Privacy Policy
How we collect, use, and protect your information.
Autessa Inc. ("Autessa," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Services.
By agreeing to this Privacy Policy, you also understand that you have privacy obligations to others with respect to your use of the Services. Particularly, you agree that your use of others' data (including End User Data) in connection with the Services will meet or exceed any and all obligations that Autessa has to you under this Privacy Policy.
This Policy includes language with respect to compliance with applicable privacy laws and industry standards, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA), Systems and Organization Controls 2 (SOC2), and ISO 27001, where applicable.
Definitions
- "Account" means your registered account to access the Services.
- "Customer," "you," or "your" means the individual or entity using the Services.
- "Customer Data" means any data or content you upload, input, or create via the Services.
- "End User" means any individual or entity who uses or receives any application or content that you build, display, execute, or implement via the Services.
- "End User Data" means any data or content that an End User uploads, inputs, or creates via the Services.
- "Services" means the Autessa platform-as-a-service, including all features, tools, and related support.
1. When This Privacy Policy Applies
Our Policy applies to Services that we own or operate. Our Policy does not apply to information collected through other means such as by telephone, via other online services, or in person.
Our Policy does not apply to the practices of other companies or other websites or software applications that may be linked from or made available through our Services.
This Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.
2. Who May Use the Services
We do not knowingly collect personal information online from any person we know to be under the age of 18 and instruct users under 18 not to send us any information to or through the Services without their parents' consent.
The Services are designed for users from, and are controlled and operated by us from, the United States. By using the Services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.
3. Information We Collect
3.1 Information You Provide Directly
- Account Information: Name, email address, company name, mailing or billing address, telephone number, certain account numbers, and other contact details provided during registration.
- Payment Information: Billing details processed through our third-party payment processors. We do not store complete payment card numbers on our systems.
- Customer Data: Any data you upload, input, or create within the Services. This may include text, images, videos, code, or other data, and may include data used in your AI agent workflows, custom data tables, and workflow configurations.
- Communications: Information you provide when contacting our support team or communicating with us.
3.2 Information Collected Automatically
- Usage Data: Information about how you interact with our Services, including workflow executions, feature usage, and platform activity.
- Device and Technical Information: IP address, browser type, operating system, device identifiers, access times.
- Location Data: Such as GPS location, Wi-Fi location, or carrier network location.
- Log Data: Server logs recording requests made to our platform for security, performance monitoring, and troubleshooting purposes.
3.3 Cookies and Similar Technologies
We may use various technologies, including cookies, tokens, tags, web logs, web beacons, scripts, and web server logs to gather automatically collected information and may aggregate this information from visitors of our Services. This information may include demographic data, technical information about the technology you use to connect, your IP address, and browsing behavior such as pages visited ("Activity Information"). We may also use third-party analytics companies to provide these services.
"Cookies" are small files that may be placed on your computer or mobile device. You may disable cookies by adjusting your browser preferences. Disabling cookies may impact your use of the Services.
4. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and maintaining the Services | Performance of contract |
| Processing payments and billing | Performance of contract |
| Responding to support requests | Performance of contract / Legitimate interest |
| Improving and optimizing the Services | Legitimate interest |
| Security monitoring and fraud prevention | Legitimate interest / Legal obligation |
| Compliance with legal obligations | Legal obligation |
| Sending service-related communications | Performance of contract |
| Analyzing aggregate, de-identified usage patterns | Legitimate interest |
AI and Machine Learning
We do not directly provide your Customer Data to any AI model providers for the purpose of training general-purpose artificial intelligence or machine learning models. Your use of the Services may include sending your Customer Data or End User Data to a third party AI provider, however. Use of such data by the third party AI provider will be governed by the policies of such provider, and not by Autessa.
5. Data Sharing and Disclosure
We do not sell your personal information. We may share information in the following circumstances:
Service Providers
We may engage trusted third-party vendors to assist in providing the Services (e.g., cloud hosting, payment processing, customer support tools). These providers are contractually obligated to protect your data.
Government Authorities
We may disclose your information only as permitted or required by government or law enforcement authorities, or in matters involving claims of personal or public safety or in litigation.
With Your Consent
We may share information for other purposes with your explicit consent.
Business Operations & Affiliates
We may disclose your personal information to affiliated companies and partners, to the extent permitted by applicable law. In the event of a merger, acquisition, or sale, your information may be shared or transferred as part of that transaction.
6. SMS / Text Message and Phone Number Usage
Collection: Autessa may collect phone numbers when End Users voluntarily initiate an SMS communication or when a phone number is provided during account registration.
Use: Phone numbers are used solely to enable transactional and conversational SMS communications.
Storage: Autessa may store phone numbers and SMS message content securely for the purpose of delivering messages, maintaining service functionality, and complying with legal requirements.
Sharing: Phone numbers and SMS data may be shared with third-party communication providers strictly for message delivery. Autessa does not sell or share phone numbers for marketing purposes.
Opt-Out: End Users may opt out of SMS communications at any time by replying STOP. They may request assistance by replying HELP. Message frequency varies and message & data rates may apply.
7. Data Retention
We will retain your information for as long as reasonably necessary to provide you with our Services, for marketing purposes unless you opt out, or otherwise where permitted or required by applicable law. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
8. Data Security
We implement administrative, technical, and physical safeguards designed to protect your information, which include encryption of data in transit and at rest, access controls and authentication mechanisms, and security assessments and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Third-Party Integrations and Credentials
When you connect third-party services to Autessa (e.g., via OAuth or API keys), we may take additional measures to protect your credentials, including encryption, access controls, token management, and revocation.
9. Location-Specific Privacy Rights
Rights Under GDPR (EEA/UK Residents)
If you are located in the European Economic Area or United Kingdom, you have the following rights:
- • The right to be informed about how your data is collected and used.
- • The right to access and receive a copy of your personal data.
- • The right to rectification — to have inaccurate personal data corrected.
- • The right to erasure — to request deletion of your personal data.
- • The right to restrict data processing.
- • The right to data portability.
- • The right to object to processing of your data in certain circumstances.
- • The right to be aware of and object to any entirely automated decision making.
Please contact us at privacy@autessa.com to exercise any of these rights.
Rights Under CCPA (California Residents)
California residents have the right to know about collected personal information, to delete personal information, to opt-out of the sale or sharing of personal information, and the right to non-discrimination for exercising their CCPA rights.
Please contact us at privacy@autessa.com to exercise any of these rights.
10. HIPAA Compliance
Paid Plans: Autessa may offer HIPAA-compliant configurations for customers who process Protected Health Information (PHI). HIPAA-compliant features, including execution of a Business Associate Agreement (BAA), enhanced access controls, and audit logging for PHI, are available exclusively on eligible paid plans.
Free Plan Restriction: If you are using the Services under a free plan, you agree not to upload, process, store, or transmit any Protected Health Information. Free plans are not configured for HIPAA compliance.
Requesting a BAA: Customers on eligible paid plans should contact sales@autessa.com or privacy@autessa.com.
11. Your Responsibilities
You are solely responsible for determining whether your use of the Services requires compliance with any applicable laws, including HIPAA, GDPR, CCPA, or other requirements. This Privacy Policy does not govern any legal or other obligations that you may have to End Users — you are responsible for these yourself.
It is your sole obligation to understand what legal requirements you must meet based on your uses of the Services, including ensuring that your AI workflows and configurations meet such requirements.
12. International Data Transfers
Autessa is based in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.
13. Data Processing
When you use the Services to process personal data of individuals located in the EEA, United Kingdom, or Switzerland, Autessa acts as a data processor on your behalf. You remain the data controller.
For customers who require a Data Processing Addendum (DPA), these are available on eligible paid plans. Contact sales@autessa.com to request one.
14. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will become effective when we post the revised Privacy Policy on the Services. Your continued use means that you accept the revised Policy. We will provide appropriate notice and seek your consent, where required by applicable law, if we change this Policy in a material way.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Autessa Inc.
General Privacy Inquiries: privacy@autessa.com
Business Associate Agreements (HIPAA): sales@autessa.com
Data Processing Addendums (GDPR): sales@autessa.com
Data Subject Rights Requests: privacy@autessa.com
Website: https://autessa.com