Privacy Policy – Data Processing by Chatsi, Inc. (On Behalf of Our Customers)

This Privacy Policy applies to personal data that CHATSI processes on behalf of Customers in connection with the provision of our services. It does not apply to personal data collected by CHATSI for its own business purposes, which is covered by a separate privacy policy available on our website.

CHATSI acts as a data processor when processing personal data provided by or collected on behalf of Customers through our services. Customers determine the purposes and means of processing personal data and are responsible for ensuring compliance with applicable data protection laws.

The types of personal data processed by CHATSI depend on the Customer’s use of our services and may include, but are not limited to:

• Names

• Email addresses

• Contact details

• Order details

• Customer communications

• Payment information (to the extent provided via the chatbot)

• Other data voluntarily provided by end-users during chatbot interactions

CHATSI processes personal data solely to provide services to our Customers, including:

• Facilitating chatbot interactions with end-users

• Integrating with e-commerce platforms to support transactions and inquiries

• Processing customer queries and enhancing user experience

• Supporting Customers in data management and chat activity tracking

• Providing analytics and performance insights to optimize chatbot efficiency

CHATSI processes personal data strictly in accordance with the documented instructions provided by our Customers, as set forth in our agreements and applicable data processing agreements (DPAs). We do not access, use, or disclose personal data for any purposes beyond those authorized by the Customer.

CHATSI implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of personal data, including:

• Encryption of data in transit and at rest

• Multi-factor authentication and access controls

• Internal data protection policies and staff training

• Regular security assessments and audits

• Secure storage and management of API keys and access credentials

Personal data is retained only for as long as necessary to fulfill the services provided to our Customers or as required by applicable law. Upon termination of a Customer’s agreement or upon request, personal data will be deleted or returned in accordance with the Customer’s instructions and legal requirements.

CHATSI may engage carefully vetted third-party sub-processors to assist in the delivery of our services. We require all sub-processors to implement appropriate security measures and to comply with data protection obligations consistent with this policy and our contractual agreements with Customers.

CHATSI may transfer personal data to jurisdictions outside the Customer’s country, including to the United States. We ensure that all cross-border transfers comply with applicable data protection laws by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms.

As a data processor, CHATSI assists Customers in responding to data subject requests, including requests for access, rectification, erasure, data portability, or objection to processing. Data subjects should direct their requests to the relevant Customer (data controller). Upon receiving a valid request from a Customer, CHATSI will provide reasonable assistance in fulfilling the request.

CHATSI complies with applicable data protection laws and regulations, including but not limited to:

• General Data Protection Regulation (GDPR)

• California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), where applicable

• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

If you have any questions about this Privacy Policy or our data processing practices, please contact us at:

• Chatsi, Inc.

• Email: info @ chatsi . ai

• Address: 104 E 6th South, ste 420, Heber City, Utah, 84032

• Agreement Terms

CHATSI reserves the right to update this Privacy Policy to reflect changes in our practices or applicable legal requirements from time to time. We encourage Customers and end-users to review this policy periodically.