Custraxx

Custraxx Privacy Policy

Last Updated: August 07, 2024

1. Introduction

Custraxx ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and protect your information when you use our AI-powered customer support platform, including our chatbot services, knowledge base management, ticketing system, and planned voice and social media integrations.

By using Custraxx services, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Chat and Conversation Data

  • Chat Messages: All text-based conversations between users and our chatbot
  • Conversation Metadata: Timestamps, session duration, user agent information, IP addresses (anonymized), and conversation summaries
  • User Feedback: Thumbs up/down ratings and any additional feedback provided on chatbot responses

2.2 Technical and Usage Data

  • Device Information: Browser type, operating system, device identifiers
  • Usage Analytics: Pages visited, features used, click patterns, and interaction data
  • Performance Data: Response times, error logs, and system performance metrics
  • Integration Data: Data from embedded widgets and shareable chat links

2.3 Knowledge Base Content

  • Website Content: HTML content, text extracts, and metadata from crawled websites
  • Document Content: Text and metadata from uploaded documents (PDFs, manual entries)
  • Source Attribution: URLs, document titles, and reference information for knowledge citations

2.4 Organization and User Account Data

  • Account Information: Names, email addresses, organization details, and role assignments
  • Authentication Data: Login credentials, session tokens, and access permissions
  • Billing Information: Payment details, subscription data, and usage billing records

3. How We Use Your Information

3.1 Core Platform Operations

  • Chatbot Response Generation: Processing queries to provide accurate, contextual answers
  • Knowledge Base Management: Organizing, updating, and retrieving information for system training
  • Conversation Analysis: Extracting Q&A pairs for continuous learning and improvement
  • Citation and Grounding: Linking chatbot responses to source documents to prevent misinformation

3.2 Customer Support and Ticketing

  • Ticket Management: Creating, assigning, and tracking support requests
  • Human Agent Escalation: Seamlessly transferring conversations to human support staff
  • Performance Monitoring: Analyzing ticket resolution times and support quality
  • Training and Quality Assurance: Improving support processes and agent performance

3.3 Analytics and Reporting

  • Usage Statistics: Generating reports on chat volume, user satisfaction, and system performance
  • Conversation Insights: Analyzing conversation patterns, topics, and user behavior
  • Business Intelligence: Providing actionable insights for customer service optimization
  • Predictive Analytics: Identifying trends and potential issues before they escalate

3.4 Platform Improvement

  • System Training: Enhancing chatbot capabilities through conversation analysis and feedback
  • Feature Development: Using usage data to guide new feature development
  • Bug Detection: Identifying and resolving technical issues and performance problems
  • Security Enhancement: Monitoring for security threats and improving platform protection

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

Custraxx does not sell, rent, or trade personal information to third parties for commercial purposes.

4.2 Authorized Sharing

We may share information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in platform operations (cloud storage, analytics, payment processing)
  • Legal Requirements: When required by law, court order, or government regulation
  • Safety and Security: To protect users, prevent fraud, or address security incidents
  • Business Transfers: In connection with mergers, acquisitions, or asset transfers (with user notification)
  • With Consent: When you explicitly authorize information sharing

4.3 Technology Partners

  • Third-Party Services: For specialized features like language processing and analytics
  • Analytics Providers: For usage analytics and performance monitoring (with data anonymization)
  • Cloud Infrastructure: Secure hosting and data processing services

5. Data Storage and Security

5.1 Storage Infrastructure

  • Real-Time Data: Stored in Firestore for instant message delivery and live chat functionality
  • Persistent Data: Archived in MongoDB for long-term storage and historical analysis
  • Geographic Location: Data stored in secure, enterprise-grade data centers with geographic redundancy
  • Backup Systems: Regular automated backups with point-in-time recovery capabilities

5.2 Security Measures

  • Encryption: All data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication requirements
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Audits: Security assessments, vulnerability testing, and compliance reviews
  • Data Minimization: Collection limited to necessary information with automatic purging of outdated data

5.3 Data Retention

  • Chat History: Retained for up to 3 years for training and improvement purposes
  • Knowledge Base Content: Retained as long as actively used, with option for manual deletion
  • Account Data: Maintained during active subscription, deleted within 90 days of account closure
  • Analytics Data: Aggregated data retained indefinitely, personal identifiers removed after 2 years

6. Your Rights and Controls

6.1 Data Access and Portability

  • View Your Data: Access your conversation history, feedback, and account information
  • Data Export: Download your data in standard formats (JSON, CSV)
  • Conversation Transcripts: Access full transcripts of your interactions with AI agents

6.2 Data Correction and Deletion

  • Update Information: Modify account details, preferences, and organization settings
  • Delete Conversations: Remove specific chat sessions or conversation history
  • Account Deletion: Request complete removal of your account and associated data
  • Right to be Forgotten: Request deletion of personal information subject to legal requirements

6.3 Privacy Preferences

  • Feedback Opt-Out: Choose not to provide thumbs up/down feedback
  • Analytics Opt-Out: Limit collection of usage analytics and behavioral data
  • Communication Preferences: Control email notifications and platform updates

6.4 Data Processing Controls

  • System Training Opt-Out: Request that your conversations not be used for system training
  • Citation Preferences: Control how your information appears in chatbot response citations
  • Escalation Settings: Configure when conversations should be transferred to human agents

7. Cookies and Tracking Technologies

7.1 Cookie Usage

  • Essential Cookies: Required for platform functionality, authentication, and security
  • Analytics Cookies: Used to understand usage patterns and improve user experience
  • Preference Cookies: Store user settings and customization options
  • Performance Cookies: Monitor system performance and identify technical issues

7.2 Third-Party Tracking

  • Analytics Services: Third-party analytics services for usage insights
  • Service Integrations: May use cookies from integrated third-party services when features are enabled

7.3 Managing Cookies

  • Browser Controls: Configure cookie settings through your web browser
  • Opt-Out Tools: Use platform-specific opt-out mechanisms where available
  • Cookie Policy: Detailed information available in our separate Cookie Policy

8. International Data Transfers

8.1 Cross-Border Processing

  • Global Infrastructure: Data may be processed in multiple countries for performance and redundancy
  • Adequacy Decisions: Transfers to countries with adequate data protection standards
  • Standard Contractual Clauses: Legal frameworks for transfers to other jurisdictions
  • Data Localization: Options for region-specific data storage where legally required

8.2 Regional Compliance

  • GDPR Compliance: Full compliance with European data protection regulations
  • CCPA Compliance: California Consumer Privacy Act protections for applicable users
  • PIPEDA Compliance: Canadian privacy law compliance for Canadian users
  • Local Regulations: Adherence to applicable privacy laws in all operating jurisdictions

9. Special Data Categories

9.1 Business and Commercial Data

  • Customer Support Content: May contain sensitive business information requiring special handling
  • Knowledge Base Materials: Proprietary content subject to additional confidentiality protections
  • Integration Data: Information from business systems and third-party platforms

9.2 Children's Privacy

  • Age Restrictions: Platform not intended for users under 13 (or applicable local age limit)
  • Parental Consent: Required for users under 18 in jurisdictions where applicable
  • Special Protections: Enhanced privacy controls for any interactions involving minors

10. Data Breach Response

10.1 Incident Management

  • Detection Systems: 24/7 monitoring for security incidents and data breaches
  • Response Team: Dedicated security team for rapid incident response
  • Assessment Process: Immediate evaluation of breach scope, impact, and risk
  • Containment Measures: Swift action to prevent further unauthorized access

10.2 Notification Procedures

  • Regulatory Reporting: Timely notification to relevant authorities as required by law
  • User Notification: Direct communication to affected users within 72 hours when feasible
  • Public Disclosure: Transparent communication about significant incidents affecting multiple users
  • Remediation Updates: Regular updates on investigation progress and corrective measures

11. Changes to This Privacy Policy

11.1 Policy Updates

  • Regular Reviews: Privacy policy reviewed and updated annually or as needed
  • Material Changes: Users notified of significant changes via email and platform notifications
  • Version History: Previous versions available for reference and comparison
  • Effective Dates: Clear indication of when policy changes take effect

11.2 User Consent

  • Continued Use: Continued platform use constitutes acceptance of policy updates
  • Explicit Consent: Required for material changes affecting data processing purposes
  • Opt-Out Rights: Users may discontinue service if they disagree with policy changes

12. Contact Information

12.1 Privacy Inquiries

  • General Support: info@custraxx.com

12.2 Regulatory Contacts

  • Data Protection Authority: Information on filing complaints with relevant authorities
  • Industry Associations: Membership in privacy and security organizations

12.3 Response Times

  • General Inquiries: Response within 5 business days
  • Data Requests: Processed within 30 days (or as required by applicable law)
    • Urgent Issues: Priority handling for security concerns and data breaches