Effective date: 02 October 2025
Last reviewed: 02 October 2025
ServvBot (“ServvBot,” “we,” “our,” or “us”) provides AI-powered automation tools.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit servvbot.com or use any ServvBot product or service (collectively, the “Services”). It also describes your privacy rights and how to exercise them.
We comply with the British Columbia Personal Information Protection Act (PIPA), Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) as applicable.
Definitions
“Personal data” means any information that identifies or could reasonably identify an individual.
“Processing” means any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
“User” means any individual who visits our website, creates an account, or otherwise interacts with the Services.
Information We Collect
a. Information you provide
• Account details – name, e-mail address, password, company name.
• Conversations and inputs – text, audio, images, files, or prompts you submit to our AI agents.
• Payment data – credit-card number, expiry, billing address, and transaction history (processed by our payment processor; we store only the last four digits and expiry).
• Support data – any information you volunteer when contacting [email protected] or live-chat.
b. Automatically collected information
• Device identifiers – IP address, browser type, operating system.
• Usage data – pages visited, time spent, click-stream, feature usage, date/time stamps.
• Cookies and similar technologies – see Section 10.
Purpose and Legal Basis of Processing
We process personal data only for the purposes listed below and under the following legal bases:
Purpose
Legal Basis (GDPR)
CCPA Category
Provide, maintain, and improve the Services
Contract; Legitimate interests
Business purpose
Train and fine-tune our AI models
Legitimate interests (with safeguards)
Business purpose
Respond to customer support requests
Contract
Business purpose
Send marketing e-mails (newsletters, feature updates)
Consent (opt-in); Legitimate interests (existing customers)
Commercial purpose
Detect security incidents, prevent fraud
Legal obligation; Legitimate interests
Security purpose
Comply with Canadian and foreign laws
Legal obligation
Compliance purpose
AI Model Training
• We may retain user inputs and conversations to retrain and fine-tune ServvBot’s proprietary models.
• Before reuse, we strip direct identifiers (name, e-mail, phone, credit-card) and run additional de-identification filters.
• You may opt out of having your content used for training at any time—see Section 9 (“Your Rights”).
Data Retention
• Account data – kept until you delete your account or until three years after last activity (whichever is earlier).
• Conversation / input logs – kept for the life of the account unless you delete them or opt out of training.
• Payment data – kept for seven years after the transaction (Canadian tax law).
• Marketing suppression lists – kept indefinitely to honor opt-outs.
When retention expires, we delete or anonymize the data within 30 days.
Third-Party Processors
We do not sell or share personal data for cross-context behavioral advertising. We disclose data only to the following service providers under written contracts that restrict further use:
Sub-processor
Location
Function
Safeguards
Go High Level
United States
CRM, e-mail delivery, analytics
Standard Contractual Clauses (2021)
OpenAI, LLC
United States
Large-language-model inference
Data-processing addendum; zero-retention API for many endpoints
Kimi K2 (Moonshot AI)
United States & Singapore
Auxiliary LLM inference
Encryption in transit; contractual confidentiality
Payment processor
Canada
Card processing
PCI-DSS compliant tokenisation
Hosting provider (AWS)
Canada (ca-central-1)
Cloud infrastructure
Server-side encryption (AES-256)
International Transfers
If you access the Services from outside Canada, your data will be transferred to and processed in Canada and, via our sub-processors, the United States and Singapore. We rely on Standard Contractual Clauses approved by the European Commission or other recognised adequacy mechanisms for such transfers.
Security Measures
• TLS 1.3 encryption in transit; AES-256 encryption at rest.
• Multi-factor authentication for all staff with database access.
• Role-based access control; least-privilege principle.
• Annual penetration tests and quarterly vulnerability scans.
• Logging and alerting for anomalous access patterns.
Despite these measures, no internet transmission is 100 % secure. You transmit data at your own risk.
Your Rights
Canadian (PIPEDA/PIPA) rights
• Access – request a copy of your personal data.
• Correction – request correction of inaccurate data.
• Withdraw consent – where we rely on consent, you may withdraw it at any time.
GDPR rights (EEA/UK users)
• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / “right to be forgotten” (Art. 17)
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to object to automated decision making (Art. 22) – we do not make automated decisions with legal or similarly significant effects.
CCPA rights (California residents)
• Right to know – categories and specific pieces of personal data collected.
• Right to delete – personal data we hold, subject to exceptions.
• Right to opt out of “selling” or “sharing” – we do not sell or share personal data as defined by CCPA, but you can still register a “Do Not Sell or Share My Info” request.
• Right to non-discrimination – we will not deny services for exercising CCPA rights.
How to exercise your rights
E-mail [email protected] from the address associated with your account. We may ask for additional information to verify your identity. We respond within 30 days (GDPR) or 45 days (CCPA) of verification.
Cookies and Tracking
We use only functional and analytics cookies.
• Essential cookies – required for log-in, security, and payment.
• Analytics cookies – Google Analytics 4 (IP anonymised) to understand feature usage.
You can manage non-essential cookies through the banner or browser settings. At this time we do not honor browser “Global Privacy Control” signals because we do not sell or share data for targeted ads.
Children
The Services are not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you believe we have such data, contact us and we will promptly delete it.
Links to Third-Party Sites
Our website may contain links to third-party websites. This Policy does not apply to those sites. We encourage you to review their privacy policies.
Changes to This Policy
We may update this Policy from time to time. We will post the revised version on this page with a new “Last reviewed” date and, if changes are material, notify you via e-mail or in-app banner. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.
Contact Us
If you have questions, complaints, or wish to exercise your privacy rights, please contact:
ServvBot Privacy Office
123 Main Street
Vancouver, BC, Canada
E-mail: [email protected]
If you are in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local supervisory authority.
Acknowledgement
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.