOU HAVE THE RIGHT NOT TO BE SUBJECT TO DECISIONS BASED SOLELY ON AUTOMATED PROCESSING THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS. HOWEVER, AI AGENT ACTIONS ARE TAKEN ON YOUR BEHALF BASED ON YOUR CONFIGURATION AND INSTRUCTIONS. YOU MAINTAIN CONTROL AND RESPONSIBILITY FOR AI AGENT DECISIONS. TO REQUEST HUMAN REVIEW OF SPECIFIC DECISIONS, CONTACT US.

8. Data Sharing and Disclosure

We may share your information in the following circumstances:

8.1 Service Providers and Subprocessors

We share data with third-party vendors, contractors, and service providers who perform services on our behalf, including cloud hosting, payment processing, analytics, customer support, email delivery, and AI infrastructure. These providers are bound by contractual obligations to use data only for specified purposes.

Our key subprocessors include (but are not limited to): cloud infrastructure providers (AWS, GCP, Azure), AI model providers (including but not limited to OpenAI, Anthropic, Google), payment processors (Stripe, Polar), analytics services, and communication platforms. A full list of subprocessors is available upon request.

8.2 Third-Party AI Providers

DATA PROCESSED BY AI AGENTS MAY BE SENT TO THIRD-PARTY AI MODEL PROVIDERS SUCH AS OPENAI, ANTHROPIC, GOOGLE, AND OTHERS. THESE PROVIDERS HAVE THEIR OWN TERMS AND PRIVACY PRACTICES. BY USING THE SERVICE, YOU CONSENT TO DATA BEING PROCESSED BY SUCH PROVIDERS. AISLON IS NOT LIABLE FOR THE DATA PRACTICES OF THIRD-PARTY AI PROVIDERS.

8.3 Third-Party Integrations

When you connect third-party services, data flows between Aislon and those services as necessary to enable AI agent functionality. We are not responsible for the privacy practices of connected third-party services.

8.4 Legal Requirements

We may disclose information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Respond to subpoenas, court orders, or other legal process
• Protect the rights, property, or safety of Aislon, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Service or other agreements

8.5 Business Transfers

In connection with any merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you of any change in ownership or uses of your information.

8.6 With Your Consent

We may share information with third parties when you explicitly consent to or direct such sharing.

8.7 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including research, analytics, benchmarking, and marketing. This data is not subject to the restrictions in this Policy.

9. AI Agent Data Processing (READ CAREFULLY)

AI agents process data to perform tasks on your behalf. You acknowledge and agree to the following:

• Data Access: AI agents may access, read, process, and act upon data from your connected services, including emails, messages, documents, contacts, and other information.
• Data Processing: Inputs you provide and outputs generated are processed through our AI systems. This data may be temporarily stored for processing, caching, and performance optimization.
• Logging: AI agent interactions, including inputs, outputs, and actions taken, are logged for debugging, quality assurance, abuse prevention, and service improvement.
• Third-Party AI: We use third-party AI models and infrastructure to power AI agents. Data processed may be sent to these providers and is subject to their terms and practices.
• No Guarantee of Privacy: While we implement security measures, you acknowledge that AI agent processing inherently involves data exposure to our systems and third-party AI providers.
• Voice Processing: AI voice agents (e.g., Clide) record, transcribe, and analyze voice data for call handling and quality purposes.
• Your Responsibility: You are solely responsible for ensuring you have appropriate consent and legal basis to provide data about third parties (your customers, employees, contacts) to AI agents.

10. International Data Transfers

Aislon operates globally and may transfer your information to countries outside your country of residence, including the United States, for processing and storage.

• US Processing: Your data will be processed in the United States, which may have different data protection laws than your jurisdiction.
• Transfer Mechanisms: For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.
• Consent: By using the Service, you explicitly consent to the transfer of your information to the United States and other countries where we operate.
• Government Access: Information transferred to the US may be subject to access by US government authorities under applicable laws.
• Third-Party AI Locations: Third-party AI providers may process data in various countries. We cannot guarantee the location of such processing.

11. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Retention Schedule

After account termination, we may retain your data for up to 90 days for operational purposes, plus additional retention as required for legal compliance or legitimate business needs.

12. Data Security

We implement technical, administrative, and physical security measures designed to protect your information:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and multi-factor authentication
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response procedures
• SOC 2 Type II compliance (in progress)

HOWEVER, NO SECURITY MEASURES ARE PERFECT OR IMPENETRABLE. WE CANNOT AND DO NOT GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, VIEWED, DISCLOSED, ALTERED, OR DESTROYED AS A RESULT OF A BREACH OF ANY OF OUR SAFEGUARDS. YOU PROVIDE INFORMATION AT YOUR OWN RISK.

13. Data Breach Notification

In the event of a security breach affecting your personal information:

• We will notify affected users as required by applicable law (typically within 72 hours for EU residents)
• We will notify relevant regulatory authorities as required
• We will take steps to mitigate harm and prevent future breaches
• Notification may be delayed if law enforcement requests or if notification would impede investigation

AISLON SHALL NOT BE LIABLE FOR DAMAGES ARISING FROM DATA BREACHES EXCEPT AS REQUIRED BY APPLICABLE LAW. WE ARE NOT RESPONSIBLE FOR BREACHES AT THIRD-PARTY PROVIDERS, INCLUDING AI MODEL PROVIDERS.

14. Cookies and Tracking Technologies

We use cookies, pixels, beacons, and similar technologies to collect information and improve the Service:

• Essential Cookies: Required for the Service to function, including authentication and security cookies.
• Analytics Cookies: Help us understand how users interact with the Service, identify trends, and improve functionality.
• Preference Cookies: Remember your settings and preferences.
• Marketing Cookies: Track your activity across sites to deliver targeted advertising (with your consent where required).

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect functionality of the Service.

We honor Do Not Track signals where required by law. However, we may still collect data necessary for the Service to function.

15. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

15.1 General Rights

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-Out: Opt out of marketing communications
• Opt-Out of AI Training: Request that your data not be used for AI model training

15.2 Exercising Your Rights

To exercise your rights, contact us at [email protected]. We may require verification of your identity before processing requests. We will respond within the timeframes required by applicable law (typically 45 days, with possible extensions).

15.3 Limitations

Your rights may be limited by applicable law or our legitimate interests. We may decline requests that are unreasonable, repetitive, require disproportionate effort, jeopardize others' privacy, are impractical, or for which access is not otherwise required. Deletion requests may not be honored if we need to retain data for legal, security, or legitimate business purposes.

16. Third-Party Links and Services

The Service may contain links to third-party websites, services, or integrations. We are not responsible for the privacy practices, content, or security of third-party services. This Policy applies only to information collected through our Service. We encourage you to review the privacy policies of any third-party services you access.

17. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately.

18. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.
• Right to Limit: Limit the use and disclosure of sensitive personal information.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information: Identifiers, Commercial Information, Internet/Electronic Activity, Geolocation Data, Audio/Visual Information, Professional Information, Sensitive Personal Information, and Inferences.

Sale and Sharing of Information

We do not "sell" personal information in the traditional sense for monetary consideration. However, certain data sharing for targeted advertising purposes may constitute a "sale" or "share" under California law. You may opt out by contacting us at [email protected].

Financial Incentives

We may offer financial incentives (such as discounts or loyalty programs) in exchange for personal information. Participation is voluntary and you may withdraw at any time without penalty.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

19. Other US State Privacy Rights

Virginia (VCDPA)

Virginia residents have rights to access, correct, delete, and obtain a portable copy of their data, and to opt out of targeted advertising, profiling, and sale of personal data.

Colorado (CPA)

Colorado residents have similar rights to Virginia residents, including the right to opt out of targeted advertising and data sales.

Connecticut (CTDPA)

Connecticut residents have rights to access, correct, delete, and obtain a portable copy of their data.

Utah (UCPA)

Utah residents have rights to access, delete, and obtain a portable copy of their data.

Nevada

Nevada residents may opt out of the sale of personal information by contacting us at [email protected].

To exercise rights under any of these laws, contact us at [email protected].

20. European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and related laws:

• Right of Access: Obtain confirmation of processing and access to your data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data in certain circumstances.
• Right to Restriction: Request restriction of processing in certain circumstances.
• Right to Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right Not to be Subject to Automated Decisions: See Section 7 on Automated Decision-Making.
• Right to Lodge Complaint: Lodge a complaint with your local supervisory authority.

To exercise these rights, contact our Data Protection Officer at [email protected].

21. Other Jurisdiction Rights

If you are located in other jurisdictions with privacy laws, you may have similar rights:

• Brazil (LGPD): Rights to access, correction, deletion, and data portability.
• Canada (PIPEDA): Rights to access and correct personal information.
• Australia: Rights under the Privacy Act 1988.
• Japan (APPI): Rights to access and correct personal information.

Contact us at [email protected] to exercise your rights under applicable local laws.

22. Data Processing Agreement (Business Customers)

If you are a business customer processing personal data through the Service, you may require a Data Processing Agreement (DPA) to comply with GDPR or other data protection laws.

• Our standard DPA is available upon request
• Enterprise customers may negotiate custom DPA terms
• The DPA supplements this Privacy Policy for business data processing

To request a DPA, contact [email protected].

23. Government and Enterprise Customers

For government and enterprise customers with specific data handling requirements:

• Data Localization: We may offer data residency options for customers with data localization requirements.
• Air-Gapped Deployments: Self-hosted and air-gapped deployments are available for sensitive environments.
• Compliance Certifications: We support compliance with FedRAMP, FISMA, NIST 800-53, and other frameworks.
• Custom Terms: Government contracts may be governed by separate agreements.

Contact [email protected] for government inquiries.

24. Do Not Track Signals

Some browsers transmit "Do Not Track" signals. Our response to these signals varies based on applicable law. Where not legally required, we may not alter our data collection and use practices in response to DNT signals. However, you can manage your preferences through cookie settings or by contacting us directly.

25. Your Responsibility for Third-Party Data

If you provide data about other individuals (your customers, employees, contacts) to the Service, you represent and warrant that:

• You have the legal authority and all necessary consents to provide such data to us
• You have provided appropriate privacy notices to those individuals
• Your use of the Service to process such data complies with all applicable privacy laws
• You have disclosed that AI agents and third-party AI providers will process their data
• You will indemnify Aislon for any claims arising from your failure to obtain proper consent

We act as a data processor on your behalf when processing Third-Party Data. You remain the data controller and are responsible for compliance with applicable data protection laws.

26. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Policy with a new "Last Updated" date
• Sending email notice to your registered email address
• Displaying a prominent notice within the Service

Your continued use of the Service after the effective date of any updated Policy constitutes your acceptance of the revised terms. If you do not agree to the updated Policy, you must discontinue use of the Service.

27. Data Protection Officer

For privacy-related inquiries or to exercise your rights, you may contact our Data Protection Officer:

Email: [email protected]

28. Contact Us

For questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries: [email protected]
Data Protection Officer: [email protected]
Legal Department: [email protected]
Government Inquiries: [email protected]

California residents may also contact the California Attorney General's office. EU residents may lodge complaints with their local supervisory authority.