Privacy Policy
This Privacy Policy (the "Policy") explains how Drog AI, a service of Drogoz Network ("we", "us", or "our"), collects, uses, discloses, retains, and protects personal data in connection with the products and services we provide (the "Services"). It should be read together with our Terms of Service. This Policy is drafted having regard to the principles of the EU General Data Protection Regulation (GDPR) and comparable data-protection frameworks; however, nothing in this Policy constitutes a representation, warranty, or certification of compliance with any specific legal regime unless such compliance has been separately and formally verified.
1. Roles: Controller and Processor
Our role under data-protection law depends on the context of processing:
- As a controller, we process personal data about our own customers and website visitors — for example, Account registration data, billing information, and communications with us — for the purposes described in this Policy.
- As a processor, we process personal data contained in Customer Data on behalf of, and under the instructions of, our customers, who act as controllers of that data. In this role, the customer is responsible for establishing a lawful basis for the processing and for the rights of the relevant data subjects (including End Users).
2. Personal Data We Collect
2.1 Data you provide
- identity and contact data (such as name, username, email address, and telephone number);
- account and authentication data (such as credentials and security settings);
- billing and transaction data (such as payment amounts, cryptocurrency wallet addresses used for payment, and transaction identifiers);
- support communications and correspondence.
2.2 Data generated through use of the Services
- usage, log, and diagnostic data (such as IP address, device and browser information, timestamps, and feature usage);
- configuration data (such as agents, prompts, campaigns, and settings you create);
- communications data processed on your behalf, which may include call audio, recordings, transcripts, contact records, and related metadata (Customer Data).
2.3 Data from third parties
We may receive data from payment and telephony providers, fraud-prevention services, and analytics partners, to the extent necessary to operate and secure the Services.
3. Purposes and Legal Bases for Processing
Where we act as a controller, we process personal data for the following purposes, relying on the legal bases indicated where GDPR-style analysis applies:
- Providing the Services — performance of a contract with you;
- Billing, payments, and fraud prevention — contract performance, legitimate interests, and legal obligation;
- Security, abuse detection, and integrity — legitimate interests in protecting our users and infrastructure;
- Support and communications with you — contract performance and legitimate interests;
- Legal and regulatory compliance — compliance with legal obligations;
- Product improvement and analytics — legitimate interests, applied with appropriate safeguards; and
- Marketing — consent, where required, which you may withdraw at any time.
4. Customer Data and End Users
When we process Customer Data as a processor, we do so only on documented instructions from the customer and as necessary to provide the Services. The customer is the controller of such Customer Data and is responsible for: establishing a lawful basis for processing; providing notices to and obtaining any required consents from End Users; and honoring data-subject rights. If you are an End User seeking to exercise rights in relation to data processed through our Services, please contact the relevant customer (the controller); we will assist that controller as required.
5. How We Share Personal Data
We do not sell personal data. We may share personal data with:
- Service providers and sub-processors who process data on our behalf (such as hosting, telephony, payment, and security providers) under contractual confidentiality and data-protection obligations;
- Affiliates within Drogoz Network to operate and support the Services;
- Professional advisers such as auditors and legal counsel;
- Authorities and third parties where we are legally compelled to do so, or where necessary to protect our rights, users, or the public, as described in Section 9 and in the Compliance Policy; and
- Successors in the context of a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
6. International Transfers
Personal data may be processed and stored in countries other than the one in which it was collected. Where personal data is transferred across borders, we take steps intended to ensure an appropriate level of protection consistent with Applicable Law, which may include contractual safeguards such as standard contractual clauses where relevant. The existence of such measures does not constitute a warranty of compliance with any particular legal regime.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal, tax, accounting, and regulatory obligations, resolve disputes, and enforce our agreements. Retention periods vary according to the type of data and the applicable purpose. When personal data is no longer required, we will delete, anonymize, or securely de-provision it in accordance with our practices and Applicable Law. Customer Data is retained and deleted in accordance with the customer's instructions and the Terms of Service.
8. Data-Subject Rights
Subject to Applicable Law and to our role in a given processing activity, individuals may have the right to:
- access the personal data we hold about them;
- request rectification of inaccurate or incomplete data;
- request erasure of personal data in certain circumstances;
- restrict or object to certain processing;
- request data portability;
- withdraw consent where processing is based on consent; and
- lodge a complaint with a competent supervisory authority.
To exercise these rights with respect to data for which we are the controller, contact privacy@drog.ai. Where we act as a processor, we will refer the request to, or assist, the relevant controller. We may need to verify your identity before responding, and certain rights are subject to conditions and exemptions under Applicable Law.
9. Law Enforcement and Legal Requests
We disclose personal data to governmental, regulatory, or law-enforcement authorities only when legally required to do so by valid and binding legal process enforceable against us. We review each request for legal validity and scope and, where lawful and appropriate, may object to or narrow overbroad requests. Except where prohibited, we endeavor to notify affected users. Further detail is provided in the Compliance Policy.
10. Security
We implement technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the data and the risks involved. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for the security practices within your own organization.
11. Cookies and Similar Technologies
Our websites and dashboards may use cookies and similar technologies for authentication, security, preferences, and analytics. You can control cookies through your browser settings; disabling certain cookies may affect the functionality of the Services.
12. Children's Privacy
The Services are not intended for, and may not be used by, individuals under the age of eighteen (18) or the age of majority in their jurisdiction. We do not knowingly collect personal data from children. If we become aware that we have collected such data without appropriate authorization, we will take steps to delete it.
13. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date above indicates the latest revision. Where changes are material and required by Applicable Law, we will provide additional notice. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
