Privacy Policy

Introduction

This privacy policy ("Privacy Policy") outlines how CoAI Software Inc. and its affiliates ("CoAI," "we," or "us") handle personal information collected through the CoAI desktop app and websites (collectively, "Services"). It describes our data collection practices, including the use of cookies and related technologies, explains how you can access and update your information, and details your data protection rights under applicable laws. By using our Services, you acknowledge and consent to the practices described in this Privacy Policy.

Scope of this Privacy Policy

This Privacy Policy does not apply to data we process on behalf of our customers ("Customer Data"). Our handling of Customer Data is governed by our separate customer agreements or terms of service.

If you use our Services as an employee, contractor, or representative of one of our customers, please direct any privacy-related inquiries to that customer, as we only process your information as their service provider.

Information We Collect

The information we collect depends on how you interact with our Services. We generate User IDs to track form submissions, URL activity, page views, and usage metrics to evaluate and improve our products. When you participate in our community Discord or forum, we collect usernames and email addresses. We also gather information provided during account creation. We collect only what is necessary to fulfill your requests and our service obligations.

We automatically collect technical data about your device, including IP address, device type, unique identifiers (including advertising IDs), language settings, network information, and general location data. We also gather information about your interactions with our Services, such as referral sources and content engagement. This data collection uses cookies and similar technologies, detailed below. We use this information to enhance our Services, improve user experience, and maintain security.

We may aggregate collected information, including personal data, for statistical analysis and may share anonymous, aggregated data with third parties for promotional purposes (such as publishing usage trends).

Information We Don't Collect

We do not intentionally collect sensitive personal information, such as genetic data, biometric identifiers, health information, or religious information.

We do not knowingly collect information from children under 18. If we discover we have inadvertently collected data from a minor, we will promptly delete that account.

Legal Basis for Processing

For users in the United Kingdom or European Economic Area (EEA), we process your information only when we have valid legal grounds under UK and EU laws. These grounds include:

Contractual Necessity

We process your information to:

• Manage account access and authentication
• Maintain customer relationships
• Deliver products, services, and related communications
• Provide customer support

Legitimate Interests

We process your information to:

• Enhance and personalize your experience
• Understand service usage and develop new features
• Ensure security and prevent fraud
• Conduct internal operations and analytics
• Enforce our terms and policies
• Process payments and transactions
• Communicate about our Services
• Address your inquiries
• Conduct marketing activities
• Comply with legal obligations

Consent

We rely on your consent for:

• Marketing communications you explicitly opt into
• Cookie and similar technology usage
• Other specific processing activities where we request your permission

You may withdraw consent anytime through unsubscribe options in marketing emails or by contacting us directly.

How We Use and Protect Your Information

Information Sharing

We share your information with select third parties as outlined in this Privacy Policy or with your explicit consent.

Access to your information within CoAI is limited to employees and contractors who need it to provide our Services and who are bound by confidentiality obligations.

We may share information with professional advisors (lawyers, bankers, auditors, insurers) as needed for their services.

In the event of a business transaction (merger, acquisition, reorganization, sale), your information may be transferred. We'll ensure the recipient maintains similar privacy protections.

Service Providers

We partner with trusted service providers to support our operations. Current providers include:

• Vercel - Frontend hosting
• AWS CDN - Content delivery network
• AWS Kubernetes - Container hosting
• Resend - Email delivery
• GitHub - Code repositories and project management
• Google Analytics - Analytics
• Stripe (with Alipay HK, Wechat Pay HK) - Payments
• BetterStack - Uptime monitoring
• Discord - Community communications
• Wechat - Community communications (for Chinese Mainland users)

Our providers are contractually obligated to protect your information and may only use it to provide specified services.

Legal Requirements

We may disclose information when legally required, including to: comply with law enforcement requests, protect rights and safety, investigate fraud, or fulfill legal obligations.

We implement appropriate security measures to protect against unauthorized access or misuse of your information.

International Data Transfers

We host our Services in the United States and process data globally. Team members and service providers may be located worldwide. When transferring data outside the EEA, Switzerland, or UK to countries lacking adequate privacy protections, we implement appropriate safeguards like Standard Contractual Clauses (SCCs). You can request details about these safeguards by contacting us.

Communications

We may send registered users essential updates about security, system changes, and new features. We primarily communicate through our blog and limit direct emails. You can opt out by contacting coai@coai.dev.

We may publish support requests to help other users, but will remove personal information.

Tracking Opt-Out Options

Control your online tracking through:

• Browser cookie settings
• Browser privacy controls:
  • Firefox
  • Chrome
  • Microsoft Edge
  • Safari
• Mobile device advertising settings
• Google Analytics opt-out
• Privacy-focused browsers and plugins

Platform Controls

Major platforms offer direct opt-out tools:

• Google
• Facebook

Industry Opt-Out Tools

Additional opt-out resources:

• Digital Advertising Alliance
• Network Advertising Initiative

Do Not Track

We currently don't respond to Do Not Track signals. Learn more at http://www.allaboutdnt.com.

Your Privacy Rights

We respect privacy rights globally. For all users, we:

• Obtain clear consent when required
• Collect minimal necessary information
• Provide access to your data
• Offer control over your information

Additional rights may include:

• Data portability
• Consent withdrawal
• Processing objection
• Marketing opt-out
• Data deletion

Rights may be limited by legal requirements or legitimate interests. Some information is mandatory for account management and contractual obligations.

Exercise your rights by contacting us at coai@coai.dev.

Data Retention

Account holders can manage basic profile information through account settings.

We retain information as needed for service delivery, legal compliance, dispute resolution, and contract enforcement. Retention periods consider data type, purpose, and legal requirements. Contact us for specific retention details.

Some information may be retained indefinitely to maintain open-source integrity, such as community contributions and discussions.

Contact Us

CoAI Software Inc. controls data processed through our Services.

For privacy questions or concerns, email coai@coai.dev with "Privacy Concern" in the subject.

Policy Updates

We may update this policy as needed. Material changes will be announced by updating the policy date.

Continued use after changes indicates acceptance of the updated policy.