Privacy Policy

2.1 Information You Provide Directly

• Account Information: Full name, email address, phone number, job title, company name, business address, billing information
• Profile Information: User preferences, account settings, profile picture, signature, and other customization data
• Communication Data: Customer service emails, chat conversations, support tickets, feedback, and other communications
• Payment Information: Credit card details, billing addresses, and transaction history (processed through secure third-party payment processors)
• Content Data: Files, documents, images, and other content you upload to or create within our platform

2.2 Information Automatically Collected

• Usage Data: Page views, feature usage, time spent on platform, click patterns, search queries, and interaction logs
• Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, time zone settings
• Performance Data: System performance metrics, error logs, response times, and diagnostic information
• Location Data: General geographic location inferred from IP address (not precise location tracking)

2.3 Information from Third Parties

• Integration Data: Information from email providers, CRM systems, and other third-party services you connect
• Authentication Data: Information from single sign-on providers (Google, Microsoft, etc.)
• Enhanced Profile Data: Publicly available business information to enhance your profile or company details

4.1 Service Provision

• Providing customer service automation and AI-powered support tools
• Processing and routing customer inquiries and support requests
• Generating automated responses and suggested actions
• Managing user accounts and maintaining service functionality
• Processing payments and managing billing

4.2 Platform Improvement

• Training and improving our AI models and algorithms
• Analyzing usage patterns to enhance user experience
• Developing new features and functionality
• Conducting quality assurance and testing
• Performing analytics and business intelligence

4.3 Communication and Support

• Providing technical support and customer service
• Sending service-related notifications and updates
• Communicating about new features, products, or services (with consent)
• Conducting surveys and collecting feedback

4.4 Security and Compliance

• Detecting, preventing, and responding to fraud, abuse, and security threats
• Complying with legal obligations and regulatory requirements
• Enforcing our terms of service and other agreements
• Protecting the rights, property, and safety of DelightDesk, our users, and others

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our business:

• Cloud Infrastructure: Amazon Web Services, Google Cloud Platform
• Payment Processing: Stripe, PayPal
• Communication Services: SendGrid, Twilio
• Analytics: Google Analytics (anonymized)
• Security: Identity verification and fraud prevention services

5.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our terms of service or other agreements
• Protect the rights, property, or safety of DelightDesk, our users, or others
• Investigate and prevent fraud, security breaches, or illegal activities

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

6.1 Security Certifications and Compliance

6.2 Advanced Technical Safeguards

• Military-Grade Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit, end-to-end encryption for sensitive communications
• Zero-Trust Architecture: Never trust, always verify principle with continuous authentication and authorization
• Advanced Access Controls: Multi-factor authentication (MFA), single sign-on (SSO), privileged access management (PAM), and just-in-time access
• Network Security: Next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), network segmentation, and DDoS protection
• Endpoint Security: Advanced endpoint detection and response (EDR), device compliance monitoring, and mobile device management
• Data Loss Prevention (DLP): Real-time monitoring and prevention of unauthorized data access and exfiltration
• Security Information and Event Management (SIEM): 24/7 security monitoring, threat detection, and automated incident response
• Vulnerability Management: Continuous vulnerability scanning, automated patching, and threat intelligence integration

6.3 Infrastructure and Cloud Security

• Multi-Cloud Architecture: Redundant infrastructure across multiple cloud providers (AWS, Google Cloud, Azure) for high availability
• Geographic Data Isolation: Data residency controls ensuring data stays within specified geographic boundaries
• Container Security: Secure container orchestration with Kubernetes, image scanning, and runtime protection
• Infrastructure as Code (IaC): Immutable infrastructure with automated security configurations and compliance checks
• Backup and Recovery: Automated, encrypted backups with point-in-time recovery and cross-region replication
• Business Continuity: Disaster recovery plans with RTO < 4 hours and RPO < 1 hour for critical data

6.4 Application Security

• Secure Development Lifecycle (SDLC): Security integrated throughout the development process from design to deployment
• Static and Dynamic Analysis: Automated code scanning for vulnerabilities, security testing, and penetration testing
• API Security: OAuth 2.0/OpenID Connect, rate limiting, API gateway protection, and comprehensive API security testing
• Web Application Firewall (WAF): Protection against OWASP Top 10 vulnerabilities and advanced web attacks
• Secure Coding Standards: OWASP guidelines, secure coding practices, and mandatory security code reviews
• Dependency Management: Automated scanning and updating of third-party dependencies for known vulnerabilities

6.5 Organizational and Administrative Safeguards

• Security Governance: Chief Information Security Officer (CISO) and dedicated security team with defined roles and responsibilities
• Employee Security Training: Annual security awareness training, phishing simulation, and role-specific security training
• Background Checks: Comprehensive background verification for all employees with access to customer data
• Incident Response: 24/7 security operations center (SOC) with documented incident response procedures and communication plans
• Vendor Risk Management: Comprehensive third-party risk assessment program with ongoing monitoring and contractual security requirements
• Physical Security: Biometric access controls, security cameras, and 24/7 monitoring at all facilities

6.6 Continuous Security Monitoring

• Security Operations Center (SOC): 24/7/365 security monitoring with certified security analysts
• Threat Intelligence: Integration with leading threat intelligence feeds and security research
• Behavioral Analytics: Machine learning-based user and entity behavior analytics (UEBA) for anomaly detection
• Penetration Testing: Quarterly penetration testing by certified third-party security firms
• Red Team Exercises: Annual adversarial security testing to validate security controls
• Bug Bounty Program: Responsible disclosure program with security researchers and ethical hackers

6.7 Privacy by Design

• Data Minimization: Collection and processing of only necessary data with automated data lifecycle management
• Purpose Limitation: Data used only for specified, explicit, and legitimate purposes
• Pseudonymization and Anonymization: Advanced techniques to protect personal data in analytics and AI training
• Privacy Impact Assessments (PIA): Mandatory assessments for all new features and data processing activities
• Consent Management: Granular consent controls with easy withdrawal mechanisms

6.8 Third-Party Security Validations

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly
• Performance Cookies: Help us understand how visitors interact with our website
• Functionality Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

9.2 Managing Cookies

You can control cookies through:

• Browser settings to block or delete cookies
• Our cookie consent manager (where applicable)
• Opt-out mechanisms for third-party tracking
• Do Not Track browser settings (where supported)

11.1 General Rights

You have the following rights regarding your personal information:

• Access: Request information about the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data (subject to legal requirements)
• Portability: Receive your personal data in a structured, machine-readable format
• Restriction: Request restriction of processing your personal data
• Objection: Object to processing based on legitimate interests

11.2 GDPR Rights (EEA/UK Residents)

If you are located in the EEA or UK, you have additional rights under GDPR:

• Withdraw Consent: Withdraw consent for processing where consent is the legal basis
• Lodge Complaints: File complaints with your local data protection authority
• Automated Decision-Making: Opt-out of solely automated decision-making processes

11.3 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

• Know: Know what personal information is collected and how it's used
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: Equal service regardless of exercising privacy rights
• Sensitive Personal Information: Limit the use of sensitive personal information

11.4 How to Exercise Your Rights

To exercise any of these rights, please:

• Use the contact form at the bottom of our homepage
• Use our in-platform privacy controls where available
• Contact our Data Protection Officer (contact details below)

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

13.1 Incident Response Program

We maintain a comprehensive incident response program that includes:

• 24/7 Security Operations Center: Round-the-clock monitoring and immediate incident detection
• Incident Response Team: Dedicated team of security experts with defined roles and escalation procedures
• Automated Response: Automated containment and mitigation procedures for common incident types
• Forensic Capabilities: In-house digital forensics team for incident investigation and evidence preservation
• Communication Plans: Pre-defined communication templates and procedures for customer and regulatory notification

13.2 Data Breach Response Timeline

13.3 Breach Notification Content

In the event of a data breach, we will provide you with:

• Nature of the security incident and data involved
• Likely consequences of the breach
• Steps we are taking to address the breach and prevent future occurrences
• Specific actions you can take to protect yourself
• Contact information for further questions and support
• Resources for credit monitoring or identity protection if applicable

13.4 Post-Incident Activities

• Root Cause Analysis: Comprehensive investigation to identify and address underlying causes
• Security Enhancements: Implementation of additional controls to prevent similar incidents
• Third-Party Validation: Independent security assessment following significant incidents
• Lessons Learned: Documentation and sharing of insights to improve overall security posture
• Regulatory Cooperation: Full cooperation with regulatory authorities and law enforcement as appropriate

14.1 AI Model Training and Data Use

Our AI and machine learning systems are designed with privacy and security at their core:

• Data Anonymization: All personal data used for AI training is anonymized and stripped of personally identifiable information
• Differential Privacy: We apply differential privacy techniques to add statistical noise that protects individual privacy
• Federated Learning: Where possible, we use federated learning approaches that keep data localized
• Purpose Limitation: AI models are trained only for the specific purposes outlined in this policy
• Data Minimization: We use the minimum amount of data necessary to achieve the desired functionality

14.2 Algorithmic Transparency and Fairness

• Bias Detection: Regular testing and monitoring for algorithmic bias across protected characteristics
• Fairness Metrics: Implementation of fairness constraints and evaluation metrics in model development
• Explainable AI: Development of interpretable models and explanation mechanisms for automated decisions
• Human Oversight: Human review processes for significant automated decisions affecting users
• Appeal Mechanisms: Procedures for users to appeal or request review of automated decisions

14.3 AI Ethics and Governance

• Ethics Board: Cross-functional AI ethics committee overseeing responsible AI development
• Impact Assessments: Algorithmic impact assessments for all AI systems affecting user data
• Continuous Monitoring: Ongoing monitoring of AI system performance and potential adverse impacts
• Third-Party Audits: Regular independent audits of AI systems for fairness, accuracy, and privacy compliance

General Privacy Inquiries

Data Protection Officer

EU Representative