Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and informs You about Your privacy rights and how the law protects You. We use Your Personal Data and Integration Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions
For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
• Application refers to MightyBot Copilot, the software program provided by the Company.
• Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of processing such information, alone or jointly with others, and that does business in the State of California.
• CCPA and/or CPRA refers to the California Consumer Privacy Act (the "CCPA") as amended by the California Privacy Rights Act of 2020 (the "CPRA").
• Company (referred to as either "the Company", "We", "Us", or "Our" in this Agreement) refers to MightyBot Inc, 2651 Ross Road, Palo Alto, CA 94303. For the purpose of the GDPR, the Company is the Data Controller.
• Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident, as defined in the law.
• Cookies are small files placed on Your computer, mobile device, or any other device by a website, containing details of Your browsing history on that website among its many uses.
• Country refers to: California, United States.
• Data Controller, for the purposes of the GDPR, refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
• Device means any device that can access the Service, such as a computer, cellphone, or digital tablet.
• Do Not Track (DNT) is a concept promoted by U.S. regulatory authorities, particularly the U.S. Federal Trade Commission (FTC), for allowing internet users to control the tracking of their online activities across websites.
• GDPR refers to the EU General Data Protection Regulation.
• Integration Data means data received from integrations with third-party services (e.g., Google Workspace, Salesforce, HubSpot, Slack) provided by You or on Your behalf to enable the functionality of the Service.
• Personal Data is any information that relates to an identified or identifiable individual.
  • For GDPR purposes, Personal Data means any information relating to You such as a name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
  • For CCPA/CPRA purposes, Personal Data means any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
• Service refers to the Application or the Website or both.
• Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service, perform related services, or assist in analyzing how the Service is used. For GDPR purposes, Service Providers are considered Data Processors.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., duration of a page visit).
• Website refers to MightyBot, accessible from http://www.mightybot.ai.
• You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, You may be referred to as the Data Subject or User.

Collecting and Using Your Personal Data and Integration Data

Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Usage Data

Usage Data
Usage Data is collected automatically when using the Service and may include:

• Your Device’s Internet Protocol (IP) address
• Browser type and version
• Pages of Our Service that You visit
• Time and date of Your visit
• Time spent on those pages
• Unique device identifiers and other diagnostic data

When You access the Service via a mobile device, We may collect additional information such as mobile device type, unique ID, IP address, operating system, browser type, and other diagnostic data.

Integration Data
To provide features of Our Service, We may collect Integration Data from third-party services You integrate with the Service (e.g., Google Workspace, Salesforce, HubSpot, Slack). This data may include:

• Documents, emails, or other content stored in integrated systems
• Metadata associated with such content (e.g., timestamps, user IDs)
• Other data necessary to enable Service functionality

We collect Integration Data only with Your authorization and use it solely to provide the Service as agreed. Integration Data is handled with high confidentiality and security, as detailed below.

Information Collected While Using the Application
With Your prior permission, We may collect:

• Information regarding Your location

This information is used to provide, improve, and customize Our Service. You can enable or disable access to this information at any time through Your Device settings.

Tracking Technologies and Cookies
We use Cookies and similar tracking technologies (e.g., beacons, tags, scripts) to track activity on Our Service and store certain information. These include:

• Cookies or Browser Cookies: Small files placed on Your Device. You can refuse Cookies via browser settings, though this may limit Service functionality.
• Web Beacons: Small electronic files in Our Service or emails to count users or verify system integrity.

Cookies may be "Persistent" (remaining offline) or "Session" (deleted when You close Your browser). We use:

• Necessary/Essential Cookies: For authentication and fraud prevention (Session, Administered by Us).
• Cookies Policy/Notice Acceptance Cookies: To identify acceptance of Cookies (Persistent, Administered by Us).
• Functionality Cookies: To remember Your preferences (Persistent, Administered by Us).
• Tracking and Performance Cookies: To analyze usage (Persistent, Administered by Third-Parties).

For more details, visit Our Cookies Policy section.

Use of Your Personal Data and Integration Data

Personal Data
The Company may use Personal Data for the following purposes:

• To provide and maintain Our Service, including monitoring usage.
• To manage Your Account and provide registered user functionalities.
• For contract performance (e.g., processing purchases).
• To contact You via email, phone, SMS, or push notifications about updates or security matters.
• To provide news, offers, or information about similar services (unless You opt out).
• To manage Your requests to Us.
• To deliver targeted advertising (with third-party vendors).
• For business transfers (e.g., mergers, acquisitions).
• For other purposes like data analysis, trend identification, and Service improvement.

Integration Data
Integration Data is used solely to:

• Provide the Service as agreed between You and the Company (e.g., processing Google Workspace data for AI-driven features).
• Improve the Service’s functionality for Your benefit (e.g., analytics to optimize performance).

We do NOT use Integration Data or Personal Data for:

• Training generalized AI or machine learning models. Data from integrations (e.g., Google Workspace, Salesforce, HubSpot, Slack) or other sources is not used for this purpose.

Sharing of Data
We may share Your Personal Data or Integration Data in these situations:

• With Service Providers: To monitor, analyze, or provide the Service (e.g., analytics securely via LangSmith, PostHog, Sentry, Portkey; LLM access securely via OpenAI, Anthropic, Google Gemini, xAI, Groq).
• For Business Transfers: During mergers, sales, or asset transfers.
• With Affiliates: Under the same privacy obligations.
• With Business Partners: For specific offerings, with Your consent.
• With Your Consent: For other purposes You approve.

All Service Providers are bound by strict confidentiality agreements and may only use data as necessary to provide the Service. Integration Data is protected from unauthorized secondary use.

Retention of Your Personal Data and Integration Data

Personal Data
We retain Personal Data only as long as necessary for the purposes in this Privacy Policy, or to comply with legal obligations, resolve disputes, or enforce agreements. Usage Data is retained for shorter periods unless needed for security or functionality improvements.

Integration Data
Integration Data is retained only as long as necessary to provide the Service or as required by law. Upon termination of Your Subscription or at Your request, We will securely delete or return Integration Data within 30 days, unless legally required to retain it. Contact Us at support@mightybot.ai for confirmation or specific timelines.

Transfer of Your Personal Data and Integration Data

Your information, including Personal Data and Integration Data, may be processed at Our operating offices or other locations where Service Providers are based, potentially outside Your jurisdiction. We ensure secure treatment of Your data per this Privacy Policy, with adequate controls for any transfers.

Delete Your Personal Data and Integration Data

You may delete or request deletion of Personal Data or Integration Data We hold about You via Your Account settings or by contacting Us. We may retain certain data if legally required. For Integration Data, see the “Data Retention, Deletion, and Return” section in the Terms & Conditions.

Disclosure of Your Personal Data and Integration Data

Business Transactions
If involved in a merger or sale, Your Personal Data or Integration Data may be transferred with prior notice.
Law Enforcement
We may disclose data if required by law or valid public authority requests.
Other Legal Requirements
We may disclose data to comply with legal obligations, protect rights, prevent wrongdoing, or ensure safety.

Security of Your Personal Data and Integration Data

We prioritize the security of Your Personal Data and Integration Data, using industry-standard measures including:

• Access Controls: Limiting access to authorized personnel only.
• Encryption: Protecting data in transit and at rest.
• Data Handling Protocols: Ensuring secure processing and storage.

While no method is 100% secure, We strive to use commercially acceptable means to safeguard Your data. For more details, contact Us at support@mightybot.ai.

Incident Notification

If a security incident affects Your Personal Data or Integration Data, We will notify You within 72 hours of detection via email, detailing the incident, its impact, and Our mitigation steps, unless otherwise required by law.

Detailed Information on Processing by Service Providers

Service Providers may access Your Personal Data or Integration Data under strict confidentiality terms. Approved subprocessors include:

• Analytics: LangSmith (https://www.langchain.com/privacy-policy), PostHog (https://posthog.com/privacy), Portkey (privacy policy available upon request).
• LLM Access: OpenAI (https://openai.com/privacy), Anthropic (https://www.anthropic.com/privacy), Google Gemini (https://policies.google.com/privacy), xAI (privacy policy available upon request), Groq (https://groq.com/privacy).
• Other: Google Analytics (https://policies.google.com/privacy), Sentry (https://sentry.io/privacy), QuickBooks Online (https://www.intuit.com/privacy/statement/).

These providers process data only as necessary to support the Service.

GDPR Privacy

Legal Basis for Processing
We process Personal Data under: Consent, Contract Performance, Legal Obligations, Vital Interests, Public Interests, or Legitimate Interests. Contact Us for clarification.

Your GDPR Rights
If in the EU, You may:

• Request access, correction, or erasure of Your Personal Data.
• Object to or restrict processing.
• Request data transfer.
• Withdraw consent.

Exercise these rights by contacting Us at support@mightybot.ai.

CCPA/CPRA Privacy Notice

Categories Collected
We may collect:

• A: Identifiers (e.g., name, email) – Yes
• B: Customer Records (e.g., phone) – Yes
• D: Commercial Info (e.g., purchase history) – Yes
• F: Internet Activity (e.g., browsing) – Yes
• G: Geolocation – Yes
• L: Sensitive Info (e.g., login credentials) – Yes
• Others (C, E, H, I, J, K) – No

Sources
Directly from You, indirectly via usage, or from Service Providers.

Use and Disclosure
For business purposes (e.g., Service provision, security). We may share with Service Providers, affiliates, or partners, but do not “sell” as commonly understood—only for permitted purposes under CCPA/CPRA.

Your Rights
California residents may request access, deletion, correction, opt-out of sales, or limit sensitive data use. Contact Us at support@mightybot.ai.

Children’s Privacy

We do not knowingly collect data from those under 13. Contact Us if You believe a child has provided data.

Links to Other Websites

We are not responsible for third-party sites linked from Our Service.

Changes to This Privacy Policy

We may update this policy, notifying You via email or Service notice. Review periodically.

Contact Us

For questions:

• Email: support@mightybot.ai

‍

‍