Privacy Policy

1. OVERVIEW

Alris AI provides AI-powered automation services, including AI-powered automation and workflow assistance capabilities, such as communication handling, document processing, email automation, knowledge retrieval, and task extraction functionalities. Given the nature of these services, the Platform processes business and operational data, including conversation recordings, document contents, email data, customer information, and internal business knowledge, on behalf of clients and their end users.

We are committed to processing personal data lawfully, transparently, and securely. This Policy explains precisely what data we collect, how we use it, with whom we share it, how long we retain it, and what rights you hold with respect to it.

2. DATA WE COLLECT

3. HOW WE USE YOUR DATA

We process personal data only for the following lawful purposes and where a valid legal basis exists:

• Service Delivery: To operate, maintain, and deliver the Platform services and AI-powered automation functionalities you have subscribed to, including executing automations, processing call transcripts, handling document queries, and managing integrations.
• Account Management: To create and manage your account, authenticate your identity, process subscription payments, and administer your relationship with us.
• AI Model Operation: To power AI inference and response generation. Alris does not use your data to train, fine-tune, or improve underlying AI models. Your data is used solely at inference time to fulfil your specific requests.
• Platform Improvement and Analytics: To conduct internal analytics on Platform usage patterns, diagnose technical issues, measure feature performance, and improve service quality, performed on aggregated or pseudonymized data where possible.
• Security and Fraud Prevention: To detect, investigate, and prevent unauthorised access, fraudulent activity, abuse, and violations of our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, court orders, and governmental requests, and to exercise or defend legal claims.
• Communications: To send transactional messages (OTP, account alerts, billing notifications), service updates, and where you have opted in, product news and feature updates.
• Customer Support: To respond to your support inquiries, troubleshoot issues, and provide technical assistance.
• Business Operations: To manage our operations, conduct audits, fulfil contractual obligations, and enforce our agreements.

4. DATA PROCESSOR AND DATA CONTROLLER

For the purposes of applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"):

• Alris AI acts as a Data Controller with respect to personal data collected directly from users of the Platform, including account registration data, billing data, and usage analytics.
• Alris AI acts as a Data Processor with respect to personal data processed on behalf of its enterprise clients ("Business Clients"), including call recordings, transcripts, customer data, and other End User data processed through the Platform, including where such processing occurs through conversational interfaces, automation workflows, or integrated business systems.

In such cases, the Business Client shall be the Data Controller and shall be solely responsible for ensuring a valid legal basis for processing and for fulfilling all obligations toward End Users under applicable law.

5. NO USE OF DATA FOR MODEL TRAINING

Alris AI does not use your business data, conversation recordings, document contents, email data, or customer information to train, fine-tune, benchmark, or otherwise improve any AI or machine learning model, including foundation models, proprietary models, or third-party models. Your data is private by default and is used exclusively to execute the services you have requested. This commitment applies to all subscription tiers, including free trials.

6. LEGAL BASIS FOR PROCESSING

Where applicable data protection law (including the GDPR, CCPA, or similar legislation) requires identification of a lawful basis for processing, we rely on the following:

• Contractual Necessity: Processing required to perform the contract between you and Alris, including operating the Voice Agent and Work Assist on your behalf.
• Legitimate Interests: Processing for internal analytics, security, fraud prevention, and service improvement, where our interests do not override your rights.
• Legal Obligation: Processing required to comply with applicable laws and regulatory obligations.
• Consent: Where we rely on your consent (e.g., marketing communications or non-essential cookies), you may withdraw that consent at any time without affecting the lawfulness of prior processing.

7. AUTOMATED DECISION MAKING

The Platform utilizes artificial intelligence systems to perform automated processing activities, including but not limited to communication processing, content generation, sentiment analysis, workflow automation, and task extraction. Such processing may constitute automated decision-making or profiling under applicable data protection laws. Alris AI does not make decisions that produce legal or similarly significant effects on individuals without human involvement. Any outputs generated by the Platform are intended to assist Business Clients and are subject to review and discretion by the relevant user.

Where required under applicable law, data subjects shall have the right to:

• request human intervention;
• express their point of view; and
• contest any decision made solely on automated processing.

8. SHARING AND DISCLOSURE OF PERSONAL DATA

Alris AI does not sell or share personal data (as defined under applicable law, including the CCPA/CPRA) for cross-context behavioural advertising. We do not sell your personal data. We do not disclose personal data to third parties for their independent marketing purposes. We share data only as follows:

• Service Providers: We engage carefully vetted third-party processors to support our operations, including cloud infrastructure providers (Microsoft Azure), payment processors, identity verification services, communication delivery platforms, and analytics providers. All processors operate under binding data processing agreements that restrict their use of data to the services provided to Alris.
• Business Clients: Where Alris processes data on behalf of a Business Client under a Data Processing Agreement (DPA), that client is the data controller of the relevant End User data. We process such data only on the client's documented instructions and do not independently use or disclose it.
• Healthcare Clients (HIPAA): For clients in healthcare contexts, Alris runs on Microsoft Azure and may enter into a Business Associate Agreement (BAA) with eligible clients where required based on the nature of services and applicable regulatory obligations. Protected Health Information (PHI) is handled in strict accordance with HIPAA requirements.
• Legal and Regulatory Disclosures: We may disclose data where required by law, court order, or regulatory authority, or where we have a good-faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or security incidents.
• Corporate Transactions: In the event of a merger, acquisition, asset sale, or restructuring, personal data may be transferred to the successor entity subject to the same protections under this Policy. Affected users will be notified of any material change in data controller or processing purposes.
• Aggregated and Anonymised Data: We may share aggregated, anonymized, or de-identified data with third parties for analytics or reporting purposes, provided such data cannot reasonably be used to identify any individual.

9. HEALTHCARE DATA AND HIPAA COMPLIANCE

Where Alris AI processes Protected Health Information ("PHI") on behalf of covered entities or healthcare clients, Alris acts as a "Business Associate" as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). In such cases:

• Alris enters into a Business Associate Agreement ("BAA") with the relevant client;
• PHI is processed strictly in accordance with the instructions of the covered entity;
• Alris implements administrative, technical, and physical safeguards as required under HIPAA;
• Alris adheres to the "minimum necessary" standard in the use and disclosure of PHI; and
• Alris shall notify the covered entity of any breach of unsecured PHI without unreasonable delay and in accordance with applicable legal requirements.

10. THIRD-PARTY INTEGRATIONS

The Platform supports integrations with third-party services, including Google Drive, email systems, CRM platforms, calendar and scheduling tools, ticketing systems, and internal business applications. When you authorise such integrations, data flowing through those connections is governed by both this Policy and the privacy policies of those third-party services. Alris is not responsible for the privacy practices of third-party integration partners. We strongly encourage you to review the privacy policies of any third-party services you connect with the Platform. These integrations may enable automated data exchange and workflow execution across connected systems.

11. DATA SECURITY

We implement and maintain industry-standard technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest (AES-256 or equivalent)
• Access controls and role-based permissions restricting data access to authorized personnel on a strict need-to-know basis
• Multi-factor authentication for administrative access to production systems
• Network firewalls, intrusion detection, and continuous security monitoring
• Regular security assessments, penetration testing, and vulnerability management
• Hosted on Microsoft Azure with enterprise-grade infrastructure security controls.
• Logical segregation of customer data across environments.

You acknowledge that no method of transmission over the Internet or electronic storage is 100% secure. While we employ commercially reasonable safeguards, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and must notify us immediately at contact@alris.ai if you suspect unauthorized access to your account.

12. DATA RETENTION

We retain personal data for no longer than is necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Retention periods are determined by reference to the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purpose for which the data was collected, and applicable statutory limitation periods and regulatory retention requirements.

Upon termination of your account or subscription, we will delete or anonymize your data within a commercially reasonable period unless retention is required by applicable law. Where technical constraints prevent complete deletion within that period, we will implement appropriate measures to prevent further access or use of the data pending deletion.

RETENTION CRITERIA

Retention periods vary depending on the category of personal data and the purpose of processing. In general:

• Account and billing data are retained for the duration of the contractual relationship and thereafter as required for legal and tax compliance;
• Call recordings and transcripts are retained as instructed by Business Clients and subject to contractual agreements;
• Communications data is retained for as long as necessary to resolve inquiries and maintain records of correspondence.

13. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies (including session tokens, pixels, and analytics scripts) on the Platform for the following purposes:

• Strictly Necessary Cookies: Required for the operation of the Platform, including authentication, session management, and security. These cannot be disabled without impairing core functionality.
• Analytics and Performance Cookies: Used to collect information about how the Platform is used, including pages visited, session duration, and error rates.
• Functionality Cookies: Used to remember your preferences and settings to improve your experience.
• Third-Party Analytics: We may use services such as Google Analytics. These providers may place their own cookies and are governed by their respective privacy policies.

You may control cookie settings through your browser preferences. We implement a cookie consent mechanism that allows users to provide, refuse, or withdraw consent for non-essential cookies prior to their deployment, in accordance with applicable laws. Users may modify their preferences at any time through the cookie settings interface available on the Platform.

14. COMMUNICATIONS AND CONSENT

By providing your email address or phone number, you consent to receiving transactional and service communications from us, including account notifications, OTP messages, billing alerts, and service announcements. These communications are essential to the operation of your account and cannot be opted out of while your account remains active. Where you have opted into marketing or promotional communications, you may withdraw that consent at any time by following the unsubscribe instructions in the relevant communication or by contacting us at contact@alris.ai.

15. YOUR RIGHTS

Subject to applicable law, you have the following rights with respect to your personal data:

• Right of Access: To obtain confirmation of whether we process your data and to receive a copy.
• Right to Rectification: To have inaccurate or incomplete data corrected.
• Right to Erasure: To request deletion of your data, subject to our legal obligations and legitimate interests in retention.
• Right to Restriction: To request that we limit the processing of your data in certain circumstances.
• Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format.
• Right to Object: To object to processing based on our legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, to withdraw that consent at any time.

To exercise any of these rights, please contact us at contact@alris.ai. We will respond within the timeframe required by applicable law. We may require verification of your identity before processing your request and will not discriminate against you for exercising your rights.

RIGHT TO LODGE A COMPLAINT: Where applicable under the GDPR or similar laws, you have the right to lodge a complaint with a competent supervisory authority in the jurisdiction of your habitual residence, place of work, or place of the alleged infringement.

AUTHORIZED AGENT (CCPA/CPRA): Where permitted by applicable law, you may designate an authorized agent to submit requests on your behalf. We may require the agent to provide proof of authorization and may require you to verify your identity directly with us before processing such requests.

16. INTERNATIONAL DATA TRANSFERS

Alris AI operates globally and may transfer personal data to countries other than the country in which it was collected. Where data is transferred outside the country of origin, we implement appropriate safeguards, including standard contractual clauses approved by relevant supervisory authorities, to ensure that your data receives an adequate level of protection. By using the Platform, you expressly consent to such international transfers as described in this Policy.

Where personal data is transferred outside the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, Alris implements appropriate safeguards, including the execution of Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant authorities. Data subjects may request a copy of such safeguards by contacting us at the details provided in this Policy.

17. CHILDREN'S PRIVACY

The Platform and its services are designed exclusively for businesses and professional users. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a person under 18, we will promptly delete such data. If you believe a minor has provided us with personal data, please contact us immediately at contact@alris.ai.

18. LINKS TO THIRD-PARTY WEBSITES

The Platform may contain links to third-party websites, tools, and services. We have no control over and accept no responsibility for the content, privacy practices, or data processing of any third-party website. We encourage you to review the privacy policy of each website you visit.

19. INTELLECTUAL PROPERTY

All content, software, AI models, interfaces, documentation, trade names, trademarks, and other intellectual property associated with the Platform are the exclusive property of Alris AI and The Intellify. You may not copy, reproduce, reverse-engineer, decompile, modify, distribute, or create derivative works from any part of the Platform or its outputs without our prior written consent. Unauthorised use of our intellectual property will be pursued under applicable civil and criminal law.

20. YOUR RESPONSIBILITIES

You are responsible for: (a) ensuring that any personal data of third parties you provide to or process through the Platform has been collected with appropriate consent and authority; (b) maintaining the security of your account credentials; and (c) complying with all applicable laws in your use of the Platform. If you are a Business Client deploying the Voice Agent or Work Assist in connection with your end users, you are solely responsible for obtaining all necessary consents and disclosures from those end users and for operating as a compliant data controller in your jurisdiction.

21. CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to registered users or by a prominent notice on the Platform prior to the change taking effect. Your continued use of the Platform following the effective date of any update constitutes your acceptance of the revised Policy.

22. GOVERNING LAW AND JURISDICTION

This Policy is governed by and construed in accordance with the laws of the State of Texas, United States of America, without reference to conflict of law principles. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Plano, Texas, USA. Alris reserves the right to seek injunctive or equitable relief in any jurisdiction in connection with unauthorized use of the Platform or infringement of intellectual property rights.

23. CONTACT US

For the purposes of data protection compliance, Alris AI may designate a Data Protection Officer (DPO) or a representative in applicable jurisdictions where required by law. Requests related to data protection, including the exercise of rights, may be directed to contact@alris.ai.
Where required under applicable law, details of the appointed representative shall be made available upon request.

For all privacy-related inquiries, data subject requests, or concerns regarding this Policy, please contact: