Privacy Policy

1 Overview

SmartMax Software, Inc., doing business as ChatBeacon ("we," "us," "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, software platform, APIs, and related services (collectively, the "Services").

By using the Services, you consent to the data practices described in this policy. If you do not agree, please do not use the Services.

2 Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, phone number, and billing information when you create an account or subscribe.
• Content: Website URLs, documents, PDFs, FAQs, and other content you upload to train your AI chatbot.
• Communications: Messages you send to us through support channels, email, or chat.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and session duration within the Services.
• Device Data: Browser type, operating system, IP address, device identifiers, and screen resolution.
• Chat Data: Conversations between your chatbot/agents and your website visitors, including transcripts, timestamps, and visitor metadata.

2.3 Information from Third Parties

• Integrations: Data from services you connect via Zapier, Salesforce, Shopify, or other integrations — only as authorized by you.
• Payment Processors: Transaction data from Stripe or other payment processors. We do not store full credit card numbers.

3 How We Use Your Information

We use the information we collect to:

• Provide the Services — Operate your AI chatbot, live chat, co-browse, video chat, and related features.
• Train your AI chatbot — Process content you upload to generate accurate, on-brand chatbot responses for your visitors.
• Improve the platform — Analyze usage patterns to enhance features, fix bugs, and develop new capabilities.
• Communicate with you — Send account notifications, support responses, product updates, and (with your consent) marketing communications.
• Process payments — Handle subscription billing, invoicing, and refunds.
• Ensure security — Detect and prevent fraud, abuse, and unauthorized access.
• Comply with law — Meet legal obligations, respond to lawful requests, and enforce our Terms.

4 Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

• Service Providers: Trusted vendors who help us operate the Services (hosting, payment processing, email delivery, analytics) — bound by confidentiality agreements.
• AI Infrastructure: OpenAI (for AI chatbot processing) and Microsoft Azure (for cloud hosting) — subject to their enterprise data processing agreements.
• Integrations: Third-party services you choose to connect (Salesforce, Shopify, Slack, etc.) — only data you authorize.
• Legal Requirements: When required by law, court order, or to protect our rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets — with prior notice.

5 AI & Data Processing

5.1 How AI Uses Your Data

ChatBeacon's AI chatbot is powered by OpenAI's models. When you train your chatbot, we process the content you provide (website pages, uploaded documents, FAQs) to generate a knowledge base specific to your business.

5.2 What OpenAI Receives

When your chatbot responds to a visitor, the conversation context is sent to OpenAI's API for processing. OpenAI does not use your data to train their models under our enterprise agreement. All API calls are encrypted in transit.

5.3 AI-Generated Content

Responses generated by your AI chatbot are based on your training content and the conversation context. You are responsible for reviewing and approving the accuracy of AI-generated responses, particularly in regulated industries.

6 Cookies & Tracking

We use cookies and similar technologies to operate the Services, remember preferences, and analyze usage. Types of cookies we use:

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Services.

6.1 Chat Widget Tracking

Our chat widget collects visitor data (pages visited, referral source, device type) to provide agents with visitor context. This data is stored as part of your Customer Data and subject to your own privacy policies toward your visitors.

7 Data Security

We implement industry-leading security measures to protect your data:

• SOC 2 Type II certified — audited annually by independent third parties
• HIPAA compliant — Business Associate Agreements available for healthcare customers
• 256-bit TLS encryption — all data encrypted in transit and at rest
• US-based Azure data centers — all data stored within the United States
• SSO / SAML support — Entra ID, Okta, and Active Directory integration
• On-premise deployment — available for organizations requiring full data sovereignty
• Audit logging — all administrative actions tracked and logged
• Role-based access controls — granular permissions for team members

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying you and relevant authorities of any breach in accordance with applicable law.

8 Data Retention

We retain your data only as long as necessary to provide the Services and fulfill the purposes described in this policy:

• Account Data: Retained for the duration of your subscription plus 30 days following termination.
• Chat Transcripts: Retained per your configured retention settings (default: 1 year). You may export or delete transcripts at any time.
• Training Content: Retained for the duration of your subscription. Deleted within 30 days of account termination.
• Billing Records: Retained for 7 years as required by tax and accounting regulations.
• Usage Analytics: Aggregated and anonymized data may be retained indefinitely for product improvement.

Upon account termination, you have a 30-day window to export your data. After this period, all Customer Data is permanently and irreversibly deleted from our systems.

9 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request your data in a machine-readable format.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@chatbeacon.io. We will respond within 30 days (or sooner if required by applicable law).

10 Children's Privacy

The Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at privacy@chatbeacon.io.

11 International Data Transfers

ChatBeacon is operated from the United States. If you access the Services from outside the US, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For EU/UK users, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure adequate data protection for international transfers. For on-premise customers, data remains within your designated data center.

12 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request details about the categories and specific pieces of personal information we've collected.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: We do not sell personal information and do not engage in "sharing" for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, email privacy@chatbeacon.io or call +1-918-388-5900. We will verify your identity before processing.

13 EU/UK Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) provides additional protections:

13.1 Legal Bases for Processing

• Contract: Processing necessary to fulfill our contractual obligations to you.
• Legitimate Interest: Processing necessary for our legitimate business interests (security, product improvement) balanced against your rights.
• Consent: Processing based on your explicit consent (marketing communications, optional analytics).
• Legal Obligation: Processing necessary to comply with applicable laws.

13.2 Data Protection Officer

You may contact our Data Protection Officer at dpo@chatbeacon.io. You also have the right to lodge a complaint with your local supervisory authority.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was last revised.

15 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: SmartMax Software, Inc. d/b/a ChatBeacon
• Address: Tulsa, Oklahoma, United States
• Privacy Email: privacy@chatbeacon.io
• DPO Email: dpo@chatbeacon.io
• Phone: +1-918-388-5900
• Website: www.chatbeacon.io