1. Introduction

At Sibaway.ai, your privacy and data security are central to our operations. This privacy policy outlines how we collect, use, and safeguard your personal information as an AI chatbot service, ensuring your data is handled responsibly and transparently.

We strive to comply with applicable data protection laws, including GDPR for European users and KSA PDPL law as well as Jordan PDPL law, and adhere to global best practices in data privacy. As a startup, we continuously evaluate our policies and practices to align with evolving legal standards, ensuring that we are prepared to expand our services globally.

By using Sibaway.ai, you agree to the collection and use of your information as described in this policy. While the policy may change as our company grows, we are committed to protecting your data and providing transparency at all stages.

2. Information We Collect

We collect two main categories of data—personal data and non-personal data—to provide you with a personalized and efficient service experience.

All credit/debit cards’ details and personally identifiable information will NOT be stored, sold, shared, rented or leased to any third parties.

2.1. Personal Data

We collect personal data when you create an account, interact with our chatbot, or communicate with our support team. The information collected may include:

• Name and email address (for identification and communication purposes).
• Account login details (username, password) for secure access.
• Profile preferences or settings that help personalize your experience.

This data enables us to tailor your experience, respond to your inquiries, and send important service-related updates. While certain personal information is necessary to provide our services, you can choose not to provide optional data or limit certain features.

2.2. Non-Personal Data

We also collect non-personal data that helps us analyze and optimize our services, including:

• Device information: such as your device type, operating system, and browser version.
• Usage data: pages visited, time spent on the platform, and chatbot interaction patterns.
• IP Address: used for identifying approximate location and detecting security threats.

This data helps us enhance platform performance, optimize our services, and improve the AI’s ability to respond more accurately based on user behavior.

2.3. Chat Data

Your interactions with the AI chatbot—including the questions you ask and the responses provided—are logged to help improve the chatbot’s accuracy and personalization capabilities. This includes:

• User queries and inputs.
• AI-generated responses and any corrections or feedback you provide.

This data is used internally to refine our AI models and improve response quality. We do not use your chat data for marketing purposes unless you give explicit consent.

2.4. Optional Data

You may provide additional information voluntarily, such as feedback, participation in surveys, or responses during beta testing. This helps us understand user preferences better and tailor our offerings to meet your needs.

3. How We Use Your Data

We are committed to using your data only for purposes that enhance your experience and the performance of our platform. Below are the primary ways we utilize your information:

3.1. Service Delivery and Personalization

Your data is used to operate the core functionality of Sibaway.ai and ensure the chatbot can respond to your inquiries effectively. Personal data allows us to:

• Customize the chatbot’s interactions based on your preferences.
• Provide personalized recommendations or guidance based on your usage patterns.

3.2. Security and Fraud Prevention

We prioritize the security of your information by implementing industry-standard practices to protect against unauthorized access. We use data to:

• Detect and prevent fraud, abuse, or security breaches.
• Implement end-to-end encryption for all interactions, ensuring secure data transmission.

3.3. Communication and Updates

We use your contact information to communicate essential updates regarding your account or our services. This may include:

• Notifying you of service changes, new features, or maintenance alerts.
• Responding to your support requests and resolving issues.

3.4. Platform Improvement and Analytics

We analyze non-personal data, such as usage patterns, to improve platform performance and identify areas for development. This data allows us to:

• Optimize our chatbot’s response accuracy.
• Identify and troubleshoot technical issues.
• Conduct internal research and develop new features.

3.5. Compliance with Legal Obligations

We may use or share your data when necessary to comply with legal requirements. This includes responding to court orders, regulatory inquiries, or government investigations.

4. Data Sharing and Third Parties

We respect your privacy and only share your data with trusted third parties under specific conditions that are essential to the operation of our services.

4.1. Third-Party Service Providers

To deliver and maintain our platform, we work with trusted third-party providers, such as:

• Cloud hosting services: to store your data securely.
• Payment processors: to handle subscription payments and transactions.
• Analytics providers: to monitor and improve platform performance.

These third parties only have access to the data necessary to perform their functions, and we ensure that they follow strict confidentiality agreements and industry-standard security protocols.

4.2. Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred to the new entity. However, we will notify you if such a transfer affects your data, and we will ensure that the receiving party adheres to the same level of data protection as outlined in this policy.

4.3. Legal Compliance and Protection

We may disclose your personal information to comply with legal obligations, such as responding to court orders or government requests. We will ensure that only the necessary information is disclosed and that your rights are protected.

4.4. Aggregated and Anonymized Data

We may share aggregated or anonymized data with partners or researchers for platform performance analysis, research, or AI improvement. This data does not include any personally identifiable information.

5. Data Security

Sibaway.ai is committed to safeguarding your data with robust security measures that protect against unauthorized access, misuse, or breaches. Below are the key methods we employ to secure your information:

5.1. End-to-End Encryption

We use end-to-end encryption for all communications between your device and our servers, ensuring that your data is protected during transmission and cannot be intercepted by unauthorized parties.

5.2. Secure Data Storage

All personal and sensitive data stored on our servers is encrypted using industry-standard algorithms. This ensures that even in the unlikely event of a data breach, your information remains secure and unreadable.

5.3. Two-Factor Authentication (2FA)(Coming soon)

within the coming future, We will  offer two-factor authentication (2FA) as an additional layer of protection for your account. This requires a secondary form of authentication—such as a code sent to your mobile device—before access is granted, significantly reducing the risk of unauthorized access.

5.4. Internal Security Practices

We regularly conduct internal audits and monitor our systems to identify and mitigate potential vulnerabilities. Our security protocols are continuously updated to stay aligned with evolving threats and best practices.

5.5. User Responsibility

While we take significant steps to protect your data, users also play a critical role in maintaining security. We recommend that you:

• Use strong and unique passwords for your Sibaway.ai account.
• Enable 2FA for additional security.
• Monitor your account for any suspicious activity and report it immediately.

6. Your Data Privacy Rights

At Sibaway.ai, we believe that transparency and control over your personal information are critical. We strive to provide users with easy-to-understand options to manage their data. This section outlines your key rights regarding how your data is collected, used, and shared.

6.1. Right to Access

You have the right to request access to the personal information we hold about you. Upon request, we will provide:

• A summary of the types of data collected.
• The purposes for which your data is being processed.
• Access to your personal data in an electronic format.

This ensures you can monitor how your information is used and verify the accuracy of your records.

6.2. Right to Rectification

If the personal information we have is inaccurate or incomplete, you have the right to request corrections. You can:

• Edit or update your data through your account settings.
• Contact our support team to make necessary changes.

We are committed to keeping your information accurate and up to date.

6.3. Right to Erasure (“Right to be Forgotten”)

You may request the deletion of your personal data under certain circumstances, including:

• When the data is no longer necessary for the purposes for which it was collected.
• If you withdraw your consent for us to process your information.
• If you believe your data is being unlawfully processed.

We will comply with deletion requests unless retention is required by law (e.g., for legal or regulatory reasons).

6.4. Right to Object to Data Processing

You can object to the processing of your personal data if you believe:

• Your data is being processed for purposes not aligned with your interests or consent.
• Your data is used for direct marketing purposes.

If we receive an objection, we will evaluate the request and stop processing your data unless we can demonstrate a legitimate reason for its continued use.

6.5. Right to Restrict Processing

In specific cases, you may request that we limit the processing of your data, such as:

• When you contest the accuracy of your personal data.
• If the data processing is unlawful but you prefer to restrict its use rather than delete it.
• If you need the data for legal claims, but we no longer require it for operational purposes.

6.6. Right to Withdraw Consent

Where data processing is based on your consent, you may withdraw that consent at any time. This will not affect the legality of data processing before the withdrawal, but it may limit certain features or services moving forward. You can easily withdraw consent by:

• Adjusting your account settings.
• Contacting us at [email protected].

6.7. Right to Data Portability

You have the right to request your personal data in a structured, commonly used, and machine-readable format to transfer it to another service provider. This ensures the flexibility of your data across different services.

7. Data Retention Policy

We believe in keeping your personal information only as long as necessary to fulfill the purposes for which it was collected or as required by law. This section outlines how long we retain your data and under what conditions it is securely disposed of.

7.1. Retention Periods

The length of time we retain personal data depends on the type of information and its use:

• User account data: Stored for the duration of your account’s active status. If you close your account, your data will be deleted or anonymized based on our data retention practices.
• Transactional data: Such as payments or invoices, is retained for legal or accounting purposes (typically for a fixed period like 5 years).
• Chat data: Retained for AI improvement, but may be anonymized after a set period for research purposes.

7.2. Legal and Regulatory Obligations

In certain cases, we may be legally required to retain data for an extended period to comply with regulatory obligations, including tax and audit purposes. During this time, your data will be securely stored and protected.

7.3. User-Requested Deletion

If you request the deletion of your data, we will take reasonable steps to remove your personal information unless retention is legally mandated. Upon deletion, we ensure that your data is either permanently removed or anonymized to prevent reconstruction or misuse.

7.4. Data Minimization

We operate under the principle of data minimization, ensuring that we only collect and store the data necessary to provide our services. Unnecessary or outdated data is regularly reviewed and securely disposed of.

7.5. Backup and Archive Systems

In some instances, data may be retained longer in backup or archival systems, used solely for disaster recovery and business continuity. Access to this data is restricted, and it will only be retained for the necessary operational periods.

8. How We Protect Your Data

Sibaway.ai employs robust security measures to protect your personal information from unauthorized access, disclosure, or misuse. Our commitment to safeguarding your data spans across all areas of our platform.

8.1. Encryption

We use end-to-end encryption for all data transmitted between your device and our servers. This ensures that your data remains protected throughout its lifecycle and cannot be intercepted by third parties.

8.2. Secure Data Storage

All personal data stored on our servers is encrypted using industry-standard algorithms. This ensures that your data remains secure, even in the unlikely event of a breach. Access to this data is strictly controlled and monitored.

8.3. Two-Factor Authentication (2FA)

To further secure your account, Sibaway.ai offers Two-Factor Authentication (2FA), adding an additional layer of security. This requires a second form of authentication, such as a code sent to your phone, in addition to your password.

8.4. Internal Audits and Security Reviews

We regularly conduct internal security audits to identify and address potential vulnerabilities. We stay aligned with evolving threats and industry best practices by frequently updating our security protocols.

8.5. Response to Security Incidents

In the unlikely event of a data breach or security incident, Sibaway.ai will take immediate action to mitigate any risks. Our response plan includes:

• Identifying and addressing the breach as quickly as possible.
• Notifying affected users and relevant authorities, if applicable.
• Providing recommendations to protect your account and data.

8.6. User Responsibility for Security

While we take significant steps to secure your data, we also encourage users to:

• Use strong, unique passwords for your account.
• Enable 2FA for enhanced protection.
• Regularly review account activity for any suspicious behavior.

9. International Data Transfers

As Sibaway.ai expands globally, we may transfer your data to countries outside of your own. Regardless of where your data is processed, we ensure it is handled with the highest level of protection, adhering to global data protection standards.

9.1. Legal Compliance for Data Transfers

We comply with international data protection laws, such as the General Data Protection Regulation (GDPR) for European users. We take measures to ensure that your personal data is protected, even when transferred across borders.

9.2. Safeguards for International Transfers

If your data is transferred outside the European Economic Area (EEA) or to countries without similar data protection laws, we will use Standard Contractual Clauses (SCCs) or Data Processing Agreements (DPAs) to ensure adequate protection.

9.3. Encryption and Security Measures

All international data transfers are encrypted, ensuring that your personal information is secure during transit. Only authorized personnel are allowed to access your data, and their access is strictly controlled.

9.4. Transparency and User Rights

If your data is transferred internationally, you have the right to:

• Request information on how your data is protected.
• Obtain a copy of any legal safeguards, such as SCCs.
• Request that your data not be transferred to specific countries based on legal grounds.

10. Changes to This Privacy Policy

As Sibaway.ai continues to evolve, we may need to update this Privacy Policy to reflect new practices, regulations, or technologies. We are committed to keeping you informed about any changes and ensuring that your data is handled with transparency.

10.1. Notification of Changes

We will notify you of significant changes to this policy by:

• Posting updates on our website.
• Sending notifications via email or through in-app messages if the changes significantly affect your data rights.

10.2. Reviewing the Policy

We encourage you to periodically review this Privacy Policy to stay informed about how your data is being used and protected. The “Last Updated” date at the top of the policy will indicate when changes were made.

10.3. Consent to Updated Terms

By continuing to use Sibaway.ai after changes to this policy, you consent to the revised terms. If you disagree with the changes, you may discontinue using the platform or contact us for clarification.

11. Cookies Policy

At Sibaway.ai, we use cookies and similar tracking technologies to enhance your experience, monitor website traffic, and improve the performance of our platform. This section outlines how we use cookies and your options to manage them.

11.1. What Are Cookies?

Cookies are small text files that are stored on your device (such as your computer or smartphone) when you visit websites. These files help the website recognize your device, store your preferences, and track certain activities to improve your browsing experience.

11.2. Types of Cookies We Use

We use the following types of cookies on Sibaway.ai:

• Essential Cookies: Necessary for the basic functionality of our website. These allow you to log in, navigate the platform, and use key features.
• Performance and Analytics Cookies: These cookies collect information about how visitors use the website, helping us analyze traffic and improve performance.
• Functionality Cookies: These allow the site to remember choices you make (such as language or region preferences) and provide more personalized features.
• Advertising and Targeting Cookies: These track your browsing activity across websites and deliver relevant advertisements. These cookies may also be used to track the effectiveness of our marketing campaigns.

11.3. Managing Cookies

You have control over your cookie preferences. You can manage or disable cookies through your browser settings:

• Block or disable cookies: Most browsers allow you to block cookies or delete cookies that have already been set on your device.
• Cookie preferences: You can set preferences for specific cookies or block certain types (e.g., third-party advertising cookies).

Please note that disabling certain cookies may affect the functionality of the Sibaway.ai platform and limit some features.

11.4. Consent to Cookies

By using our website and services, you consent to the use of cookies as described in this section. You can adjust your cookie preferences at any time by changing your browser settings or contacting us for assistance.