Last updated: October 28, 2022

This statement describes how Technologies Botpress Inc. and its affiliates, including Botpress, Inc. ("we"), collect, processes, use and share personal information and personal data about users of the Botpress Cloud Service (the "Service") and personal information collected through our website presenting our products and services (the “Website”).

In this Privacy Statement:

Customer” means the person or business who purchased a subscription to the Service;

User” means an individual using the Service on behalf of the Customer, such as an employee of our Customer;

Conversation Data” means content inputted by an end-user into a Customer Bot in a production environment and data generated by the Customer Bot in a conversation with an end-user.

Customer Bot” means a program designed to automate interactions with end-users of a service or website, including any configuration data or other associated data that is developed using Botpress software compatible with the Cloud Services by Customer, by Persons engaged by Customer or by Botpress for the benefit of the Customer and that is hosted through the Service.

End-User” means an individual interacting with a Customer Bot hosted through our Services.

Visitor” means an individual browsing our Website.

personal data” refers to information about an identifiable individual.

The second person (you, your) refers to a Customer, User and/or End-User, depending on the context.

The contact details of the person responsible for data processing is the following:


Jean-Bernard Perron
Technologies Botpress Inc.

[email protected]

Basis for data processing

We collect and process personal data about Customers (as applicable), Users and End-Users in connection with the operation of the Service. Our processing of personal data is mainly based on the following:

  • We process personal data about Customers (as applicable) to fulfill our obligations under our agreement with Customers.
  • We process personal data about Users based on our legitimate interests to fulfill our obligations to our Customers.
  • We process personal data about End-Users on behalf of our Customers pursuant to their instructions.

We may collect and process personal data about Visitors in connection with the operation of the Website in order to improve the quality of the Website, to learn about the browsing habits of our Visitors, to organize advertising campaigns targeted based on Website traffic and to offer personalized services to our users. Our processing of personal data on the Website is based on consent where visitors voluntarily provide personal data, for example by subscribing to a newsletter, and where applicable law requires that Visitors provide explicit consent for the collection of analytics data.

Data collected through the Service

End-User Information

We collect information provided by End-Users when they interact with a Customer Bot for the purpose of providing our services to our customers and to generate analytics data from anonymized Conversation Data. We may collect technical data when End-User interact with a Customer Bot, (such as IP Address, Device ID, Operating System, device configuration) but we do not store or use such technical data.


User Information

We collect the following data about Users of the Service.

Data category

Purpose of use

Name, first name, email and password

User identification and authentication.

The content of communications transmitted by users

Respond to Users’ requests.

Analytics data which may include:

  • The operating system and language of a device;
  • The IP address from which a device accesses the Service;
  • The country, state, city and postal code where the device is located;
  • Navigation data, such as pages viewed, number of connections to the Service, duration of a session, date of connections to the Service;

Product improvement

Technical Support


Data collected through the Website

Information collected from Visitors

We collect the information that Visitors communicate to us (for example, by filling out a form) through the Website interface or otherwise. This information may include the data described below:

Data category

Purpose of use

Name

Contact Visitors

Phone number

Employment Information (Title, Employer)

Email address

Respond to Visitors’ requests and for promotional purposes (only as permitted by law)

Advertisement Retargeting

The content of the communications

Respond to Visitors requests;

Data Collected Automatically Through the Website

We collect information automatically during Visitors’ use of the Website. This information is recorded each time a Visitor interacts with the Website. Data collected includes certain information specific to Visitors’ devices and data about Visitors’ interactions with the Website, including the data described below:

Data category

Purpose of use

Analytics data which may include:

  • The operating system and language of a device;
  • The IP address from which a device accesses the Website;
  • The country, state, city and postal code where the device is located;
  • Navigation data, such as pages viewed, number of connections to the Website, duration of a session, date of connections to the Website, page from which the Website is accessed;

Personalization of the Website;

Detection of misuse;

Advertisement retargeting;


Where applicable law requires explicit consent from Visitors prior to the collection of analytics data we only collect strictly necessary data before such consent is given.

Data from analysis tools

When Visitors access the Website, we collect data from analytics tools such as Google Analytics. This data may include, for example, gender, age, interests. This data is not associated with a specific Visitor personally and is transmitted to us in aggregate form. Google Analytics may be deactivated on a browser through an add-on available at this address: https://tools.google.com/dlpag...;

Data from social networks

We collect information from social networking sites or applications (Facebook, LinkedIn, Twitter, YouTube, Google+, etc.) when Visitors interact with profiles that we operate on these social networking sites or applications. These sites or applications are also governed by their own policies relating to personal data, which may differ from ours and may be applicable.

Tracking Technology

We use browser cookies and other tracking technologies to improve the performance of the Website, to personalize Visitors’ experience on the Website, and to deliver advertisements to targeted audiences (based on Website traffic only). Visitors can control the storage of browser cookies from their browser. Cookies and trackers that are not strictly necessary for the operation of the Website will not be used without the Visitor’s consent. Some tracking technologies are provided by our suppliers, and our suppliers may be able to combine some of the data collected through the Website with other data they hold about Visitors.

Data Processing

We process the personal data collected through the Website and the Service for the purposes described below.

Communication with Users and Customers

We process personal data about Customers and Users (such as name and email address) to communicate with Customers and Users about their use of the Service. We may also send communications about our company, products and promotions, but only if Customers and Users agree to receive marketing communications from us. We comply with all applicable regulations regarding unsolicited electronic messages. If you no longer wish to receive electronic communications from us, you may notify us at any time by writing to us at [email protected]

Operation of the Service

We use the personal data collected through the Service to provide services to our Customer by processing such data in accordance with their instructions.

Algorithm Improvement

We use aggregated Conversation Data collected through the Service to train machine learning algorithms and improve our services generally. Conversation Data is never used to profile specific individuals or for advertising purposes.

Personalization of our services and Website

We use the data collected during through the Website to offer Visitors content that corresponds to their situation or interests. For example, the home page of the Website may be displayed according to language preferences and the products and services displayed may be different depending on geographic location.

Maintenance and Security

We use the data collected through the Website and the Service and data from analytics tools to monitor users' use of the Website and the Service generally, to prevent misuse of the Website or the Service, to identify problems or bugs with the Website or the Service, and to determine what features need to be improved. We may use certain data collected automatically to ensure the security of the Website, the Service and our computer systems, for example to prevent misuse or to prevent or deter fraud.

Personalized marketing and retargeting

We use the data collected through the Website to customize our advertising campaigns based on certain data collected, such as subscription to our newsletter, interest in our products and services, and clickthrough data, such as the pages visited or the products viewed on the Website. This data allows us to target audiences to partners offering advertising services. Data collected through the Service, including Conversation Data is not used for this purpose.

Data Storage and Transfer

We retain collected personal data until you or our Customer, as the case may be, request that we destroy it, or until our business no longer requires us to retain it. We do not, however, make a commitment to keep personal data for a specific period of time.

Personal data about End-Users collected through the Service (such as Conversation Data) is stored electronically by our service providers on servers located in Canada or in such other location determined by the relevant Customer.

Some data relating to the use of the Service and the Website, email automation, support requests and payments are processed by our service providers through facilities that may be located in other jurisdictions

Data generated from Google Analytics is stored on servers controlled by Google.

Personal Data about individuals outside of Canada may be transferred to Canada. Canada is recognized as an adequate jurisdiction for the transfer of Personal Data from the European Union. Certain data that is disclosed to our suppliers in accordance with this notice is transferred to other jurisdictions. We ensure that the transfer of such Personal Data is made with appropriate safeguards with regard to the nature of the Personal Data being transferred.

Security Measures

Your personal data is hosted on servers operated by our service providers and is protected by security measures proportionate with the sensitivity of the data against unauthorized access. Any financial data is subject to security measures that comply with the standards established by payment card networks.

Our employees and suppliers are informed of the confidential nature of personal data collected through the Website and the Service and are made aware of the appropriate security measures to prevent unauthorized access to personal data through an enterprise-wide cybersecurity policy.

A more complete description of the security measures in effect to protect personal data is available upon request.

Data Sharing

We only share personal data in the manner described in this statement and when we have obtained the consent of the relevant data subject. Your personal data may be disclosed to the categories of persons described below for the following purposes.

Employees

Personal data is accessible to our officers and employees who must have access to it in order to use the same as set forth in this privacy statement.

Customers

We share personal data collected through the Service about End-Users with our Customer controlling the Customer Bot with which the End-User is interacting. The Customer is the controller with respect to such personal data.

Service Providers

We share personal data with service providers that allow us to provide our services more efficiently. We only share personal data with service providers that agree in writing to keep personal data confidential and to use the same only to the extent necessary to provide us with services.

A list of our service providers processing personal data is attached as Schedule 1..

Legal obligations

We may also disclose personal data to third parties if expressly permitted or required to do so by law, or if we are compelled to do so by a competent authority. We may disclose personal data in connection with legal proceedings if necessary to protect our rights or those of our users.

Transfer of business

In the event that the sale or restructuring of all or part of our business is contemplated, we may disclose personal data to the persons or organizations involved before and after the transaction, whether or not the transaction actually takes place. In such a case, these persons or organizations commit to us to maintain the confidentiality of personal data so disclosed and to use the same exclusively for the purpose of evaluating the feasibility of the transaction and in accordance with this statement, if the transaction is completed.

Rights of Data Subjects

Data controlled by Customers

When we process your personal data on behalf of our Customers (for example if you are an End-User and you interact with a Customer Bot), you must in most cases contact our Customer to exercise your rights in connection with your personal data. When this situation applies, we will forward your requests to the relevant Customer. We are not authorized by our Customers to release information to End-Users.

Conversation Data and personal data bout Users are typically processed on behalf of our Customers.

Right of Access and Rectification

Subject to Section 8.1, if you would like to access personal data we hold about you or have inaccurate personal data modified in our files, you may make a written request at [email protected]

We will respond to your request promptly (within 30 days of receipt).

If required by law, we will provide personal data in a structured, commonly used and machine-readable format.

Withdrawal of Consent

Your browser allows you to withdraw your consent to certain processing of your personal data, in particular by preventing the recording of browser cookies.

If you wish to withdraw your consent to the processing of your personal data beyond what is permitted by the Website or your browser, please notify us by writing to us at [email protected] Using the Website or the Service entails some processing of your personal data. The only way to stop all processing of your personal data is to stop using the Website and the Service.

Deletion

Subject to Section 8.1, you may in certain circumstances request the deletion of personal data that we hold about you when its collection was not authorized. To make such a request, please write to us at [email protected]. We will respond to your request as soon as possible (no later than 30 days after receipt).

If you continue to use the Website or the Service, we will again collect certain personal data about you.

Restriction of Processing

Subject to Section 8.1, End-Users may request the restriction of the processing of their personal data where such processing is unlawful, if End-Users contest the accuracy of such personal data or where deletion of personal data is not permitted under applicable law.

Complaint

If you reside on the territory of the European Economic Area, you may lodge a complaint about our processing of personal data to the supervisory authority of your place of residence.

Our business is primarily governed by the laws and regulations applicable in Quebec and Canada and is subject to the jurisdiction of privacy protection authorities in Quebec and Canada. Other than as explicitly permitted under applicable law, any complaint or claim based on this statement or on our processing of your personal data should be addressed to the authorities in the province of Quebec or in Canada.

Identity Validation

We may verify the identity of individuals asking to exercise their rights with respect to their personal data. Any information collected to perform this verification will not be used for any other purpose.

Modifications

We may modify this Privacy Statement from time to time to reflect changes in our personal data processing practices. If a modification is made, the new statement will be available through the Service and on the Website at the following address

If we have collected your contact information, we will notify you of any material changes to our privacy statement by email before the new statement takes effect.

Additional Information

For any additional information with respect to our processing of personal data, you may contact us at the address indicated at the beginning of this privacy statement.

Schedule 1 - List of Service Providers (Subprocessors)

Data collected through the Website


Subprocessor

Purpose

Google LLC

We use Google Analytics services on the Website and on our software platform.

Google Analytics provides information about the behaviour of Website visitors, including through the use of cookies which allow Google to collect information about certain events on the Website such as the pages you visit, the length of a session or the products you view;

Data collected by Google is used in compliance with Google’s privacy policy.

Facebook Inc.

We use a “Facebook Pixel” on the Website.

Our Facebook Pixel allows Facebook to collect some information about events on the Website, such as pages visited or products viewed.

Sharing data with Facebook allows the customization of our advertising campaigns on Facebook.

Data collected by Facebook is used in conformity with Facebook Data Policy.

LinkedIn Corporation

The linkedin tags collect some information about events on the Website, such as pages visited or products viewed.

Sharing data with Linkedin allows the customization of our advertising campaigns on Linkedin.

Data collected by Linkedin is used in conformity with Linkedin Data Policy.

Hubspot

We use Hubspot services in connection with the Website.

Hubspot processes information about website traffic and visitors’ profiles for marketing purposes.

Hotjar

We use Hotjar services on the Website.

Hotjar provides information about the behaviour of Website visitors.

Salesforce

Data gathered from the Website is processed through Salesforce software services for marketing purposes.


Data collected through the Service

Subprocessor

Purpose

Amazon Web Services

AWS hosts our cloud services and all Customer Data.

AWS processes analytics information about usage of the Botpress cloud services.

Google Analytics

Google Analytics processes analytics information about usage of Botpress cloud services.

Freshdesk

Freshdesk provides help desk services.

Freshdesk processes all data provided by users for technical support purposes.