Privacy Policy

IMPORTANT: This privacy policy applies to an AI Agent building platform that processes conversational data and user interactions with artificial intelligence systems.

Kuverto operates an AI Agent builder platform that enables users to create, deploy, and manage intelligent conversational agents. This Privacy Policy explains how we collect, use, protect, and share information when you use our platform to build AI agents and when end-users interact with those AI agents.

Key Data We Process: The primary data we collect and store consists of user interactions with AI agents built on our platform, including conversations, prompts, responses, and usage analytics. We take the privacy and security of this conversational data extremely seriously.

By using Kuverto, you acknowledge that you understand this privacy policy and consent to our data practices as described herein. If you are creating AI agents for others to use, you are responsible for providing appropriate privacy notices to your end-users.

2.1 Account and Profile Information

• Registration Data: Name, email address, password (hashed), and account creation date
• Profile Information: Optional profile details, organization name, and role
• Billing Information: Payment details processed by third-party payment processors (we do not store full payment card data)
• Authentication Data: Login credentials, session tokens, and two-factor authentication settings

2.2 AI Agent Creation and Configuration Data

• Agent Configurations: AI agent settings, prompts, instructions, and behavioral parameters
• Knowledge Base Content: Documents, files, and data uploaded to train or configure your AI agents
• Workflow Definitions: Custom workflows, automation rules, and integration settings
• Agent Performance Data: Usage metrics, performance analytics, and optimization data

2.3 User Interaction Data (Primary Data Collection)

• Conversation Data: All messages, prompts, and responses exchanged with AI agents
• Session Information: Duration, frequency, and patterns of AI agent interactions
• User Input Analysis: Content analysis for safety, quality, and improvement purposes
• Feedback Data: User ratings, feedback, and improvement suggestions
• Usage Patterns: How users interact with different AI agent features and capabilities

2.4 Technical and Automatically Collected Information

• Device Information: Device type, operating system, browser type and version
• Network Data: IP address, internet service provider, and general location data
• Usage Analytics: Page views, feature usage, error logs, and performance metrics
• Cookies and Tracking: Authentication tokens, preferences, and analytical data

This is our primary data collection activity: We collect and store interactions between users and AI agents built on our platform.

3.1 What Interaction Data We Collect

• Complete Conversations: All messages sent to and received from AI agents
• Contextual Information: Conversation history, context, and session data
• User Intent Analysis: Analysis of user queries and interaction patterns
• Response Quality Data: AI response accuracy, relevance, and user satisfaction
• Error and Failure Data: Failed interactions, errors, and system issues

3.2 Why We Collect This Data

• Service Provision: To enable AI agents to function and provide responses
• Quality Improvement: To improve AI agent performance and accuracy
• Safety and Moderation: To detect harmful, inappropriate, or abusive content
• Analytics and Insights: To provide usage analytics to AI agent creators
• Technical Support: To troubleshoot issues and provide customer support

3.3 Sensitive Information Handling

• Personal Data Detection: We automatically scan for and flag potentially sensitive personal information
• Data Minimization: We only retain interaction data necessary for service provision and improvement
• User Control: Users can request deletion of their interaction history at any time
• Anonymization: Where possible, we anonymize interaction data for analytics purposes

Important: We use third-party AI providers to power AI agents. Your data may be processed by these providers.

4.1 AI Service Providers We Use

• OpenAI: For GPT-based language models and AI capabilities
• Microsoft Azure OpenAI: For enterprise-grade AI services
• Other AI Providers: We may integrate with additional AI service providers as needed

4.2 Data Sharing with AI Providers

• Necessary Data Only: We only share data necessary for AI processing (prompts, context)
• Business Associate Agreements: We maintain data processing agreements with all AI providers
• No Training Use: Where possible, we opt out of having your data used for AI model training
• Encryption in Transit: All data sent to AI providers is encrypted in transit

4.3 Your Rights Regarding Third-Party Processing

• Opt-Out Options: You can request that your data not be processed by specific AI providers
• Provider Transparency: We will inform you which AI providers are used for your agents
• Alternative Providers: We offer multiple AI provider options where technically feasible

5.1 Primary Uses

• AI Agent Functionality: To enable your AI agents to respond to user queries and maintain conversation context
• Platform Operation: To provide access to our AI agent building tools and features
• Performance Optimization: To improve AI agent response quality, speed, and accuracy
• Safety and Moderation: To detect and prevent harmful, abusive, or inappropriate content

5.2 Analytics and Improvement

• Usage Analytics: To understand how AI agents are used and identify improvement opportunities
• Performance Metrics: To measure AI agent effectiveness and user satisfaction
• Feature Development: To develop new features and capabilities based on user needs
• Research and Development: To advance AI technology and improve our platform (anonymized data only)

5.3 Administrative Uses

• Account Management: To manage your account, billing, and subscription
• Customer Support: To provide technical support and resolve issues
• Communications: To send important updates, security notices, and service information
• Legal Compliance: To comply with applicable laws and regulations

We do not sell, rent, or lease your personal information to third parties.

6.1 Service Providers and Partners

• AI Service Providers: OpenAI, Microsoft Azure, and other AI providers as necessary for service delivery
• Cloud Infrastructure: Cloud hosting providers (AWS, Azure, GCP) for data storage and processing
• Payment Processors: Stripe, PayPal, or other payment services for billing (they do not receive your interaction data)
• Analytics Providers: Google Analytics, Mixpanel, or similar services (anonymized data only)
• Support Tools: Customer support platforms for assistance (only when you contact support)

6.2 Legal and Safety Disclosures

• Legal Requirements: When required by law, court order, or government regulation
• Safety Concerns: To prevent harm, illegal activity, or threats to public safety
• Platform Protection: To protect our rights, property, or the security of our platform
• Emergency Situations: To protect the safety of our users or the public

6.3 Business Transactions

• Mergers and Acquisitions: In connection with any merger, acquisition, or sale of our business
• Asset Transfers: If we transfer any part of our business or assets
• Bankruptcy: In the event of bankruptcy or similar proceedings

7.1 Our AI Model Training Practices

• Platform Improvement Only: We may use anonymized interaction data to improve our platform's functionality
• No Personal Identification: All data used for training is stripped of personally identifiable information
• Opt-Out Available: You can request that your data not be used for any training purposes
• Aggregate Analysis: We analyze patterns in aggregate to improve AI agent performance

7.2 Third-Party AI Provider Training

• Opt-Out by Default: Where possible, we configure third-party AI services to not use your data for training
• Business Tier Services: We use business/enterprise tiers of AI services that typically exclude training use
• Clear Agreements: Our agreements with AI providers specify restrictions on training use
• User Control: You can specify preferences for how your data is used by different AI providers

7.3 Data Used for Training

• Content Filtering Patterns: Anonymized data about harmful content detection and filtering
• Performance Metrics: Response quality, user satisfaction, and error patterns
• Usage Patterns: How users interact with different AI agent features (anonymized)
• Safety Improvements: Data to improve safety measures and content moderation

Our platform uses automated systems for various purposes. You have rights regarding automated decision-making that affects you.

8.1 Automated Systems We Use

• Content Moderation: Automated detection of harmful, abusive, or inappropriate content
• Spam Detection: Automated identification of spam or unwanted content
• Usage Monitoring: Automated detection of unusual usage patterns or potential abuse
• Performance Optimization: Automated routing and optimization of AI requests

8.2 Your Rights Regarding Automated Decisions

• Human Review: You can request human review of any automated decision affecting your account
• Explanation: You can request an explanation of how automated decisions are made
• Appeal Process: You can appeal automated decisions through our support system
• Alternative Processing: You can request non-automated processing where technically feasible

We implement comprehensive security measures to protect your data, especially given the sensitive nature of AI interaction data.

9.1 Technical Security Measures

• Encryption: AES-256 encryption for data at rest and TLS 1.3+ for data in transit
• Access Controls: Role-based access control with principle of least privilege
• Authentication: Multi-factor authentication for all accounts and administrative access
• Network Security: Firewalls, intrusion detection, and network segmentation
• Data Isolation: Logical separation of customer data and isolated processing environments

9.2 Operational Security Measures

• Security Audits: Regular third-party security assessments and penetration testing
• Monitoring: 24/7 security monitoring and incident response capabilities
• Employee Training: Regular security training for all employees handling data
• Background Checks: Comprehensive background checks for employees with data access
• Incident Response: Formal incident response procedures and breach notification protocols

9.3 AI-Specific Security Measures

• Prompt Injection Protection: Security measures to prevent prompt injection attacks
• Output Filtering: Automated filtering of AI outputs for sensitive information
• Context Isolation: Isolation of conversation contexts between different users
• Model Security: Protection against adversarial attacks on AI models

Security Incident Notification: In the event of a data breach affecting your personal information, we will notify you within 72 hours of discovery and provide details about the incident and steps taken to address it.

10.1 AI Interaction Data Retention

• Active Conversations: Retained for the duration of active AI agent sessions plus 30 days
• Historical Interactions: Retained for up to 2 years for service improvement and analytics
• Safety-Related Data: Data related to safety violations may be retained longer as required by law
• User-Requested Deletion: Can be deleted immediately upon user request (except where legally required to retain)

10.2 Account and Profile Data Retention

• Active Accounts: Retained for the duration of your account plus 90 days after closure
• Billing Data: Retained for 7 years for tax and legal compliance purposes
• Support Communications: Retained for 3 years for quality assurance and training

10.3 Anonymized Data

• Analytics Data: Anonymized usage data may be retained indefinitely for research and improvement
• Safety Patterns: Anonymized data about safety and abuse patterns for platform protection
• Performance Metrics: Anonymized AI performance data for service optimization

Your Control: You can request immediate deletion of your interaction data at any time through your account settings or by contacting our support team.

11.1 Data Subject Rights (GDPR/CCPA)

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure: Request deletion of your personal data (subject to legal limitations)
• Right to Restriction: Restrict processing of your personal data in certain circumstances
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

11.2 AI-Specific Rights and Controls

• Interaction Data Control: Delete specific conversations or all interaction history
• AI Provider Preferences: Choose which AI providers can process your data
• Training Opt-Out: Prevent your data from being used for AI training purposes
• Content Filtering Settings: Customize content moderation and filtering preferences
• Data Export: Export your AI interaction data in JSON or CSV format

11.3 How to Exercise Your Rights

• Account Settings: Many controls are available directly in your account dashboard
• Email Requests: Send detailed requests to privacy@kuverto.com
• Support Portal: Submit requests through our support portal with verification
• Response Time: We respond to requests within 30 days (or as required by applicable law)

No Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. This is particularly relevant for our AI platform as we use various AI service providers globally.

12.1 Where Your Data May Be Processed

• United States: Our primary data centers and OpenAI services
• European Union: Azure data centers for EU users
• Other Regions: Additional cloud regions as needed for performance and compliance

12.2 Transfer Safeguards

• Standard Contractual Clauses: We use EU Standard Contractual Clauses for transfers outside the EEA
• Adequacy Decisions: We transfer data to countries with adequacy decisions where possible
• Data Processing Agreements: All service providers sign comprehensive data processing agreements
• Encryption: All international data transfers are encrypted in transit and at rest
• Access Controls: Strict access controls limit who can access transferred data

12.3 AI Provider Transfers

• Provider Selection: We choose AI providers with strong international data protection practices
• Regional Processing: Where possible, we use regional AI services to minimize international transfers
• User Control: You can specify geographic preferences for AI processing where technically feasible

Age Restriction: Our service is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13.

13.1 Age Verification and Restrictions

• Minimum Age: Users must be at least 13 years old to create an account
• Parental Consent: Users between 13-18 may require parental consent depending on jurisdiction
• Age Verification: We may request age verification during registration
• Educational Use: Special provisions apply for educational institutions using our platform

13.2 If We Discover Child Data

• Immediate Action: We will immediately delete any data from children under 13
• Account Termination: Accounts of users under 13 will be terminated
• Parent Notification: We will notify parents if we discover their child's data in our systems
• Reporting: Parents can report underage usage to privacy@kuverto.com

13.3 Educational Institution Guidelines

• FERPA Compliance: We comply with FERPA requirements for educational institutions
• School Consent: Educational institutions can provide consent on behalf of students
• Limited Data Collection: Minimal data collection for educational AI agents
• Enhanced Protection: Additional privacy protections for educational use cases

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 How We Notify You of Changes

• Email Notification: We will email you about material changes at least 30 days before they take effect
• In-Platform Notices: Prominent notices will appear in your account dashboard
• Website Banner: A banner notification will appear on our website
• API Notifications: Developers will receive API notifications about relevant changes

14.2 Types of Changes

• Material Changes: Changes affecting your rights will require explicit consent
• Technical Updates: Minor technical clarifications may not require advance notice
• Legal Updates: Changes required by law will be implemented as required
• Service Changes: Changes related to new features or services

14.3 Your Options

• Review Period: You have 30 days to review material changes before they take effect
• Opt-Out: You can opt-out of material changes by closing your account
• Continued Use: Continued use of our service after changes take effect constitutes acceptance
• Questions: Contact us if you have questions about any changes

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below.

15.1 Privacy Contact Information

15.2 Response Times and Process

• Initial Response: We will acknowledge your inquiry within 24 hours
• Full Response: Complete responses within 30 days (or as required by law)
• Complex Requests: We may extend response time for complex requests with notification
• Emergency Requests: Security or safety concerns will be prioritized

15.3 Supervisory Authority Rights

If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection authority. If you are located in other jurisdictions, you may have similar rights under local privacy laws.

We're Here to Help: We are committed to resolving any privacy concerns you may have. Please don't hesitate to reach out with any questions about how we handle your data.