Privacy Policy

1. Introduction

Aisend ("we", "our", "us") is committed to protecting the privacy and personal information of our users, clients, and website visitors. This Privacy Policy explains how we collect, use, store, share, and protect your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa and aligned with the General Data Protection Regulation (GDPR) principles for international users.

By using our services, website, or products, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account or contact us, we may collect:

• Full name
• Email address
• Phone number
• Company name and job title
• Billing and payment information

2.2 Voice and Call Data

When using our AI Voice Agent services, we may process:

• Call recordings and transcriptions
• Voice interaction data
• Call metadata (duration, timestamps, routing information)
• Caller identification data

2.3 CRM and Integration Data

When connecting third-party services, we may access:

• CRM records (contacts, deals, activities)
• Calendar and scheduling data
• Communication logs

2.4 Usage and Analytics Data

• Product usage patterns and feature interactions
• Performance metrics and scoring data
• Session data (IP address, browser type, device information)
• Cookies and tracking technologies (see our Cookie Policy)

2.5 AI-Generated Data

• Prospect profiles and intelligence reports
• Sales performance scores and analytics
• Roleplay session recordings and evaluations
• AI coaching recommendations

3. How We Use Your Information

We process personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI products and services.
• AI Processing: To power intelligent features including voice agents, sales coaching, prospect profiling, and performance analytics.
• Communication: To respond to enquiries, provide support, and send service-related notifications.
• Billing: To process payments and manage subscriptions.
• Improvement: To analyse usage patterns and improve our products, with anonymised and aggregated data where possible.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

Under POPIA and GDPR, we process personal information based on:

• Consent: Where you have given explicit consent.
• Contractual Necessity: Where processing is necessary to fulfil our service agreement with you.
• Legitimate Interest: Where processing is necessary for our legitimate business interests, balanced against your rights.
• Legal Obligation: Where processing is required by law.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access Controls: Role-based access controls with principle of least privilege.
• Infrastructure: Enterprise-grade cloud hosting with regular security audits.
• Monitoring: Continuous monitoring for unauthorised access or data breaches.
• Incident Response: Documented breach notification procedures in compliance with POPIA (within 72 hours of becoming aware of a breach).

6. Third-Party Service Providers

We may share personal information with trusted third-party providers who assist in delivering our services:

• Cloud Infrastructure: Hosting and data storage providers.
• AI Model Providers: For powering AI features (data is processed in accordance with strict data processing agreements).
• Payment Processors: For secure billing and subscription management.
• Analytics: For product improvement (anonymised data only).
• CRM Partners: For data synchronisation as configured by you.

All third-party providers are contractually bound to protect your data and process it only as instructed by us.

7. Your Rights

Under POPIA and GDPR, you have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Objection: Object to processing of your personal information for specific purposes.
• Portability: Request your data in a structured, machine-readable format.
• Withdrawal of Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@aisend.co.za. We will respond within 30 days of receiving your request.

8. Data Retention

• Account Data: Retained for the duration of your account plus 12 months after closure.
• Call Recordings: Retained for 90 days unless otherwise configured by the client.
• Analytics Data: Retained in anonymised form for up to 24 months.
• Billing Records: Retained for 5 years as required by South African tax law.

You may request early deletion of your data at any time, subject to legal retention obligations.

9. International Data Transfers

Where personal information is transferred outside South Africa, we ensure adequate safeguards are in place, including standard contractual clauses, data processing agreements, and compliance with POPIA cross-border transfer requirements.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through our platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact — Information Officer

For privacy-related enquiries or to exercise your rights:

• Email: privacy@aisend.co.za
• Subject Line: "Privacy Request — [Your Name]"
• Location: South Africa

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.