1. Who We Are
iamadroid Ltd (“iamadroid”, “we”, “us”) provides AI chatbot and agent services that clients embed on their own websites. We are the controller of information collected on our own site (e.g., account signup, billing) and a processor of end-user data handled by client chatbots.
2. Information We Collect
- Account data: name, email address, company name, billing details, and authentication tokens.
- Chat data: messages exchanged through AI agents, including prompts, responses, and metadata such as time, language, and session ID.
- Voice data (optional): audio snippets if voice features are enabled, processed temporarily for transcription.
- Technical data: IP address, browser type, device information, and usage logs for security and performance.
3. How We Use Information
- Provide, maintain, and improve the iamadroid Service.
- Authenticate users and manage accounts.
- Monitor usage and ensure platform security.
- Generate aggregated, anonymized statistics for service optimization.
- Send service-related communications (e.g., billing, usage alerts, product updates).
4. Legal Bases for Processing (EU/UK)
We process personal data under the following lawful bases:
- Contract: to deliver the Service to our clients.
- Legitimate interests: to secure, improve, and maintain the platform.
- Consent: for optional cookies or marketing communications.
- Legal obligation: to comply with tax, accounting, or regulatory requirements.
5. Data Roles & Responsibilities
- When you use iamadroid to create and manage chatbots, you act as the data controller for conversations with your visitors.
- iamadroid acts as your data processor, processing chat data only according to your configuration and instructions.
- For our own website visitors or clients’ account data, iamadroid is the data controller.
6. Data Retention
We retain chat logs and account data only as long as necessary:
| Plan Tier | Chat Log Retention |
|---|---|
| Free / Standard / Advanced / Premium | 3 months |
| Enterprise | 6 months |
After expiry, data is deleted or anonymized automatically by scheduled system jobs.
7. Sub-processors
We use trusted service providers for hosting and email delivery:
- Hosting: DigitalOcean (servers and managed databases)
- Email: Zoho Mail / Mailjet (transactional and notification emails)
- Analytics: Plausible Analytics (self-hosted, no cookies, anonymized stats)
The full, current list of sub-processors is maintained on our Sub-processors page.
8. Security
Data is encrypted in transit (HTTPS/TLS) and at rest. Access to production systems is limited by role-based permissions, secure keys, and audit logging. See our Security page for technical details.
9. International Transfers
Where data is transferred outside the UK or EEA, we rely on approved safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.
10. Cookies
We use minimal cookies necessary for authentication and session management. For analytics or marketing cookies (if any), consent is obtained through our banner. See our Cookie Policy for full details.
11. Your Rights
- Access, correct, or delete your personal data.
- Object to or restrict processing in certain circumstances.
- Export your data in a portable format.
- Withdraw consent for marketing (if applicable).
To exercise rights, email us at privacy@iamadroid.com. We will respond within one month, subject to verification.
12. Children’s Data
The Service is not directed at children under 16, and we do not knowingly collect their data.
13. Updates to this Policy
We may update this Privacy Policy occasionally. The “Effective date” below shows the latest revision.
14. Contact
For any privacy questions or complaints, contact our Data Protection Officer at privacy@iamadroid.com.
Effective date: 3 November 2025