Effective Date: February 2026 Last Updated: February 2026
1. Introduction
SmartCog AI ("SmartCog," "we," "us," or "our") is committed to protecting the privacy of our customers and the end users who interact with chatbots powered by our platform. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how we protect it, and what rights you have regarding your data.
This policy applies to visitors of the SmartCog website (smartcogai.com), businesses and individuals who purchase our services ("Customers"), and end users who interact with AI chatbots deployed by our Customers on their websites ("End Users").
SmartCog AI is a product of Tetiana Ushakova, Individual Entrepreneur (ФОП Ушакова Тетяна), registered in Ukraine, registration number (EDRPOU) 1909704087.
Data Controller: Tetiana Ushakova, Individual Entrepreneur, Office 26, 59 Antonovycha Street, Kyiv, 03150, Ukraine. Contact: privacy@smartcogai.com
2. Data We Collect
2.1 — Data from Customers
When you sign up for and use our services, we may collect your name, email address, and company name, your billing and payment information (processed by our third-party payment providers — we do not store your payment card details), API keys you provide for third-party AI providers (stored in encrypted form and used solely to operate the service on your behalf), communications you exchange with our support team, and account preferences and configuration settings.
2.2 — Data from End Users
When an End User interacts with a SmartCog-powered chatbot on a Customer's website, we may process the content of conversation messages exchanged with the chatbot, any information the End User voluntarily provides during a conversation (such as name, email address, or phone number), technical data including IP address (for security and rate-limiting purposes), browser type, device type, referring page URL, and timestamp of the interaction, and cookies and similar technologies as described in our Cookie Policy.
2.3 — Data from Website Visitors
When you visit smartcogai.com, we may collect standard web analytics data including pages visited, time on site, and referring source, data collected through cookies as described in our Cookie Policy, and any information you voluntarily submit through contact forms.
3. Legal Basis for Processing
We process personal data on the following legal grounds:
Contract Performance. Processing your data is necessary to deliver the services you have purchased, including operating your chatbot, managing your subscription, and providing support.
Legitimate Interest. We have a legitimate interest in analyzing usage patterns to improve the service, maintaining the security and integrity of our platform, and communicating with you about your account and service updates. We balance these interests against your rights and freedoms and take steps to minimize any impact on your privacy.
Consent. Where required by law, we obtain your consent before sending marketing communications, placing non-essential cookies on your device, and processing data for purposes not covered by another legal basis. You may withdraw your consent at any time by contacting us at privacy@smartcogai.com or by using the unsubscribe mechanism in marketing emails.
Legal Obligation. We may process personal data to comply with applicable laws, regulations, or lawful governmental requests.
4. How We Use Your Data
We use personal data to provide, operate, and maintain the SmartCog service, to process payments through our third-party payment providers, to communicate with Customers about account matters, service updates, and technical notices, to respond to support inquiries and resolve issues, to improve and optimize the service based on anonymized and aggregated usage data, to detect and prevent fraud, abuse, and security threats, and to comply with legal obligations.
We do not sell personal data to third parties. We do not use your data or conversation content to train AI models. We do not use End User conversation data for advertising purposes.
5. Data Sharing and Third Parties
We share personal data only as necessary to deliver our service and as described below.
Payment Providers. We use third-party payment providers to process transactions. These providers receive the billing information necessary to process your payment and operate under their own privacy policies.
AI Providers (OpenAI, Anthropic, Google, and others). Conversation content is sent to the AI provider selected by the Customer in order to generate responses. Each provider processes this data under its own terms of service and data handling policies. Customers are responsible for reviewing and accepting the terms of the AI provider whose API key they supply.
Hosting and Infrastructure. We use trusted infrastructure providers, including Cloudflare for CDN and security services and cloud hosting providers for application and database hosting. These providers process data on our behalf under data processing agreements.
Analytics. We may use analytics tools to understand how our website and service are used. Where analytics involve personal data, we anonymize or aggregate it wherever possible.
Email Services. We use transactional email services to send account-related communications.
Legal Requirements. We may disclose personal data if required to do so by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside of your country of residence, including countries that may not provide the same level of data protection as your home country. Where such transfers occur, we implement appropriate safeguards, including standard contractual clauses approved by relevant data protection authorities, reliance on adequacy decisions where available (Israel has been recognized by the European Commission as providing an adequate level of data protection), and contractual data processing agreements with all third-party processors.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our general retention practices are as follows:
Customer account data is retained for the duration of your active subscription plus thirty (30) days after termination, to allow for account reactivation or data export.
Conversation data is retained in accordance with the Customer's subscription and configuration. Upon account closure, Customers may request a data export within thirty (30) days. Conversation data is permanently deleted within ninety (90) days of account closure.
Billing and financial records are retained for seven (7) years as required by applicable tax and accounting laws.
Analytics data is anonymized after twelve (12) months and may be retained in anonymized form indefinitely for statistical purposes.
Support communications are retained for up to twenty-four (24) months after resolution.
8. Your Rights
Under the General Data Protection Regulation (GDPR), Israel's Protection of Privacy Law (as amended by Amendment No. 13), and other applicable data protection laws, you may have the following rights:
Right of Access. You have the right to request a copy of the personal data we hold about you.
Right to Rectification. You have the right to request correction of any inaccurate or incomplete personal data.
Right to Erasure. You have the right to request deletion of your personal data, subject to our legal retention obligations.
Right to Restrict Processing. You have the right to request that we limit how we process your data in certain circumstances.
Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object. You have the right to object to processing based on legitimate interest, including for direct marketing purposes.
Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw that consent at any time.
Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority. In Israel, the relevant authority is the Privacy Protection Authority (PPA). In the EU, you may contact the supervisory authority in your country of residence.
To exercise any of these rights, contact us at privacy@smartcogai.com. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.
Note for End Users: If you are an End User who has interacted with a SmartCog-powered chatbot on a third-party website, we process your data on behalf of the Customer who operates that website. To exercise your data rights regarding conversation data, we recommend contacting the website operator directly. You may also contact us at privacy@smartcogai.com and we will make reasonable efforts to assist.
9. Data Security
We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include TLS encryption for all data in transit, encryption at rest for stored data, HMAC authentication for API communications, domain locking to prevent unauthorized chatbot deployment, role-based access controls and the principle of least privilege, regular security assessments and monitoring, and an instant kill switch that allows Customers to terminate any active chatbot session immediately.
We do not store payment card data. All payment information is processed by our third-party payment providers in accordance with applicable security standards.
While we take security seriously and implement industry-standard protections, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.
10. Children's Privacy
The SmartCog service is not directed at individuals under the age of sixteen (16). We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at privacy@smartcogai.com.
11. Cookies
We use cookies and similar technologies on our website. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy at smartcogai.com/cookie-policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify Customers of material changes via email to the address associated with their account at least fourteen (14) days before the changes take effect. The updated policy will be posted on this page with a revised "Last Updated" date.
We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy inquiries: privacy@smartcogai.com General inquiries: info@smartcogai.com
Tetiana Ushakova, Individual Entrepreneur (ФОП Ушакова Тетяна) EDRPOU: 1909704087 Office 26, 59 Antonovycha Street, Kyiv, 03150, Ukraine