Privacy Policy

TellSpotAI provides an AI-powered platform that allows account owners to create public information Spots, chat experiences, knowledge bases, QR-linked pages, contact method displays, and related tools for their visitors and customers. This Privacy Policy explains how we collect, use, disclose, store, protect, and otherwise process personal information when you access or use TellSpotAI.

By using TellSpotAI, you acknowledge that your personal information will be handled as described in this Privacy Policy. This Policy does not apply to third-party websites, payment providers, AI providers, hosting providers, customer websites, messaging platforms, social networks, or integrations that we do not control.

This Privacy Policy applies to visitors to our websites and public pages, individuals who create or manage TellSpotAI accounts, End Users who interact with public Spots or AI chats, individuals who contact us for support, billing, abuse, security, privacy, or legal matters, and business customers who use TellSpotAI to provide AI-powered information experiences to their own users.

Depending on the context, TellSpotAI may act as a data controller or as a data processor/service provider. For account registration, billing administration, platform security, service analytics, support, legal compliance, and our own business operations, TellSpotAI generally acts as a controller. For visitor conversations, customer-uploaded knowledge content, Spot configuration, Customer Contact Methods, and other data processed on behalf of a Customer, TellSpotAI generally acts as a processor or service provider. In those cases, the Customer is responsible for determining the lawful basis, purpose, content, notices, consents, and instructions for processing.

3.1 Account Information

Name, email address, username or account identifier.

Passwordless authentication data, verification events, login history, and account security signals.

Organization or business name, role, permissions, account status, language preferences, account settings, and service configuration.

3.2 Spot, Knowledge Base, and Contact Method Information

Spot name, description, public link, QR code, avatar or branding where available, and public page settings.

Customer-uploaded text, markdown, files, business information, FAQs, policies, service descriptions, price lists, and other knowledge base content.

Instructions, prompts, guardrails, response preferences, usage limits, credit consumption, and feature settings.

Customer Contact Methods, such as phone numbers, email addresses, websites, WhatsApp or messaging links, social media links, booking links, addresses, labels, and ordering preferences. Customer Contact Methods may be displayed publicly when a Spot is published.

3.3 Visitor Chat Information

Messages submitted by visitors.

AI-generated responses.

Chat session identifiers.

Spot identifier and public page activity.

Approximate language preference.

Timestamp, usage events, and technical logs.

IP address, browser type, device information, approximate location derived from IP address, and similar technical data.

Abuse, safety, rate-limit, fraud, and security signals.

Answer status and outcome signals, such as whether a Spot response was answered, partially answered, unavailable from approved information, blocked, or classified as a contact request.

Short samples or summaries of unanswered visitor questions, grouped missing-information topics, timestamps, language, counts, and related analytics metadata.

Visitors should not submit sensitive personal information, payment card information, passwords, government identifiers, health information, children's information, or confidential information into a TellSpotAI chat unless the relevant Customer has clearly authorized such use and provided an appropriate legal basis and privacy notice.

3.4 Payment and Billing Information

When paid services are enabled, payment processing may be handled by third-party payment providers or merchant-of-record providers. We may receive and store limited billing-related information, such as customer name, billing email, subscription plan, payment status, invoice or receipt identifiers, billing country or tax-related information, transaction metadata, refund status, cancellation status, and renewal status. We do not intentionally store full payment card numbers on our own servers.

3.5 Support, Billing, Abuse, Security, and Communications

When you contact us, we may collect your name, contact details, account email, message content, support request details, billing request details, attachments, abuse reports, security reports, legal requests, feedback, complaints, survey responses, and related communications.

3.6 Technical and Usage Information

We may automatically collect IP address, device type, browser type, operating system, referring URL, pages visited, feature usage, error logs, security logs, session events, approximate location derived from IP address, cookies, local storage, or similar identifiers where applicable.

TellSpotAI is not designed to intentionally collect full payment card numbers, government identification documents, biometric identifiers, precise geolocation, medical records, children's personal information, or special-category or sensitive personal information unless explicitly supported under a separate written agreement and appropriate legal safeguards.

• Provide, operate, maintain, secure, and improve TellSpotAI.
• Create, authenticate, and manage accounts.
• Deliver AI chat responses based on approved Spot content.
• Process knowledge base content for retrieval and response generation.
• Generate, maintain, and serve public Spot pages, QR-linked experiences, and Customer Contact Methods.
• Manage trials, subscriptions, credits, invoices, billing, account limits, and payment status when billing is enabled.
• Provide support and respond to inquiries, billing requests, privacy requests, abuse reports, security reports, and legal requests.
• Monitor service performance, reliability, usage, fraud, abuse, spam, security incidents, and unauthorized access.
• Enforce our Terms, Acceptable Use Policy, and other policies.
• Send administrative messages, service notices, security alerts, account communications, billing communications, and marketing communications where permitted.
• Comply with legal obligations and protect the rights, safety, property, and interests of TellSpotAI, our users, customers, visitors, and the public.
• Identify missing information, repeated visitor questions, contact requests, and usage trends so Customers can improve their Spots, knowledge bases, and contact information.
• Generate aggregated analytics, date-range reports, counts, grouped topics, and similar operational insights for Customers and platform operations.

TellSpotAI uses AI systems and related infrastructure to generate responses based on platform rules, Customer-approved knowledge base content, Customer Contact Methods, visitor messages, and relevant context. AI-generated responses may be incomplete, inaccurate, outdated, or unsuitable for certain decisions.

We may send relevant prompt content, knowledge base excerpts, conversation context, Customer Contact Methods, and technical metadata to AI providers, hosting providers, infrastructure providers, and security systems as necessary to operate the service. We do not use customer-uploaded knowledge base content or visitor chat content to train third-party foundation models unless we expressly state otherwise and obtain any required permission or provide any required notice.

Where a legal basis is required, we process personal information based on one or more of the following grounds: contract, legitimate interests, consent, legal obligation, and customer instructions where we process personal information as a processor or service provider on behalf of a Customer.

We may use cookies, local storage, pixels, and similar technologies to keep users signed in, remember preferences, secure accounts and sessions, understand service usage, diagnose errors, measure performance, support analytics, and improve the product. Where required by law, we request consent before using non-essential cookies. For more details, see our Cookie Policy.

• Service providers and subprocessors: hosting and cloud infrastructure, database and storage, email delivery, AI model and AI infrastructure, payment and billing when enabled, analytics and monitoring, security and fraud prevention, customer support, and professional advisers.
• Customers: if you interact with a Customer-operated Spot, the Customer may access information associated with that Spot, including chat messages, AI responses, usage records, Customer Contact Methods, and related metadata.
• Legal and safety disclosures: we may disclose information to comply with law, enforce agreements and policies, detect or investigate fraud, abuse, security incidents, or technical issues, and protect rights, safety, property, and service integrity.
• Business transfers: information may be disclosed or transferred in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

We do not sell personal information for money. We do not knowingly share personal information for cross-context behavioral advertising unless we provide any required notice and opt-out mechanism. We do not knowingly sell or share the personal information of children.

TellSpotAI may process and store personal information in countries other than where you are located. Where required, we use appropriate safeguards for international transfers, which may include contractual protections, data processing agreements, standard contractual clauses, transfer risk assessments, adequacy mechanisms, or other lawful transfer methods.

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Actual retention may vary depending on legal requirements, security needs, disputes, customer settings, and operational requirements.

Where practical, missing-information analytics are designed to use limited samples, counts, grouping keys, timestamps, and related metadata rather than full chat transcripts.

Raw feedback signals used for missing-information analytics, such as short sample questions, response outcome, contact-request classification, and related metadata, are generally retained for up to 90 days unless a longer period is required or permitted for security, legal, billing, dispute, backup, or operational reasons. Aggregated daily analytics may be retained for up to 13 months. Billing, security, abuse, legal, and accounting records may be retained for longer as described in this Policy or required by law.

Data Category

Typical Retention Approach

Account information

Retained while the account is active and then deleted or anonymized from active systems within a reasonable period after account deletion, unless retention is required or permitted for legal, security, billing, or dispute reasons.

Spot, knowledge base, and Customer Contact Methods

Hidden or unpublished when the account or Spot is deleted where applicable, and deleted from active systems within a reasonable period, unless retention is legally required or needed for security, abuse, or dispute handling.

Visitor chat records

Retained according to customer settings, platform defaults, legal requirements, security needs, and abuse prevention needs.

Billing and transaction records

Retained as required for tax, accounting, audit, payment, dispute, and legal compliance.

Support, privacy, billing, abuse, legal, and security communications

Retained as needed for service quality, audit, investigation, dispute resolution, and legal compliance.

Security logs and abuse signals

Retained as needed to protect the platform, prevent abuse, investigate incidents, and comply with legal obligations.

Backups

Deleted or overwritten according to backup cycles. Information may remain in backups for a limited period after deletion from active systems and is not restored except for disaster recovery, security, or legal needs.

If you delete your account or request account deletion, we may disable access, unpublish or restrict public Spots, disable QR-linked pages, remove Customer Contact Methods from public display, and delete or anonymize account data, Spot data, knowledge base content, embeddings, files, and related records from active systems within a reasonable period. Some information may be retained where required or permitted for billing, tax, accounting, fraud prevention, security, legal compliance, dispute resolution, backup cycles, or legitimate operational needs.

To request help with account deletion or data requests, contact [email protected].

We use reasonable technical, administrative, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, disclosure, and destruction. These measures may include encryption in transit, access controls, authentication safeguards, role-based permissions, audit logs, security monitoring, rate limiting, abuse prevention, secure secret management, backup and recovery controls, vendor review, and vulnerability management. No system is completely secure.

• Provide appropriate privacy notices to visitors and End Users.
• Obtain any required consents or legal bases.
• Ensure uploaded knowledge base content and Customer Contact Methods are lawful, accurate, authorized, and appropriate.
• Avoid unnecessary personal information in uploaded files, prompts, instructions, and chats.
• Not use TellSpotAI for prohibited, regulated, or high-risk purposes unless expressly permitted by written agreement.
• Respond to privacy requests from their own users where the Customer acts as controller.
• Configure retention, access, contact methods, and Spot settings appropriately.
• Ensure their use of TellSpotAI complies with applicable laws.

Depending on your location and applicable law, you may have rights to access personal information, request correction, request deletion, request restriction of processing, object to processing, withdraw consent, request portability, opt out of certain marketing communications, opt out of sale, sharing, targeted advertising where applicable, limit certain sensitive information use where applicable, and lodge a complaint with a data protection authority.

To exercise privacy rights, contact [email protected]. We may need to verify your identity before responding. If your request relates to data controlled by one of our Customers, we may direct you to that Customer or process the request according to the Customer's instructions.

Saudi Arabia: Where Saudi Arabia's Personal Data Protection Law applies, individuals may have rights regarding their personal data, including rights to know how personal data is processed, access personal data, request correction, request destruction, and exercise other rights available under applicable Saudi data protection laws and regulations.

European Economic Area, United Kingdom, and Switzerland: Where GDPR, UK GDPR, or similar laws apply, you may have rights to access, rectify, erase, restrict, object, port your data, and lodge a complaint with a supervisory authority. When we process personal information as a processor on behalf of a Customer, the Customer is the controller and is responsible for responding to data subject requests.

California and other U.S. states: If applicable privacy laws apply, you may have rights to know, access, delete, correct, opt out of sale, sharing, targeted advertising, and certain profiling, limit certain sensitive personal information uses where applicable, and not be discriminated against for exercising privacy rights.

We may send service-related communications necessary for account administration, security, billing, or operation of TellSpotAI. We may send marketing communications where permitted by law. You may opt out of marketing emails by using the unsubscribe link or contacting us. Even if you opt out, we may still send non-marketing service messages.

TellSpotAI is not intended for children under 13 years of age or the equivalent minimum age under applicable local law. We do not knowingly collect personal information from children. Customers must not create Spots directed to children or use TellSpotAI to collect children's personal information unless all legally required consents and written agreements are in place.

TellSpotAI is not intended to process sensitive personal information unless expressly supported under a written agreement and appropriate safeguards. Do not submit sensitive information unless you are authorized and have confirmed the specific use is permitted.

TellSpotAI provides AI-generated informational responses. It is not intended to make legally or similarly significant decisions about individuals. Customers must not use TellSpotAI as the sole basis for employment, credit, insurance, housing, education, healthcare, legal rights, eligibility, public services, or similar decisions unless expressly permitted under a separate written agreement and applicable law.

TellSpotAI may display Customer Contact Methods or links to third-party websites, customer websites, payment pages, messaging platforms, AI services, or external resources. We are not responsible for the privacy practices, security, or content of third-party services. If you contact a Customer outside TellSpotAI, that communication is governed by the Customer and the external service used.

If you submit an abuse report, we may process the information you provide, related account data, Spot data, Customer Contact Methods, technical logs, and communications necessary to investigate and respond. Abuse reports may be sent to [email protected].

We may update this Privacy Policy from time to time. When we make changes, we will update the Last Updated date. If changes are material, we may provide additional notice, such as by posting a website notice, sending an email, or displaying an in-service notification.

• Privacy requests, account data requests, abuse reports, and support: [email protected]
• Billing and invoice matters: [email protected]
• General, legal, and business contact: [email protected]
• Website: https://tellspotai.com