DiscoveringIA ("we," "our," or "the Company") provides artificial intelligence automation services, chatbot development, lead management systems, and related digital solutions to businesses and organizations ("clients" or "you").

This Privacy Policy applies to all data collected, processed, or stored through our services, including our website, AI platforms, automation workflows, chatbot systems, and any other tools we provide.

Our core commitment: All data exchanged within our services is strictly confidential and remains exclusively between DiscoveringIA and the contracting client. We do not sell, rent, lease, or share your information with third parties under any circumstances.

By engaging our services, you agree to the terms outlined in this document.

Depending on the services contracted, we may collect and process the following categories of data:

Business & Contact Information

• Company name, registered address, and business registration details

• Contact person names, email addresses, and phone numbers

• Billing information and invoicing details

Service-Related Data

• Lead information submitted through AI-powered forms or chatbots deployed for your business

• Conversation logs generated by chatbot systems we develop and operate on your behalf

• CRM and pipeline data integrated with our automation workflows

• Analytics and performance data from automation processes

Technical Data

• Website usage data (IP addresses, browser type, pages visited) for service optimization

• API integration credentials and configuration settings

• System logs necessary for troubleshooting and service maintenance

End-User Data (Third-Party Contacts) If our AI systems interact with your customers or leads on your behalf, we may process their names, contact information, and conversation content strictly to deliver the service you have contracted. This data belongs to you as the controller, and DiscoveringIA acts solely as a data processor.

We use the data we collect exclusively for the following purposes:

• Service Delivery: To build, deploy, and maintain the AI automation tools, chatbots, and lead systems you have contracted.

• Account Management: To manage your client account, process payments, and communicate about your services.

• Technical Support: To diagnose issues, resolve errors, and improve the performance of the systems we operate for you.

• Reporting & Analytics: To provide you with performance reports, lead reports, and operational metrics relevant to your contracted services.

• Legal Compliance: To comply with applicable laws, regulations, or binding legal processes when required.

• Service Improvement: To improve our internal methodologies and tools in an anonymized, aggregated manner — never using identifiable client data.

We will never use your data for marketing to third parties, profiling beyond the scope of your contracted service, or any purpose not listed above without your explicit written consent.

DiscoveringIA does not sell, rent, trade, disclose, or otherwise transfer any client data to third parties. This is a foundational principle of our business model and not merely a policy — it is a structural commitment.

The only exceptions are strictly limited to:

• Sub-processors essential to service operation: Such as cloud hosting providers or API services strictly necessary for delivering your contracted service. All such providers are bound by confidentiality and data protection agreements no less stringent than this policy. A list of active sub-processors is available upon request.

• Legal obligations: If we are compelled by a court order, regulatory authority, or applicable law to disclose specific data, we will notify you in advance to the maximum extent permitted by law, and we will disclose only the minimum data required.

Under no circumstances do we share data with advertisers, data brokers, analytics platforms, or any commercial third party for their own benefit.

We implement industry-standard technical and organizational measures to protect your data:

• Encryption in transit (TLS/SSL) for all data communications

• Encryption at rest for stored sensitive data

• Access controls: only personnel directly involved in your account have access to your data

• Regular security reviews and vulnerability assessments

• Secure API integrations with credential management best practices

• Internal data handling policies and confidentiality agreements for all team members

In the event of a data breach affecting your information, we will notify you without undue delay and, where applicable, within the timeframes required by law (e.g., 72 hours under GDPR).

We retain your data only as long as necessary to fulfill contracted services and comply with legal obligations:

• Active service data: Retained for the duration of your service contract plus a 90-day grace period after termination.

• Billing and contractual records: Retained for up to 7 years as required by commercial and fiscal regulations.

• Technical logs: Retained for up to 90 days for debugging purposes, then automatically purged.

• Lead and chatbot interaction data: Retained as agreed in your service contract; default retention is 12 months unless otherwise specified.

Upon termination of services, you may request the export and/or deletion of your data. We will confirm deletion in writing.

As our client, you hold the following rights regarding your data:

• Right of Access: Request a copy of all personal data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete data.

• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.

• Right to Data Portability: Receive your data in a structured, machine-readable format.

• Right to Restrict Processing: Request that we limit the processing of your data under certain circumstances.

• Right to Object: Object to certain types of processing, including automated decision-making.

• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without penalty.

To exercise any of these rights, contact us at the address provided in Section 13. We will respond within 30 calendar days.

Our website may use cookies for the following strictly limited purposes:

• Essential cookies: Required for the website to function correctly (session management, security).

• Functional cookies: Remember your preferences to improve your browsing experience.

• Analytics cookies: Aggregate, anonymized data about how visitors use our site, used solely to improve our own website.

We do not use third-party advertising cookies, behavioral profiling cookies, or cross-site tracking technologies. You may configure your browser to reject cookies; however, some website features may not function correctly as a result.

Chatbots & Conversational AI Conversation data collected through chatbots deployed by DiscoveringIA for your business is owned by you as the contracting client. DiscoveringIA processes this data exclusively to operate the service. We do not train general AI models on your specific client or end-user conversations without explicit written consent.

Lead Management & Automation Lead data captured through our AI automation workflows belongs to your organization. We process it solely to execute the workflows you have configured and contracted. We do not cross-reference, combine, or sell lead data between different clients.

Automated Decision-Making Where our systems assist in automated scoring, routing, or classification of leads or contacts, these are tools to support — not replace — human judgment. You remain responsible for decisions made using AI-assisted outputs. Significant decisions affecting individuals should always involve human review.

Third-Party AI Providers Certain AI capabilities within our services rely on third-party foundation models and APIs, including providers such as OpenAI. The use of these providers is strictly limited to the internal operational needs of delivering your contracted service — they are never used to commercialize, analyze, or share your data for any external purpose.

To protect the confidentiality of your information when interacting with these providers, DiscoveringIA implements the following measures:

• Data minimization: Only the minimum data necessary to execute a specific task is sent to any third-party AI provider. Personal identifiers are removed or anonymized wherever technically feasible.

• Restricted API usage: Third-party AI APIs are configured in ways that disable data retention and model training on our requests, where such options are available (e.g., OpenAI's zero data retention settings for API usage).

• Contractual safeguards: We only integrate AI providers who offer Data Processing Agreements (DPAs) or equivalent contractual guarantees, ensuring they handle any data transmitted with the same level of confidentiality we commit to.

• No cross-client data mixing: Data from different clients is always kept isolated. No information from one client engagement is ever included in requests made on behalf of another.

• Internal access controls: Access to third-party AI integrations is restricted to DiscoveringIA personnel directly involved in your service. Credentials and API keys are managed securely and reviewed regularly.

A current list of third-party AI providers in use is available upon request. We will notify active clients of any material change to the providers we rely on.

DiscoveringIA operates in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and any national implementations thereof.

• Legal Basis: Contractual necessity, legitimate interests, and/or explicit consent

• Data Controller: DiscoveringIA (for our own business data)

• Data Processor: DiscoveringIA (for end-user data processed on behalf of clients)

• Data Processing Agreement (DPA): Available upon request and required for applicable client relationships

• Supervisory Authority: EU/EEA clients may lodge complaints with their national data protection authority

For clients outside the EU, we apply equivalent data protection standards regardless of jurisdiction.

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date at the top of this document.

• For material changes, we will notify active clients by email at least 14 days before the change takes effect.

• Continued use of our services after the effective date constitutes acceptance of the updated policy.

Previous versions are available upon request.

Acceptance of Terms By contracting services with DiscoveringIA, you confirm that you have read, understood, and agree to these Terms of Service and our Privacy Policy.

Service Scope The specific deliverables, timelines, and pricing of our services are governed by individual service agreements signed between DiscoveringIA and the client. These Terms of Service apply universally across all engagements.

Client Responsibilities

• You are responsible for ensuring that any end-user data you provide to us for processing has been collected with the appropriate legal basis and consent.

• You must not use our services for unlawful purposes, including spam, fraud, or any activity that violates applicable laws.

• You are responsible for maintaining the confidentiality of any access credentials we provide to you.

Intellectual Property Custom systems, workflows, and tools built specifically for your organization under a paid engagement are owned by you upon full payment, unless otherwise agreed in writing. DiscoveringIA retains the right to reuse general methodologies, frameworks, and non-client-specific components in future work.

Limitation of Liability DiscoveringIA provides AI and automation services in good faith and with professional care. However, AI systems involve inherent uncertainty. We are not liable for business decisions made based on AI-generated outputs. Our total liability in any event is limited to the fees paid by the client in the 3 months preceding the claim.

Governing Law These terms are governed by applicable law in the jurisdiction where DiscoveringIA is registered. Disputes shall be resolved through good-faith negotiation, and if unresolved, through the competent courts of that jurisdiction.

Termination Either party may terminate a service engagement with 30 days' written notice, unless otherwise specified in the service agreement. Upon termination, client data will be handled as described in Section 6.

For any questions, concerns, or requests related to this Privacy Policy, your data rights, or our Terms of Service:

DiscoveringIA — Legal & Privacy Email: sales@discoveringia.com Subject line: Privacy Request / Legal Inquiry Response time: Within 30 calendar days