Privacy Policy
How UZZIWAI® collects, uses and protects personal data
This Privacy Policy explains how UZZIWAI®, LLC. and its affiliates ("UZZIWAI", "we", "us") collect, use, disclose and protect personal data when you use our AI Workforce platform, websites and services (the "Services"). It is designed to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable US state privacy laws.
1. Data controller and contact
For individuals in the European Economic Area, the United Kingdom and Switzerland, UZZIWAI® acts as a data controller for personal data we collect directly from you, and as a data processor for personal data our customers process through the Services.
EU/UK representative
UZZIWAI®, LLC, 5830 East 2nd Street, Casper, Wyoming 82609, United States. Our EU representative for GDPR matters: UZZIWAI Europe, 1 Burlington Plaza, Pembroke Street, Dublin 2, D02 FH96, Ireland. Email: privacy@uzziwai.com.
Data Protection Officer
Our Data Protection Officer can be reached at dpo@uzziwai.com for any questions regarding your personal data or to exercise your rights under this policy.
2. Personal data we collect
We collect the following categories of personal data:
- Identification data — name, job title, company, business address.
- Contact data — work email, phone number, communication preferences.
- Account data — username, password (hashed), authentication tokens.
- Usage data — IP address, browser type, pages visited, interactions with our AI Employees, session logs.
- Communication data — the content of messages you exchange with our AI Employees, where you have consented or it is necessary to provide the Services.
- Customer data — personal data our customers process through the Services (e.g., their end-customers' contact details), of which UZZIWAI® is a processor.
- Billing data — invoice address, payment method (processed by our PCI-DSS compliant payment providers), transaction history.
- Marketing data — event attendance, content downloads, newsletter preferences.
3. Lawful basis for processing (GDPR Art. 6)
For individuals in the EEA/UK/CH, we process personal data on the following lawful bases:
| Processing purpose | Lawful basis | Categories of data |
|---|---|---|
| Providing and operating the Services | Performance of a contract (Art. 6(1)(b)) | Account, usage, customer data |
| Responding to inquiries and support | Legitimate interests (Art. 6(1)(f)) | Contact, communication data |
| Fulfilling legal and tax obligations | Legal obligation (Art. 6(1)(c)) | Identification, billing data |
| Marketing and product analytics | Consent (Art. 6(1)(a)) | Marketing, usage data |
| Security, fraud prevention and audit | Legitimate interests (Art. 6(1)(f)) | Usage, account data |
4. How we use your personal data
We process personal data for the following purposes:
- To provide, maintain and improve the Services, including operating AI Employees on behalf of our customers.
- To onboard, manage and administer customer accounts and user access.
- To process transactions, issue invoices and manage billing.
- To provide customer support, technical assistance and respond to inquiries.
- To communicate about product updates, events and marketing (where you have opted in).
- To detect, prevent and address fraud, security incidents and abuse.
- To comply with legal, regulatory and accounting obligations.
- To analyze and improve the performance, safety and quality of our Services.
5. Data retention
We retain personal data only as long as necessary for the purposes set out in this policy or as required by law. Conversation data processed by AI Employees is retained for the duration of the customer contract plus a configurable period (default 90 days), unless a longer retention is required for legal, audit or dispute-resolution purposes. Marketing data is retained until you opt out or until 24 months of inactivity, whichever comes first.
7. International data transfers
Personal data may be processed in the United States, the European Union and other regions where we or our sub-processors operate. For transfers from the EEA/UK/CH to countries that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and supplementary measures such as encryption and access controls to ensure an essentially equivalent level of protection.
8. Your rights — EEA, UK and Switzerland (GDPR)
You have the following rights regarding your personal data:
- Right of access — to obtain a copy of your personal data (Art. 15).
- Right to rectification — to correct inaccurate or incomplete data (Art. 16).
- Right to erasure — to request deletion of your personal data (Art. 17).
- Right to restriction — to limit how we process your data (Art. 18).
- Right to data portability — to receive your data in a structured, machine-readable format (Art. 20).
- Right to object — to object to processing based on legitimate interests or for direct marketing (Art. 21).
- Rights regarding automated decision-making — including profiling (Art. 22).
- Right to withdraw consent — at any time, where processing is based on consent.
- Right to lodge a complaint — with your local data protection authority, or the Irish Data Protection Commission (our EU lead authority).
9. Your rights — United States (CCPA/CPRA and state laws)
If you are a resident of California, Colorado, Connecticut, Virginia, Utah or another US state with a comparable privacy law, you have the following rights:
- Right to know — the categories and specific pieces of personal data we collect, and the categories of sources, purposes and recipients.
- Right to delete — to request deletion of your personal data, subject to exceptions.
- Right to correct — to request correction of inaccurate personal data.
- Right to opt out of sale or sharing — we do not sell personal data; you may opt out of any sharing for cross-context advertising by contacting privacy@uzziwai.com.
- Right to limit use of sensitive personal data — we do not process sensitive personal data beyond what is strictly necessary.
- Right to non-discrimination — we will not discriminate against you for exercising your rights.
- Right to authorize — for consumers under 16, parental or guardian authorization is required.
How to exercise your rights
Submit requests via privacy@uzziwai.com or our Privacy Request portal. We verify your identity before responding and aim to respond within 45 days (extendable by 45 days where necessary, with notice).
10. Security measures
We implement industry-standard technical and organizational measures to protect personal data, including: TLS 1.3 encryption in transit; AES-256 encryption at rest; role-based access controls with least-privilege principles; multi-factor authentication; immutable audit logs; regular penetration testing; annual SOC 2 Type II audits; and a documented incident response process. Despite these measures, no system is perfectly secure, and we cannot guarantee absolute security.
11. Children's privacy
The Services are not directed to children under 16 (under 13 in the US where parental consent is required by COPPA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@uzziwai.com and we will delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will notify customers of material changes via email or in-product notice at least 30 days before they take effect. The 'last updated' date at the top reflects the most recent revision.
14. Contact us
For any questions about this Privacy Policy or to exercise your rights, contact our Data Protection Officer at dpo@uzziwai.com or by post to: UZZIWAI®, Attn: Privacy/DPO, 5830 East 2nd Street, Casper, Wyoming 82609, USA.
