Privacy Policy

Algorei ("we," "us," or "our") operates an AI-powered CRM and business automation platform designed for service-based businesses. This Privacy Policy applies to all information collected when you visit our website, create an account, or use our services.

Data Controller vs. Data Processor. For the personal information of our direct clients (such as account holders, billing contacts, and platform users) Algorei acts as a data controller: we determine how and why that data is processed. For personal information that our clients collect from their own end-customers and process through our platform, Algorei acts as a data processor: we process that data only on our clients' behalf and in accordance with their instructions. In this capacity, our clients are the data controllers and bear primary responsibility for lawful processing.

Geographic Scope. This policy applies to all users of our services worldwide. Where applicable, we comply with region-specific privacy laws including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the UK GDPR for users in the United Kingdom, and the California Consumer Privacy Act (CCPA) for California residents.

Account Information. When you create an account, we collect your name, email address, business name, industry type, phone number, and any other information you provide during registration or onboarding. This information is necessary to create and manage your account and to provide our services.

Payment Information. We collect payment details necessary to process your setup fee and monthly retainer. Payment card data is handled securely through our payment infrastructure and is not stored in raw form on our systems. We retain billing records including transaction IDs, amounts, dates, and the last four digits of any card used for our records.

Usage Data. We automatically collect information about how you interact with our platform, including pages visited, features used, actions taken, session durations, error logs, and performance data. This data helps us improve our services and identify issues.

Communication Data. Our platform processes communications on your behalf (including call recordings, call transcripts, messages, and automated follow-ups) as part of the services you have contracted for. This data belongs to you and is processed as described in Section 4.

Device & Browser Information. When you access our platform, we automatically collect certain technical information including your IP address, browser type and version, operating system, device identifiers, and timezone. This information is used for security, analytics, and to optimize platform performance.

Cookies & Tracking Technologies. We use cookies and similar technologies as described in detail in Section 8 of this policy.

We use the information we collect for the following purposes:

• Service Delivery. To configure, operate, maintain, and improve your automation systems and provide the services you have subscribed to.
• Billing & Account Management. To process payments, manage your subscription, send invoices, and communicate billing-related information.
• Customer Support. To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Security & Fraud Prevention. To detect, investigate, and prevent unauthorized access, fraudulent activity, and other security threats.
• Legal Compliance. To comply with applicable laws, respond to legal requests, and enforce our Terms of Service.
• Platform Improvement. To analyze usage patterns, identify performance issues, and develop new features, using aggregate, anonymized data only.
• Communications. To send you service-related notifications, important updates, and (with your consent) information about new features or service changes.

No Advertising Profiling. We do not use your personal information for individual-level advertising profiling or to build advertising audiences. We do not sell, rent, or share your personal data with advertisers.

We Never Sell Your Data. Algorei does not sell, trade, or otherwise transfer your personal information to third parties for their own commercial purposes. This is a firm commitment, not subject to exceptions.

Client End-Customer Data. When our clients use Algorei's platform to communicate with their own customers (including through automated calls, messages, appointment reminders, and lead follow-ups) we process personal data about those end-customers on our clients' behalf. This may include names, phone numbers, email addresses, appointment details, and communication history.

Algorei as Processor. In respect of this end-customer data, Algorei acts as a data processor. We process this data only as instructed by our clients and only to the extent necessary to deliver the contracted services. We do not use end-customer data for our own purposes.

Client as Controller. Our clients are the data controllers for their end-customer data and bear full responsibility for: ensuring they have a valid lawful basis for processing under applicable law; obtaining all necessary consents from their end-customers; complying with applicable data protection laws; and responding to data subject rights requests from their end-customers.

Data Processing Agreement. Clients who require a formal Data Processing Agreement (DPA), for example to demonstrate GDPR compliance, may request one by contacting us at contact@algorei.com.

We Do Not Sell Personal Data. Algorei does not sell, rent, or trade personal data to any third party for any commercial purpose, ever.

Trusted Technology Partners. We work with carefully selected technology partners who help us operate our platform and deliver our services, including hosting, infrastructure, communications delivery, and security monitoring. These partners are contractually bound to process data only as directed by us and in accordance with this Privacy Policy. We do not name specific partners in this policy to protect the security and integrity of our systems.

Legal Requirements. We may disclose your information where required by law, regulation, court order, or lawful government request. Where possible, we will notify you before disclosure unless prohibited from doing so by law.

Business Transfers. In the event of a merger, acquisition, restructuring, or sale of all or part of Algorei's business, your information may be transferred to the acquiring entity. We will provide notice of such a transfer and ensure the acquiring entity is bound by privacy commitments no less protective than those in this policy.

Aggregate Analytics. We may share aggregated, anonymized, and de-identified data with partners or publish it publicly for research, industry analysis, or marketing purposes. This data cannot reasonably be used to identify any individual.

We retain personal data only as long as necessary to fulfill the purposes described in this policy and to comply with legal obligations. Our standard retention periods are:

Secure Deletion. When data reaches the end of its retention period, it is securely deleted using industry-standard deletion methods that make recovery infeasible. Backup copies are also purged within 30 days of the scheduled deletion date.

Technical Safeguards. We implement industry-standard security measures to protect your data, including encryption of data in transit using TLS 1.2 or higher, encryption of sensitive data at rest, strict access controls limiting data access to authorized personnel only, and multi-factor authentication requirements for internal system access.

Regular Assessments. We conduct regular security assessments and reviews of our systems, processes, and controls to identify and address potential vulnerabilities before they can be exploited.

Employee Access. Access to personal data within Algorei is granted on a strict need-to-know basis. Employees who handle personal data are trained on data protection obligations and are bound by confidentiality commitments.

Breach Notification. In the event of a confirmed personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable supervisory authorities within 72 hours of becoming aware of the breach, as required under GDPR and similar applicable laws. Our notification will include the nature of the breach, the data affected, the likely consequences, and the steps we are taking to address it.

No Absolute Guarantee. While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data, and you use our services acknowledging this reality.

We use cookies and similar technologies on our website and platform. Here is what we use and why:

Essential Cookies. These cookies are strictly necessary for our platform to function. They enable core features such as user authentication, session management, and security controls. You cannot opt out of essential cookies without significantly impairing the functionality of our services.

Analytics Cookies. We use analytics cookies to understand how users interact with our platform, including which features are used, where errors occur, and how performance can be improved. This data is aggregated and does not identify individuals. You can disable analytics cookies through your browser settings or our cookie preferences tool.

No Advertising Cookies. We do not use advertising cookies, third-party tracking pixels, or any technology that tracks you across other websites for advertising purposes. We do not share tracking data with advertising networks.

Managing Cookies. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our platform. Most browsers allow you to view, delete, and block cookies from specific websites.

Do Not Track. Our platform respects "Do Not Track" (DNT) signals sent by browsers. When we detect a DNT signal, we disable non-essential analytics tracking for that session.

Depending on your location, you may have the following rights with respect to your personal data. We honor these rights for all users, regardless of jurisdiction:

• Right to Access. You have the right to request a copy of the personal data we hold about you, along with information about how we use it.
• Right to Rectification. You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure. You have the right to request deletion of your personal data, subject to legal retention requirements and other legitimate grounds for retention.
• Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format and to have it transferred to another organization where technically feasible.
• Right to Restrict Processing. You have the right to request that we restrict processing of your personal data in certain circumstances, for example while we verify a correction request.
• Right to Object. You have the right to object to our processing of your personal data where that processing is based on our legitimate interests.
• Right to Withdraw Consent. Where we process your data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

How to Exercise Your Rights. To exercise any of these rights, contact us at contact@algorei.com with your full name, email address, and a description of the right you wish to exercise. We will respond within thirty (30) days of receiving a valid request. We may request identity verification before fulfilling your request.

Right to Lodge a Complaint. If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.

Algorei operates internationally, and your data may be processed in countries other than the one in which you reside. These countries may have data protection laws that differ from your own jurisdiction.

Appropriate Safeguards. Where we transfer personal data internationally, we ensure appropriate safeguards are in place to protect your data. These safeguards may include Standard Contractual Clauses (SCCs) approved by relevant authorities, adequacy decisions recognized by applicable law, or other lawful transfer mechanisms.

GDPR Compliance. For transfers of data from the European Economic Area, we comply with GDPR requirements for international data transfers, including the use of appropriate transfer mechanisms and relying on adequacy decisions where applicable.

Algorei's services are not directed to individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from minors. If you are a parent or guardian and believe that a child under 18 has provided us with personal information, please contact us immediately at contact@algorei.com.

Upon receiving a verified request from a parent or guardian, we will promptly delete any personal information we may have inadvertently collected from a minor and take reasonable steps to prevent future collection.

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information.

Categories of Information Collected. We collect the following categories of personal information: identifiers (name, email, IP address); commercial information (billing records, transaction history); professional information (business name, industry); internet or network activity (usage data, log files); and geolocation data (approximate location derived from IP address).

Right to Know. You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom it is shared.

Right to Delete. You have the right to request deletion of your personal information, subject to certain exceptions under the CCPA.

Right to Opt-Out of Sale. Algorei does not sell personal information. As such, no opt-out mechanism for data sales is required. We do not discriminate against users who exercise their CCPA rights.

Authorized Agents. California residents may submit rights requests through an authorized agent. The agent must provide written proof of authorization, and we may require the consumer to verify their identity directly with us.

To exercise your CCPA rights, contact us at contact@algorei.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this page and, for material changes, notify you by email to your registered address.

We encourage you to review this policy periodically. For material changes that affect how we process your personal data, we will provide prominent notice and, where required by law, obtain your consent before the changes take effect. Your continued use of our services after notice of a change constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

For data subject rights requests (access, erasure, portability, etc.), please include your full name, registered email address, and a clear description of your request. We will respond within 30 days of receiving a valid, verifiable request.