PRIVACY POLICY

Last Updated: December 15, 2025

IMPORTANT NOTICE

This Privacy Policy (the “Policy”) explains how الابداع والامان لتصميم وتطوير أنظمة الحاسوب ذ.م.م d.b.a. AIVAC (“AIVAC,” “we,” “us,” “our”) collects, processes, stores, and discloses personal data in connection with its artificial-intelligence automation platform and related services (the “Services”).

By accessing or using the Services, you acknowledge, understand, and agree to the data-processing practices described herein.

If you do not agree, do not use the Services.

1. SCOPE OF THIS POLICY

This Policy applies to personal data processed when:

- Clients create or manage accounts;

- AI voice agents place or receive calls;

- AI chatbots send or receive messages (WhatsApp, Facebook, Instagram, email, website, etc.);

- Calls or messages are recorded, stored, or transcribed;

- Analytics, dashboards, or logs are accessed;

- Technical or security monitoring occurs.

This Policy does not apply to:

- third-party platforms or telecom carriers;

- websites or services not operated by AIVAC;

- data independently collected by Clients outside the Services.

2. DEFINITIONS

For clarity:

- “Client” means the business entity using the Services.

- “End-Customer” means any individual contacted by or interacting with the Client through the Services.

- “Personal Data” means any information relating to an identified or identifiable individual.

- “Processing” includes collection, recording, storage, analysis, transmission, or deletion.

3. ROLES: CONTROLLER VS. PROCESSOR

3.1 Client as Data Controller

For End-Customer Personal Data, the Client is the data controller and determines:

- the purpose of processing;

- the content of communications;

- the recipients, timing, and legal basis.

3.2 AIVAC as Data Processor

AIVAC acts solely as a data processor, processing Personal Data only on documented instructions from the Client.

AIVAC does not independently determine the purpose of End-Customer data processing.

4. CATEGORIES OF DATA PROCESSED

4.1 Client Account Data

- Business name

- Contact name

- Email address

- Phone number

- Login credentials

- Billing identifiers (payment details processed by Stripe only)

4.2 End-Customer Data (Processed on Client’s Behalf)

- Phone numbers

- Message content

- Voice recordings

- Call transcripts

- Appointment or reservation details

- Interaction metadata (timestamps, duration, routing)

4.3 Technical & Usage Data

- IP addresses

- Device and browser information

- System logs

- Performance metrics

- Error reports

5. PURPOSES OF PROCESSING

AIVAC processes Personal Data strictly for the following purposes:

1. Providing, operating, and maintaining the Services;

2. Routing, recording, storing, and transcribing calls and messages;

3. Enabling Client access to dashboards, logs, and recordings;

4. Improving AI models, accuracy, and system performance;

5. Monitoring security, preventing fraud, and ensuring compliance;

6. Enforcing contractual and legal obligations.

AIVAC does not sell Personal Data and does not use Personal Data for advertising or profiling unrelated to service delivery.

6. CALL & MESSAGE RECORDING

6.1 Recording by Default

The Client expressly acknowledges and agrees that:

- calls and messages may be recorded by default;

- recordings may include audio, text, and metadata;

- recordings may be stored, reviewed, transcribed, and analyzed.

6.2 Client Consent Obligations

The Client is solely responsible for:

- informing End-Customers of recordings;

- obtaining all legally required consents;

- complying with call-recording, privacy, and telecom laws.

AIVAC DISCLAIMS ALL LIABILITY arising from a Client’s failure to obtain proper consent.

7. LEGAL BASIS & CLIENT WARRANTIES

The Client represents and warrants that:

- it has a lawful basis to process all Personal Data;

- it has provided all required notices to End-Customers;

- it complies with applicable privacy, telecom, consumer, and marketing laws.

AIVAC relies entirely on these representations.

8. DATA SHARING & DISCLOSURE

Personal Data may be disclosed only to:

- hosting and infrastructure providers;

- security and monitoring vendors;

- payment processors (billing data only);

- legal or regulatory authorities when required by law.

All service providers are contractually bound to protect Personal Data.

9. DATA LOCATION

All Personal Data processed by AIVAC is hosted on servers physically located in Jordan.

10. DATA RETENTION

Personal Data is retained only for:

- the duration necessary to provide the Services;

- compliance with legal or contractual obligations;

- dispute resolution or enforcement.

- Afterward, data is securely deleted, anonymized, or archived.

11. SECURITY MEASURES

AIVAC implements reasonable administrative, technical, and organizational safeguards, including:

- access controls;

- encryption where appropriate;

- monitoring and logging.

However, no system is 100% secure, and absolute security cannot be guaranteed.

12. DATA BREACHES

In the event of a data breach affecting data processed by AIVAC:

- AIVAC will take reasonable steps to mitigate the breach;

- AIVAC will notify the Client where legally required;

- The Client is responsible for any required notifications to End-Customers or authorities unless otherwise required by law.

13. CLIENT OBLIGATIONS & LIABILITY

The Client is solely responsible for:

- lawful data collection;

- End-Customer disclosures;

- responding to End-Customer data requests;

- regulatory compliance.

AIVAC bears no responsibility for Client compliance failures.

14. DATA SUBJECT RIGHTS

Requests from End-Customers regarding their data must be directed to the Client.

AIVAC will reasonably assist the Client, where required by law, at the Client’s expense.

15. CHANGES TO THIS POLICY

We may update this Policy from time to time. Updates will be posted on the Website with a new “Last Updated” date. Continued use after changes means you accept them.

16. CONTACT

Privacy inquiries may be directed to:

AIVAC – Privacy Office

[email protected]