SHAIN PRIVACY POLICY

This Privacy Policy (“Privacy Policy”) describes how SUPPORT1 AI INC. (“SHAIN,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you visit our website(s), use our services, or interact with conversational AI experiences powered by SHAIN (collectively, the “Service”).
This Privacy Policy is designed to align with the scope of the SHAIN Terms of Use / Master Subscription Agreement and covers both (i) business customers and their authorized users and (ii) end users who may interact with chat/voice experiences deployed by our customers.
IMPORTANT: B2B SERVICE. SHAIN sells only to businesses. However, the Service may be deployed by our business customers in a way that allows their website visitors or customers (“End Users”) to interact with chat and voice interfaces.

1. SCOPE AND WHO THIS PRIVACY POLICY APPLIES TO

This Privacy Policy applies to the following categories of individuals:
1.1 BUSINESS CUSTOMER USERS. Employees, contractors, and other authorized users (“Users”) of a SHAIN business customer (“Customer”) who access and use the Service.
1.2 WEBSITE VISITORS. Visitors to SHAIN websites and pages (including marketing pages), who may submit contact forms, request demos, or subscribe to updates.
1.3 END USERS OF CUSTOMER DEPLOYMENTS. People who interact with chat or voice experiences that are powered by SHAIN but deployed on a Customer’s website or channels (“Customer Deployments”). End Users may include Customer’s customers, prospects, and website visitors.
1.4 IMPORTANT NOTE ABOUT CUSTOMER DEPLOYMENTS. In many Customer Deployments, the chat interface may display a “Privacy Policy” link that points to the Customer’s privacy policy, not SHAIN’s. In those cases, the Customer’s privacy policy primarily governs what the Customer collects and how the Customer uses End User information.

2. ROLES: SHAIN VS. CUSTOMER (WHO IS RESPONSIBLE FOR WHAT)

2.1 CUSTOMER AS CONTROLLER FOR CUSTOMER DEPLOYMENTS. For Customer Deployments, the Customer generally decides why and how End User information is collected and used (for example, to respond to requests, route to the correct service area, schedule service, provide support, or generate quotes). In these cases, the Customer is generally the “controller” (or equivalent legal role) for End User data collected in the Customer Deployment.
2.2 SHAIN AS SERVICE PROVIDER / PROCESSOR. SHAIN processes information on behalf of the Customer to provide the Service (for example, generating responses, routing messages, storing transcripts, and providing analytics). In these cases, SHAIN generally acts as a “processor” or “service provider” (or equivalent legal role), depending on applicable law and contract terms.
2.3 CUSTOMER RESPONSIBILITY FOR DISCLOSURES AND CONSENTS. When the Service is deployed to interact with End Users, the Customer is responsible for ensuring that End Users receive appropriate notices and disclosures and that any required consents (including consent for voice and recording where applicable) are obtained.

3. INFORMATION WE COLLECT

The information we collect depends on how you interact with the Service.
3.1 INFORMATION YOU PROVIDE DIRECTLY
(A) ACCOUNT AND CONTACT INFORMATION. Name, business email, phone number, company name, job title, billing details, and other information provided when you request a demo, create an account, subscribe, or contact us.
(B) CUSTOMER DATA AND CONTENT. Files, documents, templates, prompts, messages, knowledgebase content, policies, FAQs, internal instructions, and other inputs provided by Users to configure or use the Service.
(C) SUPPORT AND COMMUNICATIONS. Information included in support tickets, emails, chat messages, or other communications with SHAIN.
(D) END USER SUBMISSIONS (CUSTOMER DEPLOYMENTS). In Customer Deployments, End Users may type or speak information into chat/voice interfaces (for example, service requests, questions, contact details, appointment preferences, or location details such as city/ZIP). SHAIN may process this information to provide the Service to the Customer.
3.2 INFORMATION COLLECTED AUTOMATICALLY
(A) DEVICE AND USAGE DATA. IP address, browser type, device type, operating system, approximate location derived from IP (coarse), pages visited, time spent, clicks, referring URLs, and similar usage analytics.
(B) COOKIES AND SIMILAR TECHNOLOGIES. Cookies, pixels, local storage, and similar technologies may be used for website functionality, security, analytics, and performance. (More detail in Section 10.)
(C) LOG DATA. System logs and event records related to access, authentication, configuration changes, performance, error reports, and security events.
3.3 VOICE AND TRANSCRIPT DATA (WHEN ENABLED)
(A) VOICE INTERACTIONS. If voice features are enabled, the Service may process audio input from the End User or User.
(B) TRANSCRIPTS. Audio may be transcribed into text to generate responses and to maintain records of conversations.
(C) CONSENT MODEL (NO OUTBOUND CALLING). SHAIN does not provide outbound calling as a standard feature. Voice interactions typically occur when an End User initiates a voice session (for example, by clicking to start voice on a website). Customers are responsible for ensuring appropriate End User consent and disclosures.
3.4 LOCATION INFORMATION
(A) USER-PROVIDED LOCATION. Location typed or spoken by an End User or User (e.g., city, ZIP/postal code).
(B) APPROXIMATE LOCATION (IP-BASED). Coarse location signals derived from IP address (for example, region/city-level approximation).
(C) DEVICE-BASED LOCATION (ONLY WITH DEVICE PERMISSION). If a Customer Deployment requests device-based location (e.g., browser location services), it is only available if the End User grants permission through their device or browser settings.
(D) ACCURACY. Location signals can be inaccurate or incomplete. They should not be used for emergency services or safety-critical purposes.

4. HOW WE USE INFORMATION

We use information for the following purposes:
4.1 TO PROVIDE AND OPERATE THE SERVICE. To deliver features, authenticate users, manage accounts, process inputs, generate outputs, and provide requested functionality.
4.2 TO SUPPORT CUSTOMERS. To respond to inquiries, troubleshoot, provide technical support, and maintain service quality.
4.3 TO IMPROVE AND SECURE THE SERVICE. To monitor performance, detect bugs, prevent abuse, mitigate security threats, and improve reliability and features.
4.4 TO PROVIDE ANALYTICS AND REPORTING. To generate internal analytics and customer-facing reporting (for example, usage metrics, conversation volumes, and performance summaries).
4.5 TO COMMUNICATE WITH YOU. To send administrative messages such as confirmations, billing notices, security alerts, support responses, updates, and workflow summaries.
4.6 MARKETING AND PROMOTIONAL COMMUNICATIONS (B2B). To send marketing communications about SHAIN, where permitted by law and where you have not opted out. You may unsubscribe from marketing messages at any time.
4.7 TO COMPLY WITH LAW. To comply with legal obligations and respond to lawful requests by public authorities.

5. AI PROCESSING AND MODEL-ASSISTED OUTPUTS

5.1 AI SYSTEMS ARE PROBABILISTIC. The Service may use large language models (“LLMs”) and related tools to generate Outputs. Outputs may be inaccurate, incomplete, or unexpected.
5.2 WHAT AI NEEDS TO WORK. AI features typically require processing of the text (and, if enabled, audio and transcripts) provided during interactions in order to generate responses.
5.3 QUALITY, SAFETY, AND GUARDRAILS. SHAIN uses safeguards designed to reduce harmful or abusive content and to help keep responses within intended boundaries. Safeguards are not perfect, and Customers remain responsible for configuring, testing, and monitoring their deployments.
5.4 TRAINING AND IMPROVEMENT (AGGREGATED / DE-IDENTIFIED). SHAIN may use aggregated and/or de-identified information (where feasible) to improve the Service, including improving workflows, reliability, and safety. SHAIN does not sell Customer Data.
5.5 CUSTOMER CONFIGURATION CONTROLS. Depending on the plan and configuration, Customers may control what knowledge sources are used, what conversation data is stored, and how long it is retained.

6. HOW WE SHARE INFORMATION

We may share information as follows:
6.1 WITH SERVICE PROVIDERS (SUBPROCESSORS). We use third-party providers for hosting, infrastructure, analytics, email delivery, error monitoring, security, and AI processing. These providers process information under contractual obligations to protect it and to use it only for providing services to SHAIN.
6.2 WITH CUSTOMERS (FOR CUSTOMER DEPLOYMENTS). For Customer Deployments, SHAIN provides conversation logs, transcripts, analytics, and other results to the Customer so the Customer can operate its chatbot/voice experience and respond to End Users.
6.3 FOR LEGAL COMPLIANCE AND SAFETY. We may disclose information if required by law, subpoena, court order, or if we believe disclosure is necessary to protect rights, safety, and security, investigate fraud, or enforce our agreements.
6.4 BUSINESS TRANSFERS. If SHAIN is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
6.5 WITH YOUR CONSENT. We may share information when you instruct us or consent to sharing.
WE DO NOT SELL PERSONAL INFORMATION.

7. DATA RETENTION

7.1 GENERAL RETENTION. We retain information as long as reasonably necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.
7.2 CUSTOMER DATA RETENTION. Customer Data retention is governed by the Customer’s subscription, configuration, and contractual terms. Where applicable, we may provide an export window after termination and then delete within a reasonable time, subject to legal holds and security requirements.
7.3 LOGS AND SECURITY RECORDS. We may retain logs and security records longer to protect the Service, prevent abuse, and comply with legal obligations.
7.4 END USER DATA IN CUSTOMER DEPLOYMENTS. End User conversation data and transcripts may be retained to provide the Service to the Customer (e.g., for support, dispute resolution, QA, and analytics), subject to Customer configuration and contract terms.

8. SECURITY

8.1 SECURITY MEASURES. SHAIN maintains administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.
8.2 NO PERFECT SECURITY. No system is perfectly secure. You should use strong passwords, maintain account hygiene, and notify us promptly of any suspected unauthorized access.
8.3 SECURITY INCIDENTS. If SHAIN becomes aware of a confirmed incident affecting Customer Data, SHAIN will provide notice to the applicable Customer without undue delay, consistent with legal requirements and investigative needs.

9. YOUR CHOICES AND RIGHTS

Rights vary by location and applicable law. Where applicable, you may have the right to:
9.1 ACCESS AND CORRECTION. Request access to personal information and request correction of inaccurate information.
9.2 DELETION. Request deletion of personal information, subject to legal exceptions and contractual obligations.
9.3 OPT-OUT OF MARKETING. Opt out of marketing emails by using the unsubscribe link or contacting us. Service and administrative messages may still be sent.
9.4 COOKIE CONTROLS. Control cookies through browser settings and, where available, cookie preference tools.
9.5 END USER REQUESTS IN CUSTOMER DEPLOYMENTS. If you are an End User interacting with a Customer Deployment, requests regarding your data (access, deletion, etc.) should generally be directed to the Customer (the business you are contacting), since the Customer controls the deployment and the purposes of processing. SHAIN will assist Customers with such requests consistent with contractual obligations.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 WHAT WE USE. We may use cookies and similar technologies for:
• Essential functions (security, authentication, session management)
• Analytics (understanding website usage and performance)
• Performance (site optimization, error monitoring)
10.2 YOUR CONTROLS. Most browsers allow you to control cookies through settings. If you disable cookies, some features may not work.
10.3 DO NOT TRACK. Some browsers offer “Do Not Track” signals. Our websites may not respond to all such signals due to the lack of an industry standard.

11. INTERNATIONAL DATA TRANSFERS

SHAIN may process and store information in the United States and other jurisdictions where SHAIN or its service providers operate. If information is transferred across borders, SHAIN takes steps designed to protect information consistent with this Privacy Policy and applicable requirements.

12. CHILDREN’S PRIVACY

The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from children under the age required by applicable law for consent. If you believe a child has provided information to us, contact us and we will take appropriate steps.

13. THIRD-PARTY LINKS AND CUSTOMER PRIVACY POLICIES

13.1 CUSTOMER PRIVACY POLICIES. In Customer Deployments, the “Privacy Policy” link displayed in chat/voice interfaces may point to the Customer’s privacy policy page. SHAIN is not responsible for the content of Customer privacy policies.
13.2 THIRD-PARTY LINKS. Our website or Service may include links to third-party sites. We are not responsible for third-party practices, and you should review their privacy policies.

14. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service, by email, or by posting an updated version with a new effective date. Continued use of the Service after the effective date means you accept the updated Privacy Policy.

15. CONTACT US

For questions about this Privacy Policy or privacy practices, contact SHAIN using the contact methods listed on our website or in your Order Form.