Privacy Policy 

Last Updated: June 6, 2024

1. Introduction

At Eloquent AI, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you interact with our website, products, and services.

We aim to be transparent and straightforward in how we handle your data, and we strive to comply with applicable data protection laws and industry standards — including the General Data Protection Regulation (GDPR) where applicable, the California Consumer Privacy Act (CCPA), and internationally recognised frameworks such as SOC 2 and ISO/IEC 27001.

Please read this policy carefully. If you have any questions, contact us at privacy@eloquentai.co.

2. Who We Are

Eloquent AI, Inc. is a company registered in the United States, with its principal office at 2261 Market Street STE 22824, San Francisco, CA 94114, United States

We provide AI-based automation services for regulated industries. For the purposes of this Privacy Policy, Eloquent AI acts as the “data controller” of your personal data unless otherwise stated.

3. Scope of This Privacy Policy

This Privacy Policy applies to the personal data we collect from:

  • Site Visitors – individuals who visit our website at https://www.eloquentai.co
  • Clients – organisations or individuals who purchase or use our services or platform
  • Authorised Users – employees, contractors, or representatives who access our platform on behalf of a Client

It applies to data collected directly from you and to data we receive from third parties, in connection with your use of our website and services.

4. Definitions

For clarity, here are key terms used in this Privacy Policy:

  • Personal Data – Any information that identifies or could identify an individual, such as name, email address, IP address, or user ID
  • Processing – Any operation performed on personal data (e.g., collection, storage, use, sharing, deletion)
  • Controller – The entity that decides how and why personal data is processed
    Processor – A third party that processes data on behalf of a controller
    Aggregated Data – Data that is compiled or anonymised such that it no longer identifies any individual

5. What Data We Collect

We collect and process different types of personal data depending on how you interact with us. This may include:

a. Information you provide directly

  • Name
  • Email address
  • Company name and role
  • Contact details
  • Any other information you submit via forms, email, or during conversations with us

b. Automatically collected information

When you use our website or platform, we may collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Referring URLs
  • Log files and diagnostic information

c. Information from third parties

We may receive personal data from:

  • Service providers (e.g. analytics, CRM platforms)
  • Public sources (e.g. LinkedIn or company websites)
  • Partners or clients who refer or introduce you to us

d. Platform usage data (for customers)

If you’re using our platform, we may also collect:

  • Account activity and feature usage
  • User preferences
  • Support and feedback interactions

e. Sensitive data

We do not request or process sensitive data (e.g., health, financial details) from end users.

6. How We Use Your Data

We use your personal data for the following purposes:

a. To provide and operate our services

  • Set up and maintain user accounts
  • Enable platform features and integrations
    Provide technical and customer support

b. To communicate with you

  • Respond to your enquiries or requests
  • Send service-related updates, notifications, and administrative messages
  • Send marketing communications, where legally permitted (with opt-out options)

c. To improve our products and user experience

  • Analyse usage patterns and diagnose issues
  • Develop new features and enhance performance
  • Conduct user feedback sessions and surveys

d. For legal, compliance, and security purposes

  • Enforce our terms of service
  • Detect and prevent fraud or abuse
  • Maintain security and audit logs
  • Comply with applicable laws and regulations

We do not sell your personal data to third parties.

7. Legal Bases for Processing

We process personal data under the following legal bases, as defined by the General Data Protection Regulation (GDPR):

  • Consent – When you have explicitly agreed to our use of your data for specific purposes, such as receiving marketing communications. You may withdraw consent at any time.

  • Contractual Necessity – When processing is necessary to deliver the services you have requested or to enter into a contract with you.

  • Legitimate Interests – When we have a legitimate business interest in processing your data, provided these interests are not overridden by your rights and freedoms. This may include improving our services, securing our platform, and limited direct marketing.

  • Legal Obligation – When we are required to process data to comply with applicable laws or regulatory requirements.

8. How We Share Your Data

We only share your personal data when necessary and in line with this Privacy Policy. This may include sharing with:

a. Service Providers and Vendors

We use trusted third-party providers to support our operations — including infrastructure hosting, analytics, customer support tools, communication platforms, and CRM systems. These providers are contractually bound to protect your data and may only use it to perform services on our behalf. 

b. Business Partners and Clients

If you are an authorised user of a client (e.g. your employer), certain data such as usage activity or support interactions may be shared with that client.

c. Professional Advisors

We may share data with legal, financial, or compliance advisors where necessary for our business operations and regulatory obligations.

d. Authorities and Legal Compliance

We may disclose your data if required to comply with legal obligations, enforce our agreements, respond to lawful requests from public authorities (including to meet national security or law enforcement requirements), or protect rights and safety.

e. Corporate Transactions

In the event of a merger, acquisition, financing, or sale of assets, your personal data may be disclosed or transferred as part of that transaction — subject to safeguards and notification where required by law.

We do not sell your personal data.
We do not share it with third parties for their own marketing purposes.

9. International Data Transfers

As a company based in the United States, we may process and store your personal data in the U.S. or other countries outside of your jurisdiction, including the European Economic Area (EEA) and the United Kingdom.

When we transfer personal data internationally, we ensure that appropriate safeguards are in place, in accordance with applicable data protection laws. These may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner
  • Data processing agreements with all relevant third-party service providers
  • Additional technical and organisational measures to protect your data

By using our services or interacting with our website, you understand that your personal data may be transferred and processed in other countries.

10. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar tracking technologies to understand how our website and platform are used, improve performance, and enhance user experience.

a. Types of Cookies We Use

  • Essential Cookies – Required for the basic functionality of our website (e.g. navigation, access to secure areas).
  • Analytics Cookies – Help us understand user behaviour, traffic sources, and platform performance.
  • Marketing Cookies – Used to deliver relevant ads and track the effectiveness of campaigns.

b. Managing Your Cookie Preferences

You can manage or disable cookies at any time through:

  • Your browser settings
  • The cookie banner and preferences tool on our website
  • Opt-out mechanisms offered by third-party providers (where applicable)

Please note that disabling certain cookies may affect the functionality or performance of the site.

11. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing our services, meeting legal and regulatory requirements, resolving disputes, and enforcing our agreements.

a. Retention periods depend on the context, but generally follow these principles:

  • Client and user account data – retained while the account is active and for up to 30 days after cancellation, unless required for legal or auditing purposes
  • Support and communications records – retained for up to 24 months to improve service and resolve issues
  • Analytics and technical data – retained in aggregated or anonymised form, where possible, for trend analysis and platform optimisation
  • Marketing data – retained until you unsubscribe or withdraw consent

b. Deletion and Anonymisation

We regularly review and delete or anonymise personal data that is no longer needed. Where full deletion is not immediately feasible (e.g. in backups), we isolate the data and restrict access.

12. Your Privacy Rights

Depending on your location and applicable data protection laws, you may have specific rights regarding your personal data. These may include:

a. Rights under the General Data Protection Regulation (GDPR)

If you are located in the United Kingdom or European Economic Area, you have the right to:

  • Access – Request a copy of the personal data we hold about you
  • Rectification – Ask us to correct inaccurate or incomplete data
  • Erasure – Request that we delete your personal data (“right to be forgotten”)
  • Restriction – Ask us to limit the way we process your data
  • Data Portability – Receive your data in a structured, commonly used, machine-readable format
  • Object – Object to our processing where it is based on legitimate interests or direct marketing
  • Withdraw Consent – If you previously gave consent, you can withdraw it at any time

b. Rights under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you may have the right to:

  • Know what categories of personal information we collect, use, or share
  • Access specific pieces of personal information we have collected about you
  • Delete your personal information, subject to certain exceptions
  • Correct inaccurate personal information
  • Opt Out of the “sale” or “sharing” of your personal information
  • Limit Use and Disclosure of sensitive personal information (if applicable)

We do not sell personal data as defined under CCPA.

13. How to Exercise Your Rights

You can exercise your privacy rights at any time by contacting us at: privacy@eloquentai.co
Or in writing to: 2261 Market Street STE 22824, San Francisco, CA 94114, United States

When making a request, please:

  • Provide sufficient information for us to verify your identity (we may request additional proof, where necessary)
  • Clearly specify the right you wish to exercise and the nature of your request

We will:

  • Acknowledge your request promptly
  • Respond within the timeframes required by applicable law (e.g. within 30 days under GDPR or 45 days under CCPA)
  • Inform you if we need more time or cannot fulfil your request (and explain why)

Please note:

  • For security reasons, we may be unable to respond to a request if we cannot verify your identity
  • Some rights may be limited or excluded based on legal obligations, platform architecture, or regulatory exemptions

14. Security Measures

We implement a range of technical and organisational measures to safeguard your personal data from unauthorised access, disclosure, alteration, or destruction.

These include:

  • Data encryption (in transit and at rest)
  • Acess controls and role-based permissions
  • Network and infrastructure monitoring
  • Audit logging and regular security reviews
  • Two-factor authentication for internal systems
  • Vendor due diligence and data processing agreements
  • Employee training on data privacy and security best practices

We regularly assess our systems and processes to align with leading security frameworks, including SOC 2 and ISO/IEC 27001.

While no method of transmission or storage is 100% secure, we take appropriate steps to minimise risks and respond promptly to any potential threats.

15. Data Breach Notification

We take all reasonable measures to prevent personal data breaches. However, if a breach does occur, we will:

  • Investigate promptly to assess the scope and impact
    Contain and remediate the incident using appropriate technical and organisational measures
  • Notify affected individuals without undue delay where there is a risk to their rights or freedoms
  • Notify regulators as required under applicable laws, including GDPR and state-level data breach laws

Notifications will include:

  • The nature of the breach
  • What data was affected
  • Potential consequences
  • Steps we have taken
  • Guidance on how you can protect yourself

We maintain a breach response plan as part of our internal security programme and conduct regular reviews to ensure preparedness.

16. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal obligations, or other operational reasons.

When we make material changes, we will:

  • Update the “Last Updated” date at the top of this page
  • Provide notice on our website or through direct communication (if appropriate)

We encourage you to review this page periodically to stay informed about how we handle your personal data.

Your continued use of our services after changes to this Privacy Policy indicates your acceptance of the updated terms.

17. Supervisory Authority Contact

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

For EU/EEA users: You can find your local authority via the European Data Protection Board (EDPB)

For UK users: Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
www.ico.org.uk

18. Children’s Privacy

Our services are not intended for use by children under the age of 13. We do not knowingly collect personal data from children.

If you believe a child has provided us with personal information, please contact us immediately, and we will take steps to delete the data.

19. Contact Information

If you have any questions or concerns about this Privacy Policy or how your personal data is handled, please contact us: privacy@eloquentai.co or 2261 Market Street STE 22824, San Francisco, CA 94114, United States