Privacy Policy

Last updated: 6 August 2025

1. Scope

This Policy explains how AlooChat collects, uses, shares and safeguards “Personal Data” when you visit aloochat.ai, use our dashboard, or interact with our AI agents.

2. Data We Collect

  • Account Data – name, email, phone, company name, password hash
    Purpose: create and secure your account.
  • Usage Logs – IP address, device/browser details, timestamps
    Purpose: fraud prevention and product analytics.
  • Conversation Data – chat transcripts, files you upload to train the AI
    Purpose: deliver and improve AI responses and features.
  • Payment Data – last four digits of card, billing address (processed by Stripe)
    Purpose: billing, VAT invoicing, and charge-back handling.
  • Marketing Data – email preferences, open/click rates
    Purpose: send updates and offers (only if you opt in).
  • Cookies / SDKs – session cookies, Intercom, Mixpanel identifiers
    Purpose: remember settings, measure performance, and troubleshoot issues.

    • 3. Legal Bases

    We rely on:

    Contract (Art. 6(1)(b) GDPR) to provide the Service;

    Legitimate interests in improving security and UX;

    Consent for marketing & optional global model training;

    Compliance with GCC laws (UAE PDPL 2022, Saudi PDPL 2023, Kuwait CITRA 26/2024) for data-subject rights and breach notification.

    4. How We Use Personal Data

    Provision, maintenance, and customisation of AI agents;

    Training models within your workspace;

    Fraud detection and security monitoring;

    VAT invoicing and regulatory compliance;

    Product research, analytics and feature development;

    Marketing with opt-out at any time.

    5. Sharing & Disclosure

    We share Personal Data only with:

    Processors operating under contract (AWS, Vercel, OpenAI, Stripe, Twilio);

    Integration partners when you connect (e.g., HubSpot);

    Authorities when legally compelled;

    Prospective buyers in a merger, under NDA.

    6. International Transfers

    Servers are in AWS Bahrain & AWS eu-central-1. If data moves outside the GCC/EU, we employ Standard Contractual Clauses plus supplementary technical measures.

    7. Retention

    Account data: life of account + 3 years.

    Chat transcripts: 24 months by default (configurable to 0-36 months).

    Financial records: 7 years for tax compliance.

    8. Security

    We implement ISO 27001-aligned controls, TLS 1.3 in transit, AES-256 at rest, role-based access and annual penetration tests.

    9. Your Rights

    Subject to local law, you may request: access, correction, deletion, portability, restriction, or objection to processing. Email privacy@aloochat.ai. We verify identity and respond within 30 days.

    10. Cookies & Similar Tech

    We use strictly-necessary, functional and analytics cookies. Manage preferences in your browser or in the on-site Cookie Banner.

    11. Automated Decision-Making

    AI output may constitute automated processing. No decisions with legal or similarly significant effects are taken without human review.

    12. Marketing Communications

    We send product updates or promotional emails only with consent. Opt-out any time via unsubscribe link or profile settings.

    13. Children’s Privacy

    AlooChat is not directed to minors under 18. We do not knowingly process children’s data.

    14. Changes to This Policy

    Material updates will be announced via email or dashboard banner at least 15 days before becoming effective.

    15. Contact & Complaints

    Questions or complaints? Email privacy@aloochat.ai or write to our DPO at the address above. You may also lodge a complaint with:

    1. Scope
    2. Data We Collect
    3. Legal Bases
    4. How We Use Personal Data
    5. Sharing & Disclosure
    6. International Transfers
    7. Retention
    8. Security
    9. Your Rights
    10. Cookies & Similar Tech
    11. Automated Decision-Making
    12. Marketing Communications
    13. Children’s Privacy
    14. Changes to This Policy
    15. Contact & Complaints