PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy explains how Abundly AI AB ("we," "us," or "our"), a company established under the laws of Sweden, collects, uses, shares, and protects personal information in connection with our AI Agent platform, related websites, and services (collectively, the "Services").

We respect your privacy and are committed to protecting your personal information. This Privacy Policy describes our practices concerning the information collected when you use our Services.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. CONTROLLER INFORMATION

Abundly AI AB
Norrtullsgatan 6
113 29 Stockholm
Sweden

3. PERSONAL INFORMATION WE COLLECT

We collect different types of personal information depending on how you interact with our Services:

3.1 Information You Provide to Us

• Account Information: When you register for an account, we collect your name, email address, password, and other information necessary to create and maintain your account.
• Billing Information: If you purchase a paid subscription, we collect payment information, billing address, and related details. Full payment card details are processed by our payment service providers and are not stored by us.
• Communications: When you contact us, we collect the information you provide in your communications, including emails and support requests.
• User Content: We collect content that you upload, share, or create using our Services, including prompts provided to AI agents, configurations, and outputs.

3.2 Information We Collect Automatically

• Usage Information: We collect information about how you use our Services, including features you use, queries you make, and interactions with our platform.
• Device Information: We collect information about the devices you use to access our Services, including IP address, browser type, operating system, and device identifiers.
• Log Data: Our servers automatically record information when you use our Services, including access times and pages or features viewed.
• Cookies and Similar Technologies: We use cookies and similar technologies to collect information about your browsing behavior and preferences. For more information, please see our Cookie Policy.

3.3 Information from Third Parties

• Integration Partners: If you integrate third-party services or APIs with our platform, we may receive information from these third parties as necessary to provide our Services.
• Business Partners: We may receive information about you from our business partners, such as when they refer you to our Services.

4. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

4.1 To Provide and Improve Our Services

• Creating and managing your account
• Processing and fulfilling your requests and transactions
• Providing customer support and responding to your inquiries
• Analyzing usage patterns to improve our Services
• Developing new features and functionality
• Ensuring the technical functioning of our Services
• Troubleshooting issues and fixing bugs

4.2 For Communication and Marketing

• Sending important notices, such as communications about changes to our terms, conditions, and policies
• Sending transactional emails and service announcements
• Providing information about new features or products (where you have consented to receive such communications)
• Conducting surveys or collecting feedback

4.3 For Legal and Security Purposes

• Protecting the security and integrity of our Services
• Detecting and preventing fraud, abuse, or security incidents
• Complying with legal obligations
• Establishing, exercising, or defending legal claims

We do not use your User Content for training AI models, improving our algorithms, or for any purpose other than providing the Services to you, unless you explicitly consent to such use.

5. LEGAL BASIS FOR PROCESSING (EU/EEA, UK, AND SWITZERLAND)

We process your personal information on the following legal bases:

5.1 Performance of Contract

We process your personal information as necessary to perform our contract with you when you use our Services, such as:

• Creating and managing your account
• Processing your payments
• Providing customer support
• Delivering the features and functionality of our Services

5.2 Legitimate Interests

We process your personal information based on our legitimate interests, which include:

• Improving and developing our Services
• Protecting the security of our Services
• Analyzing how our Services are used
• Managing our business operations
• Marketing our Services (subject to your marketing preferences)

We balance our interests against your rights and ensure our legitimate interests don't override your fundamental rights and freedoms.

5.3 Consent

We process certain personal information based on your consent, such as:

• Sending marketing communications (where required by law)
• Using certain cookies and similar technologies
• Processing special categories of personal data (if applicable)

You have the right to withdraw your consent at any time.

5.4 Legal Obligation

We process your personal information when necessary to comply with legal obligations, such as:

• Responding to legal requests from authorities
• Maintaining records for tax purposes
• Complying with other applicable laws and regulations

6. DATA SHARING AND DISCLOSURE

We may share your personal information with the following categories of recipients:

6.1 Service Providers

We engage service providers to perform functions on our behalf, such as:

• Cloud infrastructure providers for hosting our Services
• Payment processors for billing and payment processing
• Customer support platforms
• Analytics providers
• Email service providers

These service providers have access to personal information needed to perform their functions but are contractually prohibited from using it for other purposes. We maintain a current list of our subprocessors.

6.2 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6.3 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., court or government agency).

6.4 Protection of Rights

We may disclose your personal information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

6.5 With Your Consent

We may share your personal information with third parties when you have given us your consent to do so.

7. INTERNATIONAL DATA TRANSFERS

We primarily store and process your personal information within the European Economic Area (EEA). However, for certain processing activities, your personal information may be transferred to and processed in countries outside the EEA.

When we transfer personal information outside the EEA, we implement appropriate safeguards to ensure that your personal information receives an adequate level of protection, such as:

• European Commission approved standard contractual clauses
• Adequacy decisions where transfers are made to countries that the European Commission has determined provide adequate protection
• Binding corporate rules, where applicable

You can request a copy of the safeguards we use to protect personal information transferred outside the EEA by contacting us using the details provided in the "Contact Us" section.

8. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

The specific retention periods depend on the nature of the information and the purposes for which it is used:

• Account Information: We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your account information within 30 days, unless we need to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.
• User Content: We retain User Content for as long as necessary to provide the Services you requested. Unless required by law, we will delete User Content within 14 days after you delete the specific content, delete your account, or your subscription terminates.
• Usage Data: We may retain anonymized or aggregated data indefinitely for analytics purposes.
• Log Data: We typically retain log data for up to 90 days for security, troubleshooting, and analytics purposes.

These retention periods align with those specified in our Data Processing Agreement. For customers who have accepted our DPA, the retention periods specified in the DPA will govern in case of any discrepancy.

9. YOUR RIGHTS AND CHOICES

If you are located in the EEA, UK, or Switzerland, you have certain rights regarding your personal information under applicable data protection laws:

9.1 Access and Information

You have the right to request information about how we process your personal information and to obtain a copy of the personal information we hold about you.

9.2 Correction

You have the right to request that we correct inaccurate or incomplete personal information we hold about you.

9.3 Erasure

You have the right to request that we erase your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

9.4 Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data.

9.5 Data Portability

You have the right to request that we provide you with your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller.

9.6 Objection

You have the right to object to the processing of your personal information in certain circumstances, including when we process your personal information for direct marketing purposes or when we process your personal information based on our legitimate interests.

9.7 Automated Individual Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for entering into or performance of a contract, authorized by applicable law, or based on your explicit consent.

9.8 Withdrawal of Consent

Where we process your personal information based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on your consent before its withdrawal.

9.9 How to Exercise Your Rights

To exercise your rights, please contact us using the details provided in the "Contact Us" section. We will respond to your request within one month, although we may extend this period by up to two additional months if necessary, taking into account the complexity and number of requests.

We may request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

9.10 Complaints

If you have concerns about how we process your personal information, please contact us first so that we can try to resolve your concerns. However, if you believe that we have not been able to address your concerns adequately, you have the right to lodge a complaint with a data protection authority in the EU member state where you reside, work, or where an alleged infringement of data protection law occurred.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of personal information in transit and at rest
• Access controls and authentication procedures
• Regular security assessments
• Business continuity and disaster recovery plans
• Employee training on privacy and security practices

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

11. CHILDREN'S PRIVACY

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us. If we discover that a child under 18 has provided us with personal information, we will delete such information from our servers.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have provided one) or by means of a notice on our website prior to the change becoming effective. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.

The date at the top of this Privacy Policy indicates when it was last updated.

13. CONTACT US

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at support@abundly.ai.

If you are an existing customer with a data protection query related to your use of our platform as a data controller, please refer to our Data Processing Agreement available at our DPA page.