1. Introduction

InstantXS Inc ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chatbot services, social media integration applications, and other cloud-based solutions.

By using our services, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our services:

• Contact Information: Name, email address, phone number, company name, and business contact details when you inquire about our services or engage with our team.
• Messages and Communications: When you interact with our AI chatbot services through Instagram, Facebook Messenger, WhatsApp, or other messaging platforms, we collect the content of your messages and conversation history.
• Social Media Information: When you connect your social media accounts (Instagram Business Account, Facebook Page) to our services, we collect account information including username, profile ID, and permissions you grant.
• Business Information: For business clients, we collect company details, industry information, service requirements, and payment information necessary for providing our services.

2.2 Information Automatically Collected

When you access our website or use our services, we automatically collect certain information:

• Usage Data: Information about how you interact with our services, including timestamps, message frequency, conversation patterns, and feature usage.
• Technical Data: IP address, browser type and version, device information, operating system, time zone settings, browser plug-in types and versions, and platform identifiers.
• Log Data: Server logs that include your IP address, access dates and times, pages viewed, time spent on pages, and referring website addresses.
• Social Media Platform Data: Information shared by integrated platforms (Instagram, Facebook, WhatsApp) in accordance with their APIs, webhooks, and data-sharing policies.

2.3 Information from Third Parties

We may receive information about you from third-party services:

• Social Media Platforms: When you use our social media integration services, platforms like Meta (Instagram/Facebook) provide us with data according to their Graph API, including message content, sender information (Instagram Scoped ID), and account metadata.
• Authentication Services: Information from authentication and verification services used to secure our platform.
• Business Partners: Information from partners who provide complementary services or refer clients to us.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• To provide, operate, and maintain our AI chatbot and social media integration services
• To process and respond to your inquiries, messages, and requests
• To facilitate communication between you and our AI systems
• To enable webhook integrations and real-time message processing
• To manage and optimize cloud infrastructure and services

3.2 AI Processing and Service Improvement

• To process your messages through third-party AI services (OpenAI, Anthropic) to generate responses
• To improve and personalize your user experience
• To analyze usage patterns, conversation quality, and service performance
• To develop new features, products, and services
• To conduct research and analytics (using anonymized and aggregated data only)

Important: We do NOT use your data to train our own AI models. Your messages are sent to third-party AI providers solely to generate responses for your conversations. These AI providers have their own data policies which govern how they may use data sent through their APIs.

3.3 Communication and Support

• To respond to your comments, questions, and customer service requests
• To send you technical notices, updates, security alerts, and administrative messages
• To provide customer support and troubleshooting assistance
• To communicate about our services, promotional offers, and company news (with your consent)

3.4 Security and Compliance

• To monitor and analyze trends, usage, and activities for security purposes
• To detect, prevent, and address technical issues, fraud, and security vulnerabilities
• To enforce our Terms of Service and other policies
• To comply with legal obligations, court orders, and regulatory requirements
• To protect the rights, property, and safety of InstantXS Inc, our users, and others

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our business:

• AI and ML Providers: Services like OpenAI, Anthropic (Claude), or other AI platforms that process messages and generate responses. Your data is passed to these services via their APIs to generate conversational responses. Please review their respective data policies to understand how they handle data sent through their APIs.
• Cloud Infrastructure: Amazon Web Services (AWS) and other cloud providers that host our applications, databases, and data storage.
• Workflow Automation: N8N and similar platforms that facilitate webhook processing and workflow automation.
• Analytics Services: Tools that help us understand service usage and improve user experience.
• Payment Processors: For processing payments and managing billing (for business clients).
• Communication Tools: Email services, customer support platforms, and CRM systems.

These service providers are contractually obligated to protect your data and use it only for the specific purposes we authorize.

4.2 Social Media Platforms

Our services integrate with social media platforms including:

• Meta Platforms (Instagram, Facebook, WhatsApp): We use Meta's Graph API and Messaging APIs to send and receive messages. Your use of these platforms is subject to Meta's Data Policy and Terms of Service.
• Other Messaging Platforms: As we expand our integrations, we may connect with additional messaging services, always in compliance with their respective policies.

We only access data that you or your social media platform explicitly authorize through API permissions and webhooks.

4.3 Business Transfers

If InstantXS Inc is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

4.4 Legal Requirements and Protection of Rights

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or governmental requests
• Enforce or apply our Terms of Service and other agreements
• Protect the rights, property, or safety of InstantXS Inc, our users, or others
• Investigate and prevent fraud, security issues, or technical problems
• Respond to claims that content violates the rights of third parties

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This data may be used for research, analytics, benchmarking, or shared with partners to improve services and industry understanding.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

5.1 Retention Periods

• Active conversation Data: Messages and conversation history are retained during active service use plus 90 days after the last interaction.
• Service Analytics Data: Anonymized usage data and analytics may be retained for up to 2 years for service improvement and business analytics purposes.
• Business Client Data: Account information, service agreements, and transaction records are retained for the duration of the business relationship plus 3 years, or as required by applicable law.
• Legal Compliance Data: Information required for legal, accounting, or regulatory purposes is retained as mandated by applicable laws.
• Log Data: Server logs and technical data are typically retained for 6-12 months for security and troubleshooting purposes.

5.2 Data Deletion

When retention periods expire, we securely delete or anonymize your personal information. You may also request deletion of your data as described in the "Your Rights and Choices" section below.

6. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using AES-256 or equivalent encryption standards.
• Access Controls: Strict access controls ensure that only authorized personnel can access personal information on a need-to-know basis.
• Secure Infrastructure: Our services are hosted on secure AWS infrastructure with regular security updates and monitoring.
• Authentication: Webhook endpoints use verification tokens and authentication mechanisms to prevent unauthorized access.
• Regular Audits: We conduct regular security assessments, vulnerability testing, and compliance reviews.
• Employee Training: Our team receives regular training on data protection, privacy best practices, and security protocols.
• Incident Response: We maintain an incident response plan to quickly address and remediate any security breaches.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

7. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

7.1 Access and Portability

• Right to Access: Request access to the personal information we hold about you.
• Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.

7.2 Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete personal information.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information, subject to legal obligations and legitimate business needs.

7.3 Control and Restriction

• Right to Restrict Processing: Request limitation of how we process your data in certain circumstances.
• Right to Object: Object to processing of your personal information based on legitimate interests or for direct marketing purposes.
• Right to Opt-Out: Opt out of marketing communications at any time by using unsubscribe links or contacting us.

7.4 Consent and Withdrawal

• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time (this does not affect the lawfulness of processing before withdrawal).

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Support Team: support@instant-xs.com
• General Inquiries: support@instant-xs.com

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Children's Privacy

Our services are not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@instant-xs.com. If we discover we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.

9. International Data Transfers

InstantXS Inc operates primarily in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country of residence. When we transfer your personal information internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by regulatory authorities
• Adequacy decisions by relevant data protection authorities
• Compliance with applicable data protection frameworks
• Ensuring third parties maintain appropriate security and privacy standards

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties we share it with.
• Right to Delete: Request deletion of your personal information (subject to certain exceptions).
• Right to Opt-Out of Sale: We do not sell personal information in the traditional sense, but if we did, you would have the right to opt out.
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights.

To exercise these rights, contact us at support@instant-xs.com with "CCPA Request" in the subject line.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

11.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for specific processing activities.
• Contract Performance: Processing is necessary to fulfill our contractual obligations to you.
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement) and does not override your fundamental rights.
• Legal Obligations: Processing is required to comply with applicable laws and regulations.

11.2 GDPR Rights

In addition to the rights listed in Section 7, GDPR provides you with:

• The right to lodge a complaint with your local data protection authority
• The right to receive detailed information about our data processing activities
• The right to object to automated decision-making and profiling

To exercise your GDPR rights or for questions about data protection, contact our Data Protection Officer at support@instant-xs.com.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website:

12.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security.
• Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and settings.
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (with your consent).

12.2 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling certain cookies may affect website functionality.

For more information, visit www.aboutcookies.org or www.allaboutcookies.org.

13. Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services you access. This Privacy Policy applies only to information collected by InstantXS Inc.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

When we make changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the revised policy on our website
• For material changes, provide prominent notice on our website or send you an email notification

Your continued use of our services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

15. Data Processing Addendum (DPA)

For business clients who require a Data Processing Addendum or have specific data protection requirements, please contact us at support@instant-xs.com to discuss a custom agreement.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company Name: InstantXS Inc
• Support Team: support@instant-xs.com
• General Inquiries: support@instant-xs.com
• Website: www.instant-xs.com

17. Consent and Acknowledgment

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

If you do not agree with this Privacy Policy, please discontinue use of our services immediately.

This Privacy Policy was last updated on November 3, 2024