Privacy Policy

Introduction

Welcome to UpLync AI — an AI-powered lead generation platform that helps small businesses capture and qualify website visitors through intelligent chat automation. We are committed to protecting the privacy and personal information of all individuals who interact with our platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit uplync.io, use our services, or interact with our chat widget.

Company Information

• Business Name: UpLync AI
• Website: https://uplync.io
• Service Portal: https://chat.uplync.io
• Contact Email: support@uplync.io
• Business Type: Software-as-a-Service (SaaS) — AI Lead Generation Platform
• Description: Automated AI chatbot for lead capture, qualification, and management for small-to-medium businesses

Information We Collect

3.1 Information You Provide Directly

When you create an account or use our services, we may collect:

• Full name and email address
• Business name and website URL
• Billing information (processed securely through third-party payment processors)
• Account credentials (username and encrypted password)
• Business content uploaded for AI training (PDFs, URLs, text)
• Communication preferences and support inquiries

3.2 Information from Website Visitors (End Users)

When visitors interact with the UpLync AI chatbot widget embedded on our customers' websites, we collect:

• Name, email address, and phone number (voluntarily provided during chat)
• Responses to qualifying questions set by our customers
• Chat conversation transcripts
• Timestamp and session metadata

3.3 Automatically Collected Information

• IP address and approximate geolocation
• Browser type, version, and operating system
• Pages visited, time spent, and navigation paths
• Device identifiers and screen resolution
• Referring URLs and cookie/tracking data

3.4 Payment Information

We do not store full payment card details on our servers. All payment transactions are handled by PCI-DSS-compliant processors. We may retain limited billing records (transaction IDs, last four digits, billing address) for accounting and compliance purposes.

How We Use Your Information

Service Delivery

• Create and manage your UpLync AI account
• Train and operate your AI chatbot with your business content
• Capture, qualify, and deliver leads via email and dashboard
• Process subscription payments and send billing notifications
• Provide customer support and respond to inquiries

Service Improvement

• Analyze usage patterns and improve platform features
• Detect and resolve technical issues
• Develop new features based on user feedback

Legal & Compliance

• Comply with applicable laws and regulations
• Enforce our Terms of Service
• Detect, prevent, and address fraud or security threats

Communications

• Send transactional emails (confirmations, password resets)
• Notify you of important service updates and policy changes
• Send marketing communications (only with your consent — opt-out available)

Legal Basis for Processing (GDPR / International)

For users in the EEA, UK, and other applicable jurisdictions, we process personal data under the following legal bases:

• Contract Performance — processing necessary to fulfill our service agreement
• Legitimate Interests — analytics, security, and fraud prevention
• Consent — marketing communications and non-essential cookies
• Legal Obligation — compliance with applicable laws and regulations

Data Sharing & Disclosure

6.1 Third-Party Service Providers

• Payment Processors: Stripe (payments and billing)
• Cloud Infrastructure: Hosting and data storage providers
• Email Services: Transactional and marketing email delivery
• AI/ML Providers: OpenAI (powering chatbot responses)
• Analytics: Usage and performance analytics

All third-party providers are contractually bound to protect your data and may only use it for specified purposes.

6.2 Business Customers

End-user lead data collected through chatbot widgets is shared with the UpLync AI customer who owns that widget. Customers are responsible for their own use of this data in accordance with applicable privacy laws.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, user safety, or the public.

6.4 Business Transfers

In the event of a merger or acquisition, your data may be transferred. We will provide 30 days' notice before your data becomes subject to a different privacy policy.

International Data Transfers

UpLync AI operates globally. Your data may be processed in countries outside your home jurisdiction, including the United States. We ensure adequate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Compliance with the EU-U.S. Data Privacy Framework where applicable
• Data Processing Agreements with all sub-processors
• Encryption of data in transit and at rest

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. Categories we use:

• Essential Cookies: Required for platform function — cannot be disabled
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and customizations
• Marketing Cookies: Used for targeted advertising (only with consent)

You may opt out of non-essential cookies through your browser settings or our cookie preference center.

Data Retention

• Account Data: Duration of subscription + 90 days after closure
• Lead Data: 24 months or until deletion is requested
• Billing Records: 7 years for tax and accounting compliance
• Chat Transcripts: 12 months unless otherwise configured
• Server Logs: 90 days for security monitoring

Upon account closure, we will delete or anonymize your personal data within 90 days, except where retention is required by law.

Your Privacy Rights

Universal Rights

• Right to Access — request a copy of data we hold about you
• Right to Correction — request correction of inaccurate data
• Right to Deletion — request deletion of your data ("right to be forgotten")
• Right to Portability — receive your data in machine-readable format
• Right to Withdraw Consent — withdraw previously given consent at any time

GDPR Rights (EEA / UK Users)

• Right to Object to processing based on legitimate interests
• Right to Restrict Processing
• Right to Lodge a Complaint with your local supervisory authority

CCPA Rights (California Residents)

• Right to Know what personal information is collected and how it's used
• Right to Delete personal information
• Right to Opt-Out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination for exercising your rights

Data Security

We implement industry-standard technical and organizational measures to protect your information:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Role-based access controls and multi-factor authentication
• Regular security audits and vulnerability assessments
• PCI-DSS compliant payment processing
• Employee data privacy training and confidentiality agreements

In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law — within 72 hours where mandated.

Children's Privacy

UpLync AI services are intended for business use by adults and are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16.

If you believe a child has provided us with personal information, please contact us at support@uplync.io and we will take immediate steps to delete it.

Third-Party Links & Services

Our platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

We are not responsible for the privacy practices, content, or security of external sites.

Payment Processing Compliance

UpLync AI is structured to meet the requirements of major international payment gateways and financial institutions.

Data Practices for Payment Provider Approval

• Clear, publicly accessible Privacy Policy (this document)
• Transparent disclosure of what personal data is collected and why
• Full disclosure of all third-party data sharing relationships
• User rights to access, correct, and delete their personal data
• Secure data handling with encryption in transit and at rest
• Documented data breach notification procedure (72-hour rule)
• No deceptive or misleading data collection practices
• Compliance with GDPR, CCPA, and applicable local laws

Supported Payment Gateway Eligibility

This Privacy Policy is designed to satisfy merchant privacy requirements for the following international payment platforms:

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this document
• Notify registered users via email at least 30 days before changes take effect
• Display a prominent notice on our website

Your continued use of our services after the effective date constitutes acceptance of the updated policy. If you do not agree, please discontinue use and contact us to close your account.