European Union & United StatesUpdated January 14, 2025

Privacy Policy

How UZZIWAI® collects, uses and protects personal data

This Privacy Policy explains how UZZIWAI®, LLC. and its affiliates ("UZZIWAI", "we", "us") collect, use, disclose and protect personal data when you use our AI Workforce platform, websites and services (the "Services"). It is designed to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable US state privacy laws.

1. Data controller and contact

For individuals in the European Economic Area, the United Kingdom and Switzerland, UZZIWAI® acts as a data controller for personal data we collect directly from you, and as a data processor for personal data our customers process through the Services.

EU/UK representative

UZZIWAI®, LLC, 5830 East 2nd Street, Casper, Wyoming 82609, United States. Our EU representative for GDPR matters: UZZIWAI Europe, 1 Burlington Plaza, Pembroke Street, Dublin 2, D02 FH96, Ireland. Email: privacy@uzziwai.com.

Data Protection Officer

Our Data Protection Officer can be reached at dpo@uzziwai.com for any questions regarding your personal data or to exercise your rights under this policy.

2. Personal data we collect

We collect the following categories of personal data:

  • Identification data — name, job title, company, business address.
  • Contact data — work email, phone number, communication preferences.
  • Account data — username, password (hashed), authentication tokens.
  • Usage data — IP address, browser type, pages visited, interactions with our AI Employees, session logs.
  • Communication data — the content of messages you exchange with our AI Employees, where you have consented or it is necessary to provide the Services.
  • Customer data — personal data our customers process through the Services (e.g., their end-customers' contact details), of which UZZIWAI® is a processor.
  • Billing data — invoice address, payment method (processed by our PCI-DSS compliant payment providers), transaction history.
  • Marketing data — event attendance, content downloads, newsletter preferences.

3. Lawful basis for processing (GDPR Art. 6)

For individuals in the EEA/UK/CH, we process personal data on the following lawful bases:

Processing purposeLawful basisCategories of data
Providing and operating the ServicesPerformance of a contract (Art. 6(1)(b))Account, usage, customer data
Responding to inquiries and supportLegitimate interests (Art. 6(1)(f))Contact, communication data
Fulfilling legal and tax obligationsLegal obligation (Art. 6(1)(c))Identification, billing data
Marketing and product analyticsConsent (Art. 6(1)(a))Marketing, usage data
Security, fraud prevention and auditLegitimate interests (Art. 6(1)(f))Usage, account data

4. How we use your personal data

We process personal data for the following purposes:

  • To provide, maintain and improve the Services, including operating AI Employees on behalf of our customers.
  • To onboard, manage and administer customer accounts and user access.
  • To process transactions, issue invoices and manage billing.
  • To provide customer support, technical assistance and respond to inquiries.
  • To communicate about product updates, events and marketing (where you have opted in).
  • To detect, prevent and address fraud, security incidents and abuse.
  • To comply with legal, regulatory and accounting obligations.
  • To analyze and improve the performance, safety and quality of our Services.

5. Data retention

We retain personal data only as long as necessary for the purposes set out in this policy or as required by law. Conversation data processed by AI Employees is retained for the duration of the customer contract plus a configurable period (default 90 days), unless a longer retention is required for legal, audit or dispute-resolution purposes. Marketing data is retained until you opt out or until 24 months of inactivity, whichever comes first.

6. Data sharing and recipients

We share personal data with the following categories of recipients:

  • Sub-processors — third-party providers that help us deliver the Services (see our Sub-processors list).
  • Cloud and AI infrastructure providers — hosting, model inference and vector storage.
  • Payment processors — PCI-DSS compliant providers that handle billing.
  • Communications providers — email, SMS, voice and messaging gateways.
  • Professional advisors — legal, accounting and audit firms under confidentiality obligations.
  • Authorities — where required by law, court order or to protect our rights and safety.

We do not sell your personal data

UZZIWAI® does not sell personal data to third parties for monetary or other valuable consideration, as defined under CCPA. We do not share personal data for cross-context behavioral advertising.

7. International data transfers

Personal data may be processed in the United States, the European Union and other regions where we or our sub-processors operate. For transfers from the EEA/UK/CH to countries that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and supplementary measures such as encryption and access controls to ensure an essentially equivalent level of protection.

8. Your rights — EEA, UK and Switzerland (GDPR)

You have the following rights regarding your personal data:

  • Right of access — to obtain a copy of your personal data (Art. 15).
  • Right to rectification — to correct inaccurate or incomplete data (Art. 16).
  • Right to erasure — to request deletion of your personal data (Art. 17).
  • Right to restriction — to limit how we process your data (Art. 18).
  • Right to data portability — to receive your data in a structured, machine-readable format (Art. 20).
  • Right to object — to object to processing based on legitimate interests or for direct marketing (Art. 21).
  • Rights regarding automated decision-making — including profiling (Art. 22).
  • Right to withdraw consent — at any time, where processing is based on consent.
  • Right to lodge a complaint — with your local data protection authority, or the Irish Data Protection Commission (our EU lead authority).

9. Your rights — United States (CCPA/CPRA and state laws)

If you are a resident of California, Colorado, Connecticut, Virginia, Utah or another US state with a comparable privacy law, you have the following rights:

  • Right to know — the categories and specific pieces of personal data we collect, and the categories of sources, purposes and recipients.
  • Right to delete — to request deletion of your personal data, subject to exceptions.
  • Right to correct — to request correction of inaccurate personal data.
  • Right to opt out of sale or sharing — we do not sell personal data; you may opt out of any sharing for cross-context advertising by contacting privacy@uzziwai.com.
  • Right to limit use of sensitive personal data — we do not process sensitive personal data beyond what is strictly necessary.
  • Right to non-discrimination — we will not discriminate against you for exercising your rights.
  • Right to authorize — for consumers under 16, parental or guardian authorization is required.

How to exercise your rights

Submit requests via privacy@uzziwai.com or our Privacy Request portal. We verify your identity before responding and aim to respond within 45 days (extendable by 45 days where necessary, with notice).

10. Security measures

We implement industry-standard technical and organizational measures to protect personal data, including: TLS 1.3 encryption in transit; AES-256 encryption at rest; role-based access controls with least-privilege principles; multi-factor authentication; immutable audit logs; regular penetration testing; annual SOC 2 Type II audits; and a documented incident response process. Despite these measures, no system is perfectly secure, and we cannot guarantee absolute security.

11. Children's privacy

The Services are not directed to children under 16 (under 13 in the US where parental consent is required by COPPA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@uzziwai.com and we will delete it.

12. Cookies and similar technologies

We use essential cookies to operate the Services, and analytics cookies to understand usage. We do not use cookies for cross-context behavioral advertising. You can manage cookie preferences through your browser settings or our cookie banner. Where consent is required (e.g., in the EEA/UK), we obtain it before setting non-essential cookies.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify customers of material changes via email or in-product notice at least 30 days before they take effect. The 'last updated' date at the top reflects the most recent revision.

14. Contact us

For any questions about this Privacy Policy or to exercise your rights, contact our Data Protection Officer at dpo@uzziwai.com or by post to: UZZIWAI®, Attn: Privacy/DPO, 5830 East 2nd Street, Casper, Wyoming 82609, USA.