Privacy Policy

1. Introduction

This Privacy Policy describes how Fyros.AI LLC ("Fyros.AI," "we," "us," or "our") collects, uses, stores, and shares your personal information when you use the Fyros.AI platform, website, APIs, and related services (collectively, the "Services").

This policy applies to all users of the Services, including account holders, team members, and visitors to our website. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, and other information you provide during registration. If you sign up through a third-party authentication provider (such as Google or Auth0), we receive your basic profile information from that provider.

2.2 Usage Data

We automatically collect information about how you interact with the Services, including pages visited, features used, actions taken (such as file uploads or chat queries), timestamps, session duration, and referring URLs. This data helps us understand how the Services are used and where we can make improvements.

If a website operator enables our embedded chat widget, we may also assign or store a persistent browser or session identifier so the widget can continue conversations across page loads and return visits in the same browser. We use this identifier to associate chat history, restore recent conversations, and provide continuity within the widget experience.

2.3 Device & Technical Data

We collect technical information about the devices you use to access the Services, including IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.

2.4 Content Data

When you use the Services, you may upload documents, create knowledge entries, submit chat queries, or provide other content ("Your Content"). We process Your Content to deliver the Services — for example, to generate embeddings, perform searches, and produce AI-assisted responses. We do not use Your Content to train machine learning models shared across customers.

Content Data may include chat messages, conversation transcripts, form responses, and related metadata generated through an embedded chat widget. Where a persistent widget identifier is used, we may associate that content with the identifier in order to retrieve prior conversations for the same browser or session.

2.5 Payment Information

When you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not directly collect or store your full credit card number, CVV, or banking details. We may receive and store limited information such as the last four digits of your card, card brand, expiration date, and billing address for record-keeping and support purposes.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Services — including processing your documents, generating AI responses, managing your account, and maintaining chat continuity across pages or return visits where the chat widget is enabled
• Communicate with you — sending service-related notices, responding to support requests, and providing updates about your account or the Services
• Improve the Services — analyzing usage patterns to identify bugs, optimize performance, and develop new features
• Ensure security — detecting and preventing fraud, abuse, and unauthorized access to the Services
• Comply with legal obligations — responding to legal requests, enforcing our Terms of Service, and meeting regulatory requirements
• Process payments — managing billing, invoicing, and subscription-related transactions

4. Legal Basis for Processing

We process your personal information on the following legal bases, as applicable:

• Contract performance — processing necessary to provide the Services you have subscribed to and to fulfill our obligations under the Terms of Service
• Legitimate interests — processing for purposes such as improving the Services, ensuring security, and communicating with you, where these interests are not overridden by your rights
• Consent — where you have given explicit consent, such as opting in to marketing communications. You may withdraw consent at any time
• Legal obligation — processing required to comply with applicable laws, regulations, or legal proceedings

5. Data Sharing & Third Parties

We do not sell your personal data. We may share your information with third parties only in the following circumstances:

• Infrastructure providers — we use Amazon Web Services (AWS) for cloud hosting, storage, and computing; MongoDB Atlas for database services; and Weaviate Cloud for vector search. Your data is processed and stored on infrastructure operated by these providers
• AI sub-processors — we use OpenAI to generate text embeddings and AI-assisted responses from Your Content. Your Content is sent to OpenAI's API for processing but is not used by OpenAI to train their models, in accordance with their data usage policies
• Payment processors — we use third-party payment processors to handle subscription billing and payment transactions
• Authentication providers — we use Auth0 for identity management and authentication
• Analytics services — we may use analytics tools to understand usage patterns and improve the Services. Where used, data is aggregated and anonymized wherever possible. This may include tools such as Google Analytics, subject to applicable consent requirements
• Legal requirements — we may disclose your information if required by law, subpoena, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership

6. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it, including:

• Encryption — all data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
• Tenant isolation — complete data separation at the database, object storage, and vector-search layers ensures your data is never accessible to other customers
• Access controls — strict role-based access controls limit internal access to your data to authorized personnel who need it for support or operational purposes
• Infrastructure security — our services run on AWS infrastructure with managed security groups, private networking, and regular security patching
• Authentication security — API keys are hashed using SHA-512; user authentication is managed through Auth0 with support for multi-factor authentication

While we use commercially reasonable efforts to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. Specific retention periods include:

• Account data — retained for the duration of your active account
• Your Content — retained for 30 days after account termination, during which you may request a data export. After 30 days, Your Content is permanently deleted from our active systems
• Widget session or visitor identifiers — retained only for as long as necessary to support chat continuity, security, troubleshooting, and related operational needs, and generally no longer than the associated conversation history unless a shorter browser or device retention period applies
• Usage and analytics data — may be retained in anonymized or aggregated form after account closure for the purpose of improving the Services
• Billing records — retained as required by applicable tax and accounting laws (typically 7 years)
• Security logs — retained for up to 12 months for incident investigation and compliance purposes

8. International Data Transfers

Fyros.AI is based in the United States, and Your Content and personal information are processed and stored on servers located in the United States (AWS US regions).

If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States. We rely on appropriate legal mechanisms for international data transfers, including Standard Contractual Clauses (SCCs) where required by applicable data protection laws such as the GDPR.

9. Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or incomplete personal information
• Deletion — request deletion of your personal information, subject to legal retention requirements
• Data portability — request a machine-readable copy of your data for transfer to another service
• Objection — object to processing of your personal information based on legitimate interests
• Restriction — request restriction of processing in certain circumstances
• Withdrawal of consent — where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at privacy@fyros.ai. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

10. Cookies & Tracking

10.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of the Services. These include cookies for authentication, session management, security, and, where enabled, maintaining continuity for embedded chat widget conversations. These cookies and similar browser storage technologies cannot be disabled without affecting the functionality of the Services.

Depending on how the Services are deployed, we may use cookies, local storage, or similar browser storage to save a widget session or visitor identifier. This allows a chat widget to restore recent conversations and continue an interaction across multiple pages or return visits from the same browser.

10.2 Analytics Cookies

We may use analytics cookies to collect information about how visitors interact with our website and Services. This helps us understand traffic patterns, identify issues, and improve the user experience. Analytics data is aggregated and does not personally identify you. Where we use Google Analytics or similar analytics tools, those tools are used for measurement and product improvement rather than to provide essential chat or account functionality.

Where required by applicable law, we will request your consent before enabling analytics cookies or similar tracking technologies. Essential cookies and browser storage used for security, authentication, and chat continuity are separate from optional analytics technologies.

10.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can configure your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set. Please note that disabling essential cookies may impair the functionality of the Services.

11. Children's Privacy

The Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@fyros.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice within the Services at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised policy.

13. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@fyros.ai
• Mail: Fyros.AI LLC, PO Box 1386, Lake Grove, OR 97035
• Web: fyros.ai/contact