Legal
Global Privacy & Data Governance Policy
Corporate Ownership & Operational Scope: This website, along with its associated software applications, API endpoints, conversational interfaces, and unified customer workflows (collectively, the "Services"), is owned and operated by NeekOS Business AI Inc. (doing business as, and hereinafter referred to interchangeably as, Evamb or evamb.io).
§Preamble & Compliance Positioning
This Global Privacy & Data Governance Policy ("Privacy Policy") establishes the operational guidelines and legal frameworks governing the collection, transit, storage, processing, and programmatic erasure of Personal Data. This ecosystem is engineered to support compliance with major international data protection frameworks, including but not limited to:
- The European Union General Data Protection Regulation (GDPR);
- The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA);
- India's Digital Personal Data Protection Act (DPDP Act);
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25;
- Brazil's Lei Geral de Proteção de Dados (LGPD);
- The Australian Privacy Act 1988 and the New Zealand Privacy Act 2020;
- The United States Telephone Consumer Protection Act (TCPA) and Canadian Anti-Spam Legislation (CASL).
To manage changing technological landscapes and future legal updates (such as infrastructure modifications, provider dependencies, and changing regulator interpretations), this policy intentionally avoids absolute declarations. Terms such as always, never, guaranteed, fully, complete, impossible, immutable, or secure are replaced with qualified expressions such as generally, designed to, intended to, may, subject to, or commercially reasonable. This represents our commitment to operational integrity while recognizing the realities of enterprise cloud software delivery.
1.Legal Taxonomy of Personal Data Collected
NeekOS Business AI Inc. processes information that identifies, references, describes, or is reasonably capable of being associated with an identifiable natural person or device. The categories of data processed generally include:
1.1Identity Identifiers
Legal names, corporate or personal email aliases, phone numbers, online account indicators, and Internet Protocol (IP) addresses.
1.2Conversational Interaction Artifacts
Real-time text streams from live chats, processed voice-to-text transcripts, short message service text payloads, user-submitted prompts, and telephonic audio recordings.
1.3Architectural Metadata
Technical event logs, basic data routing parameters, session connection timestamps, security indicators, and platform performance logs.
1.4Transactional & Operational Records
Reservation details, resource scheduling timelines, user configuration flags, support desk entries, and billing account profiles.
2.Legal Bases for Processing (EEA, UK, and Switzerland)
For individuals located within the European Economic Area (EEA), United Kingdom, or Switzerland, processing operations are supported by recognized lawful bases. NeekOS Business AI Inc. generally processes personal data under the following prongs:
2.1Explicit and Affirmative Consent
Where individuals record a voluntary, specific choice to authorize browser tracking cookies, opt into promotional contact lists, or activate optional platform features.
2.2Contractual Performance
Where processing is required to establish user accounts, handle reservations, coordinate automated scheduling requests, and execute actions necessary to fulfill commitments requested directly by the data subject.
2.3Statutory Legal Obligations
To respond to valid judicial requests, preserve tax and financial safety statements, or satisfy mandatory regulatory record-keeping duties.
2.4Legitimate Interests
To maintain platform infrastructure stability, identify fraudulent activities, run network firewalls, and deploy mechanisms intended to defend our systems against cyberattacks, spam, or abuse.
3.Artificial Intelligence, Machine Learning, & Content Ownership
As an AI-driven software environment, our platform utilizes natural language processing (NLP), machine learning workflows, and automated messaging logic to deliver our software capabilities.
3.1Ingestion of Prompts & Inputs
Contextual customer inputs, structured prompts, text blocks, and files uploaded by users are processed by our system to generate responses and execute automated actions. These elements are stored to support service continuity and platform configuration management.
3.2Explicit AI Model Training Protections
Customer Personal Data is not used to train foundation AI models unless expressly authorized by the customer or otherwise permitted under applicable law.
3.3Explicit Ownership Boundaries
Users retain ownership over the original text prompts, inputs, and files they upload to the platform, subject to licensing terms. Ownership of AI-generated outputs is governed by your specific enterprise platform agreement and applicable intellectual property laws.
3.4Human Review Procedures
To protect system security, prevent platform abuse, check for legal compliance, and resolve technical support tickets, authorized personnel may perform human reviews of text logs, prompts, and inputs under strict access controls.
3.5AI Output Disclaimer
AI-generated outputs may contain inaccuracies, omissions, or unintended results due to algorithmic variance. Users are advised to review and validate outputs before utilizing them in legal, regulatory, financial, medical, or other high-risk contexts.
4.Automated Processing and Assisted Decisions
Our services utilize algorithms to classify messages, match scheduling constraints, and optimize contextual routing.
4.1Evaluation Disclosures
We do not intentionally design or deploy our AI systems to make automated decisions that produce permanent exclusions, automated pricing variations, or significant legal impacts on individuals without opportunities for human validation.
4.2The Human Fallback Interface
Users are generally supported with options to bypass automated voice or chat interfaces. You may request a transfer to a human representative during an active chat session or phone call by utilizing phrases such as "transfer to agent" or "speak to a human" within the conversational workflow.
5.Telecommunications Governance & Audio Recording
Our telephonic interfaces feature settings designed to manage outreach preferences, time windows, and recording notifications:
5.1Call Recording Disclosure Notifications
Where required by regional regulations, outbound or inbound recorded calls are intended to be preceded by an audible notice stating that the call may be recorded for training, quality analytics, physical security, or service validation purposes.
5.2Recording Opt-Out Framework
If a caller objects to audio recording, the platform is designed to support an audio bypass. In such instances, live audio recording is intended to halt; however, text-based metadata and basic event logging may be preserved to complete the request and support service verification.
5.3Consent-First Outreach Regulations
Outbound voice, automated dialing, and SMS communication streams are intended to be restricted to contacts who have provided verifiable express consent or possess an active business relationship with us.
5.4Automated Suppression Systems
Outbound communication lists are designed to be cross-referenced against active internal suppression files and national Do-Not-Call (DNC) registries, subject to localized, time-of-day communication windows.
6.Subprocessors & Third-Party Disclosures
NeekOS Business AI Inc. does not trade, sell, or rent personal data registries to third-party data brokers. To execute our platform services, data is shared under written agreements with downstream categories of Subprocessors, which generally include:
- Cloud Infrastructure and Hosting Providers;
- Telecommunications Carrier Networks and SMS Gateways;
- Specialized AI Compute Infrastructure Providers;
- Validated Payment Processing Gateways;
- Operational Analytics Frameworks and Automated Email Deployment Utilities.
Operational Control: For a clear listing of currently authorized downstream processing entities, users may view our dedicated Subprocessor List available upon request or through our Trust Center.
7.B2B Enterprise Architecture & Data Processing Agreements
For corporate subscribers, enterprise tenants, and institutional clients utilizing our platform as a data processor or service provider:
7.1Data Processing Addendum (DPA)
Enterprise customers may request a dedicated Data Processing Addendum (DPA) governing controller-processor relationships, contractual data processing boundaries, and cross-border transfer guarantees matching regional procurement needs.
7.2Operational Positioning
Where our platform acts as a commercial data processor under enterprise software agreements, we handle data strictly under the instructions of the corporate client, who serves as the data controller.
8.International Transfers of Personal Information
The system is built upon a multi-region deployment framework that utilizes region-aware data segmentation:
8.1Localized Data Storage Configurations
Upon platform setup, data environments are intended to be anchored within distinct geographic regions matching customer selections: the Americas, Europe, or Asia-Pacific.
8.2Cross-Border Transit Safeguards
Personal Data is primarily kept within your chosen deployment zone. Limited international transit may occur to support platform redundancy, manage disaster recovery backups, resolve security events, or comply with valid law enforcement requests.
8.3Standard Contractual Clauses (SCCs) & Impact Appraisals
Where data shifts outside protected regional zones (such as transfers out of the EEA, UK, Switzerland, or Quebec), operations are supported by Standard Contractual Clauses (SCCs) or recognized adequacy decisions, where applicable. Transfer Impact Assessments (TIAs) are periodically performed to evaluate regional data handling safety metrics.
9.Data Retention and Lifecycle Schedules
To support data minimization principles, Personal Data is intended to be programmatically purged or anonymized once defined lifecycle targets are reached:
| System Record Category | Retention Baseline Target | Primary Operational & Compliance Justification |
|---|---|---|
| Conversational Transcripts | Generally 365 Days | Preserved to maintain text continuity for recurring scheduling queries and support requests. (GDPR Art. 5(1)(c)) |
| Call Audio Recordings | Generally 90 Days | Retained to review telecommunications voice transmission quality and support technical billing verification. (Quebec Law 25, Sec. 23) |
| Marketing & Cookie Records | Generally 2 Years | Maintained to measure promotional outreach effectiveness and retain consent settings. |
| Support Desk Tickets | Generally 3 Years | Retained to track historical issue resolutions and manage customer profiles. |
| Customer Profile & Account Data | Generally 7 Years | Maintained to support active user platform directory settings and contract management. (CCPA/CPRA § 1798.105) |
| Billing Records & Audit Logs | Generally 7 Years | Preserved to satisfy corporate taxation rules, reconstruct security events, and fulfill legal data tracking rules. (IRS / Global Codes) |
Retention Exception: Scheduled deletion cycles are subject to suspension in the event of an active legal hold, formal regulatory inquiry, or an un-lifted disaster recovery restoration window.
10.Cookie Configurations and Lifecycle Retention
Our websites use storage scripts, data tags, and cookie structures to remember configurations, evaluate traffic patterns, and customize interactions.
- Necessary Cookies: Required to activate security encryption protocols, manage user logins, and verify form responses. Retained generally up to 12 months.
- Analytics Cookies: Gather performance tracking indexes that help us understand user navigation flow and diagnose platform display anomalies. Retained generally up to 24 months.
- Marketing Cookies: Used to evaluate campaign interactions and assist with delivery configurations across advertisement platforms. Retained generally up to 24 months.
Preferences Management: Users are supported with preference toggles to configure cookie permissions, excluding necessary elements, via our cookie management interface — open it any time from in the footer of any page. On this website, analytics and marketing scripts load only after you grant the matching consent category.
11.Rights of Individuals in the EEA, UK, and Switzerland
If you are interacting with our services from the European Economic Area (EEA), the United Kingdom, or Switzerland, you possess specific data management controls under applicable data protection laws:
11.1Access & Portability
Request an inventory and a structured digital export of transcripts, profile markers, and metadata associated with your identity. (EU GDPR Article 15 & 20)
11.2Correction & Rectification
Request the modification of incomplete, old, or inaccurate entries in your profile sheets. (EU GDPR Article 16)
11.3Erasure / Deletion ("The Right to Be Forgotten")
Request the deletion of conversational transcripts, voice recordings, and profile histories, subject to statutory exemptions. (EU GDPR Article 17)
11.4Restriction of Processing
Request that we halt active data processing operations while the accuracy of an entry or the validity of a legal basis is disputed. (EU GDPR Article 18)
11.5The Right to Object
Oppose data processing actions that rely on legitimate interests prongs due to circumstances relating to your specific situation. (EU GDPR Article 21)
11.6Consent Withdrawal
Revoke previously submitted marketing permissions or analytics recording consents at any time. (EU GDPR Article 7(3))
11.7Right to Lodge a Complaint
File an official grievance regarding our tracking actions with an established supervisory authority within your country or region of residence. (EU GDPR Article 77)
12.California Privacy Rights Notice (US Visitors)
This section provides additional disclosures required under the CCPA/CPRA, applying exclusively to residents of the State of California:
12.1Right to Know & Access
Request disclosure of the specific pieces of personal information collected, the business categories utilized, and the types of third-party subprocessors involved over the preceding 12 months.
12.2Right to Delete
Request the deletion of personal information collected from you, subject to specific statutory exceptions.
12.3Right to Correct
Request the correction of inaccurate personal information maintained by the platform.
12.4Right to Limit Sensitive Data
Restrict the use of sensitive personal information (such as precise geolocation or specific account credentials) if utilized for secondary purposes outside baseline transactional delivery.
12.5Right to Opt-Out of Sale or Sharing
We do not sell personal information for monetary consideration, nor do we share your data for cross-context behavioral advertising purposes. You have the right to opt-out of sharing configurations via our data management link.
12.6Non-Discrimination Protections
We will not deny services, adjust pricing tiers, or provide different quality levels if you choose to exercise your statutory California data privacy rights.
13.Digital Personal Data Protection Rights (India Visitors)
In accordance with India's Digital Personal Data Protection Act (DPDP Act), users interacting with our services from India possess specific data management controls:
13.1Right to Correction and Erasure
Request the updating, completion, or deletion of personal data that is no longer required for the purpose for which it was collected or processed.
13.2Right to Withdraw Consent
Revoke previously granted consent for data processing activities at any time, subject to legal or contractual limitations.
13.3Right of Grievance Redressal
File an official grievance or inquiry regarding data processing practices with our designated Data Protection Officer (DPO).
13.4Right to Nominate
Nominate another individual to exercise your data rights in the event of death or incapacity, as provided under applicable law.
14.Additional Regional Privacy Compliance Notices
14.1Brazil (LGPD Compliance)
Residents of Brazil possess rights under the LGPD to confirm the existence of processing, access their personal records, correct incomplete or inaccurate data, anonymize or block unnecessary data, and request data portability to another service provider.
14.2Australia & New Zealand Compliance
Data handled for individuals in Australia and New Zealand is managed in accordance with the Australian Privacy Principles (APPs) and New Zealand Privacy Principles (NZPPs). Users may request access to, or correction of, their personal records, and may submit inquiries regarding our cross-border data handling processes.
15.Security Safeguards & Administrative Controls
NeekOS Business AI Inc. maintains administrative, technical, organizational, and physical safeguards designed to protect personal information against unauthorized access, loss, alteration, destruction, or disclosure. Our standard platform architecture incorporates multiple containment controls, which generally include:
15.1Cryptographic Controls
Industry-standard encryption protocols applied to data both in transit across public networks and at rest within cloud storage infrastructure.
15.2Access & Authentication Limits
Role-Based Access Controls (RBAC) and strict Multi-Factor Authentication (MFA) requirements ensuring that platform data environments are accessible only to authorized personnel.
15.3Continuous Threat Monitoring
Comprehensive system activity monitoring and automated log collection frameworks designed to maintain permanent security event tracking and architectural visibility.
16.Security Incidents & Breach Notifications
In the event that an active data breach or security incident occurs that is reasonably determined to affect Personal Data or create a risk of significant harm (or as required under applicable regional statutory laws), NeekOS Business AI Inc. maintains structured incident response procedures. We are designed to execute mandatory regulatory reporting and notify affected individuals or enterprise account administrators within legally required windows or contractually agreed timelines.
17.Age Boundaries & Minors
Our Services are designed for use by enterprise clients and adult consumers. We do not intentionally capture, maintain, or process personal records originating from children under the age required by applicable law in their respective jurisdictions. If we become aware that a minor has provided us with personal records without verified parental or guardian consent, we implement procedures intended to delete that information from our active data storage environments.
18.Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect modifications to platform infrastructure, changing cloud provider dependencies, or shifting international data protection laws. The version identifier and modification dates at the top of this document will be updated accordingly. Material updates or changes to data handling terms will be communicated directly to active platform users via clear updates on our website, in-app portal notices, email dispatches, or other appropriate communication methods.
19.Corporate Contact Information & Intake Interface
To submit an official inquiry, request configuration adjustments, or exercise available data protection rights, you may route your request to our compliance team:
- Corporate Legal Entity Name: NeekOS Business AI Inc.
- Primary Intake Email Dashboard: [email protected]
- Registered Corporate Office Address: NeekOS Business AI Inc., Attn: Privacy Officer / Data Protection Officer — registered office address available upon written request.