Privacy Policy

Alab & Alon Innovations Inc. ("AlonChat", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent platform and services (the "Service").

By using AlonChat, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, and profile details when you create an account
• AI Agent Data: Configurations, system prompts, and knowledge base content you provide to build your AI agents
• Communication Data: Information from your interactions with our support team
• Payment Information: Billing details processed securely through our payment processor

1.2 Automatically Collected Information

• Usage Data: Information about how you interact with our Service, including features used, pages visited, and time spent
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies and Tracking: We use cookies and similar technologies to track activity and improve user experience

1.3 Third-Party Service Data

When you connect third-party services to AlonChat, we may collect:

• Facebook Messenger: Conversation history, contact information, and metadata from your Facebook page
• Google Services: See "Google Services Integration" section below for detailed information

1.4 Merchant and Payment Processing Data

When you use AlonChat's payment processing features (integrated with PayMongo and other payment processors), we collect additional information necessary for merchant onboarding, KYC (Know Your Customer) verification, and financial compliance:

• Business Information: Business name, trade name, business type (sole proprietor, corporation, etc.), industry, business address
• Identification Documents: Government-issued IDs (passport, driver's license, national ID), TIN (Tax Identification Number), business registration documents (DTI, SEC, CDA, Mayor's Permit)
• Bank and Payout Information: Bank account details, e-wallet accounts (GCash, Maya, etc.) for receiving payouts from customer transactions
• Authorized Representative Information: Name, contact details, ID documents, and proof of authority for business representatives
• Transaction Data: Payment amounts, transaction IDs, payment methods used by your end-customers, timestamps, and transaction status
• Financial Compliance Data: Source of funds, estimated monthly transaction volume, nature of business, and other information required for Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) compliance

This data is collected and stored in accordance with Bangko Sentral ng Pilipinas (BSP) regulations and payment processor requirements.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI agent platform and features
• AI Training: To train and optimize your custom AI agents based on the data you provide
• Communication: To send important service updates, security alerts, and notifications
• Customer Support: To respond to your questions, requests, and provide technical assistance
• Analytics: To understand how users interact with our Service and improve user experience
• Security: To detect, prevent, and address technical issues, fraud, and security vulnerabilities
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Third-Party Integrations: To enable features like Gmail automation, calendar scheduling, and file access as authorized by you
• Payment Processing: To facilitate payment transactions between you (the merchant) and your end-customers through integrated payment processors
• Fraud Prevention: To monitor transactions, detect suspicious activity, and prevent fraudulent use of the Service
• Financial Compliance: To comply with Bangko Sentral ng Pilipinas (BSP) regulations, Anti-Money Laundering (AML) laws, and Counter-Terrorism Financing (CTF) requirements

5. How We Share Your Information

5.1 AI Service Providers

We share data with AI providers (OpenAI, Anthropic, Google, and others) to process your requests and generate AI responses. These providers process data according to their own privacy policies and data processing agreements.

5.2 Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

• Cloud infrastructure providers (Supabase, Vercel, Railway)
• Payment processors (PayMongo): To facilitate merchant onboarding, KYC verification, transaction processing, and payouts. PayMongo processes data in accordance with BSP regulations and their own privacy policy.
• Analytics providers
• Customer support tools

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.5 Law Enforcement and Fraud Investigations

IMPORTANT: AlonChat reserves the right to cooperate with law enforcement agencies, government authorities, and regulatory bodies (including but not limited to the National Bureau of Investigation, Philippine National Police, Department of Trade and Industry, Bangko Sentral ng Pilipinas, Securities and Exchange Commission, and DICT Cybercrime Division) in the investigation of suspected fraud, scams, illegal activities, or violations of our Terms of Service.

We may disclose merchant information, including but not limited to:

• Account details, business information, and contact information
• KYC documents (government-issued IDs, business registration, bank account details)
• Transaction history, payment records, and financial data
• Chat logs, AI agent configurations, and customer interaction records
• IP addresses, device information, access logs, and activity timestamps
• Reports filed by end-customers or third parties regarding suspected fraud
• Any other information required by court order, subpoena, search warrant, or lawful legal request

By using the Service, you explicitly consent to such disclosures and acknowledge that AlonChat has a legal and regulatory obligation to cooperate with authorities. You waive any claims, demands, or causes of action against AlonChat arising from the disclosure of information to law enforcement or regulatory agencies in good faith compliance with legal obligations or in response to suspected illegal activity.

We will not provide advance notice of such disclosures where prohibited by law or where doing so would compromise an ongoing investigation.

We never sell your personal data to third parties for marketing purposes.

6. Data Storage and Retention

6.1 Storage Location

Your data is stored on secure cloud infrastructure provided by Supabase (PostgreSQL database) with servers located in the United States and other regions depending on your account settings.

6.2 Retention Period

• Active Accounts: We retain your data as long as your account is active
• Inactive Data: Unused data is automatically deleted after 90 days of inactivity
• OAuth Tokens: Google OAuth tokens are retained encrypted until you disconnect the integration
• Backups: Database backups are retained for 30 days for recovery purposes
• Transaction Records: Payment transaction data is retained for 7 years to comply with Philippine tax laws and BSP regulations
• KYC Documents: Merchant identification and business registration documents are retained for 5 years after account closure as required by AML/CTF regulations
• Legal Requirements: Some data may be retained longer if required by law, court order, or ongoing legal proceedings

6.3 Data Deletion

You can request deletion of your data at any time by contacting us at privacy@alonchat.com. We will delete your data within 30 days unless retention is required by law, regulatory obligations, or ongoing legal proceedings.

Note: Financial records, transaction history, and KYC documents may be retained beyond 30 days to comply with BSP regulations, tax laws, and AML/CTF requirements.

7. Security

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict authentication and role-based access controls
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Audits: Regular security audits and penetration testing
• Compliance: Adherence to industry best practices and security standards, including BSP Circular No. 1074 (Guidelines on Information Security Management)

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

8.1 General Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing in certain circumstances

8.2 GDPR Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection and processing
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

8.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising your CCPA rights
• Right to correct inaccurate personal information
• Right to limit use and disclosure of sensitive personal information

8.4 Philippine Data Privacy Act Rights

Under the Data Privacy Act of 2012 (Republic Act No. 10173), Philippine residents have the right to:

• Be informed of the nature, purpose, and extent of data processing
• Access personal data and request copies
• Dispute inaccurate or incomplete data and request corrections
• Suspend, withdraw, or order the blocking, removal, or destruction of personal data
• Lodge complaints with the National Privacy Commission (NPC)
• Obtain damages for inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data

To exercise any of these rights, please contact us at privacy@alonchat.com.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

9.1 Essential Cookies

Required for the website to function properly, including authentication, session management, and security features.

9.2 Analytics Cookies

Help us understand how visitors interact with our website using tools like Google Analytics and Facebook Pixel.

9.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect website functionality.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy and applicable laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: