Privacy Policy

1Introduction

Welcome to Infinity Pro AI ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered automation platform and related services (the "Services").

This Privacy Policy applies to all users of our Services, including business owners, their employees, and their customers. By using our Services, you agree to the collection and use of information in accordance with this policy.

Key Compliance: This Privacy Policy is designed to comply with:

• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA) - California, USA
• California Privacy Rights Act (CPRA) - California, USA
• Other applicable data protection laws and regulations

2Information We Collect

2.1 Information You Provide Directly

When you create an account or use our Services, you may provide:

• Account Information: Name, email address, phone number, business name, business address
• Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
• Business Information: Business hours, services offered, pricing, FAQs, and other business-specific data
• Profile Information: Profile photo, bio, preferences, and settings
• Communication Preferences: Email preferences, notification settings

2.2 Customer Data You Upload

As a business using our Services, you may upload or provide access to:

• Customer Contact Information: Names, phone numbers, email addresses
• Conversation History: Messages, chat logs, email threads
• Appointment Data: Booking details, schedules, preferences
• Transaction Data: Purchase history, payment records
• Customer Notes: Custom fields, tags, and notes you add to customer profiles

2.3 Automatically Collected Information

When you use our Services, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device type
• Log Data: Access times, error logs, performance data
• Cookies & Tracking: Session cookies, analytics cookies, preference cookies
• Location Data: General location based on IP address (not precise GPS)

2.4 Information from Third-Party Integrations

When you connect third-party services, we may receive:

• WhatsApp: Message content, contact information, delivery status
• Instagram: Direct messages, profile information, engagement data
• Google Calendar: Calendar events, availability, appointment details
• Email Providers: Email content, contact lists, engagement metrics
• CRM Systems: Customer data, sales pipelines, interaction history

3How We Use Your Information

We use the collected information for the following purposes:

3.1 To Provide Our Services

• Process and manage your account
• Enable AI-powered customer service automation
• Facilitate appointment scheduling and reminders
• Manage customer communications across multiple channels
• Provide CRM and pipeline management tools
• Generate analytics and business insights

3.2 To Improve Our Services

• Analyze usage patterns to enhance features
• Train and improve AI models (see Section 4)
• Identify and fix technical issues
• Conduct research and development
• Test new features and functionality

3.3 To Communicate With You

• Send service updates and announcements
• Respond to your inquiries and support requests
• Send billing and payment notifications
• Provide product updates and feature releases
• Send marketing communications (with your consent)

3.4 For Security & Compliance

• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and property
• Ensure platform security and integrity

4AI Data Processing & Training

As an AI-powered platform, we process data to provide intelligent automation. Here's how we handle AI-related data:

4.1 How AI Uses Your Data

• Real-Time Processing: AI analyzes incoming messages to generate appropriate responses
• Context Understanding: AI maintains conversation context to provide relevant answers
• Intent Recognition: AI identifies customer intent (booking, inquiry, complaint, etc.)
• Personalization: AI learns your business-specific information to customize responses
• Sentiment Analysis: AI detects customer sentiment to adjust tone and escalate when needed

4.2 AI Model Training

Specifically:

• Private Training: Your data trains only YOUR AI assistant, not shared models
• Aggregated Analytics: We may use anonymized, aggregated data for general platform improvements
• No Cross-Customer Sharing: Your customer data is never shared with other businesses
• Opt-Out Available: You can opt out of any analytics or improvement programs

4.3 Third-Party AI Providers

We use third-party AI services (such as OpenAI) to power our platform. These providers:

• Process data only as necessary to provide services
• Do not use your data to train their public models (per our agreements)
• Maintain enterprise-grade security and privacy standards
• Comply with GDPR and other data protection regulations

5Customer Conversations & Message Data

Your customer conversations are handled with the highest level of privacy and security:

5.1 Message Storage

• Encrypted Storage: All messages are encrypted at rest using AES-256 encryption
• Secure Transmission: Messages are encrypted in transit using TLS 1.3
• Access Controls: Only authorized personnel can access message data
• Retention Period: Messages are retained as long as your account is active, plus 30 days after deletion

5.2 Who Can Access Conversations

• You: Full access to all your customer conversations
• Your Team: Access based on permissions you set
• Our Support Team: Only with your explicit permission for troubleshooting
• AI Systems: Automated processing to provide services
• No One Else: We never sell or share your conversations with third parties

5.3 Customer Consent

Important: You are responsible for obtaining necessary consents from your customers before using our Services to communicate with them. This includes:

• Consent to receive automated messages
• Consent for data processing and storage
• Compliance with TCPA, GDPR, and other regulations
• Clear privacy disclosures to your customers

6Data Storage, Retention & Security

6.1 Where We Store Data

• Primary Storage: United States (AWS US-East region)
• Backup Storage: Multiple geographic regions for redundancy
• EU Data: EU customers' data can be stored in EU data centers upon request
• Encryption: All data encrypted at rest and in transit

6.2 Data Retention

• Active Accounts: Data retained as long as your account is active
• After Cancellation: Data retained for 30 days, then permanently deleted
• Backups: Backup copies deleted within 90 days of account deletion
• Legal Holds: Data may be retained longer if required by law
• Anonymized Data: Aggregated, anonymized data may be retained indefinitely for analytics

6.3 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
• Network Security: Firewalls, intrusion detection, DDoS protection
• Regular Audits: Security audits and penetration testing
• Employee Training: Security awareness training for all staff
• Incident Response: 24/7 monitoring and incident response procedures
• Compliance: SOC 2 Type II certified (in progress)

7Sharing & Third-Party Integrations

7.1 When We Share Your Data

We may share your information in the following circumstances:

• With Your Consent: When you explicitly authorize sharing
• Service Providers: Third-party vendors who help us provide services (hosting, payment processing, analytics)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law, court order, or government request
• Protection of Rights: To protect our rights, property, or safety, or that of others

7.2 Third-Party Service Providers

We work with trusted third-party providers:

• Cloud Hosting: Amazon Web Services (AWS)
• Payment Processing: Stripe
• AI Services: OpenAI, Anthropic
• Analytics: Google Analytics, Mixpanel
• Email Services: SendGrid, Amazon SES
• Support Tools: Intercom, Zendesk

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

7.3 We Do NOT Sell Your Data

8WhatsApp, Instagram, Email & Calendar Integrations

When you connect third-party platforms, additional privacy considerations apply:

8.1 WhatsApp Business API

• We access messages sent to your WhatsApp Business account
• Messages are subject to WhatsApp's Terms of Service and Privacy Policy
• We do not access your personal WhatsApp messages
• You must comply with WhatsApp Business Policy when using our integration

8.2 Instagram Direct Messages

• We access direct messages sent to your Instagram Business account
• Subject to Instagram's Terms of Use and Data Policy
• We do not access your personal Instagram content
• You must have a Facebook Business account and comply with their policies

8.3 Google Calendar

• We access your calendar to check availability and create appointments
• We only read/write calendar events related to appointments booked through our platform
• Subject to Google's Privacy Policy and Terms of Service
• You can revoke access at any time through your Google account settings

8.4 Email Integrations

• We access emails sent to connected email accounts
• We process email content to provide automated responses
• Subject to your email provider's privacy policy
• You can disconnect email integration at any time

Note: Each integration is subject to the privacy policies and terms of service of the respective third-party platform. We recommend reviewing their policies before connecting integrations.

9Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information, see our Cookie Policy.

9.1 Types of Cookies We Use

• Essential Cookies: Required for the platform to function (login, security)
• Performance Cookies: Help us understand how you use the platform
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Collect data about usage patterns (Google Analytics)
• Marketing Cookies: Track conversions and ad performance (with consent)

9.2 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to block cookies)
• Our cookie consent banner (appears on first visit)
• Your account privacy settings
• Opt-out tools provided by third-party analytics providers

10Your Data Rights (GDPR/CCPA/CPRA)

Depending on your location, you have specific rights regarding your personal data:

10.1 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the right to:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

10.2 CCPA/CPRA Rights (California Users)

If you are a California resident, you have the right to:

• Right to Know: Request information about the personal data we collect, use, and share
• Right to Delete: Request deletion of your personal data
• Right to Correct: Request correction of inaccurate personal data
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal data (we don't sell data)
• Right to Limit: Limit the use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

10.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days (GDPR) or 45 days (CCPA/CPRA). We may need to verify your identity before processing your request.

11How to Access, Update, or Delete Your Data

11.1 Self-Service Options

You can manage your data directly through your account:

• Account Settings: Update your profile, email, and preferences
• Data Export: Download your data in JSON or CSV format
• Delete Account: Permanently delete your account and all associated data
• Privacy Settings: Control data sharing and analytics preferences

11.2 Requesting Data Deletion

To delete your account and data:

1. Log in to your account
2. Go to Settings → Account → Delete Account
3. Confirm deletion (this action is irreversible)
4. Your data will be permanently deleted within 30 days

Alternatively, email us at info@infinityproai.com to request account deletion.

12Data Transfers (US/EU Compliance)

Infinity Pro AI is based in the United States. If you are accessing our Services from outside the US, please be aware that your data may be transferred to, stored, and processed in the United States.

12.1 EU-US Data Transfers

For transfers of personal data from the EU to the US, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
• Adequacy Decisions: Where applicable under EU law
• Your Consent: Where you have explicitly consented to the transfer
• Supplementary Measures: Additional security safeguards beyond SCCs

12.2 Data Localization Options

Upon request, we can:

• Store EU customer data in EU-based data centers
• Provide data processing agreements (DPAs) for GDPR compliance
• Implement additional security measures for international transfers

13Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@infinityproai.com. We will delete such information from our systems.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

14Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if the changes are material
• Post a notice on our website or within the platform
• Provide at least 30 days' notice for material changes

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Services and may request deletion of your account.

15Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: