Privacy Policy

You own your own data.

We do not retain your data indefinitely

Chat messages and training context are stored only for the life of your paid account plus 90 days for recovery, unless you delete them sooner via the in‑app danger‑zone.

We do not train on your data

Your uploaded data powers your chatbot only; we do not use it to train models for other customers.

Custom chatbots are your own

Each chatbot is isolated to your account. Best‑practice security controls protect your content.

Security measures

We implement JWT authentication for all frontend-to-backend communications and employ industry-standard encryption protocols. We are currently pursuing ISO 27001/SOC 2 certification.

Information you provide

Account information

Name, email address, password hash, personal website link, optional social‑media links.

Customer service/product support information

Information you share when opening support tickets.

Direct contact

Any personal data you include in emails or feedback forms.

Feedback and marketing data

Email preferences if you opt‑in to marketing communications.

Information we automatically collect

Device and connection information

IP address, browser type, basic device data (for security and fraud prevention).

Usage information

Timestamped API requests, error logs, and rate‑limit counters necessary to operate the platform.

Cookies and tracking technologies

Essential authentication and CSRF cookies only. No analytics or marketing cookies at launch.

Cookies

Our websites currently set only:

Essential cookies

Required for login, session management, and security.

We honour Global Privacy Control (GPC) and Do‑Not‑Track signals for future optional cookies.

Third-party Websites & Services

Links to third‑party sites (e.g., payment processor) are governed by their own policies.

How We Use Personal Information

We use your personal information to:

• Provide, maintain, and improve the Service.
• Notify you of new leads captured by your chatbot.
• Send service updates, invoices, or security alerts.
• Send marketing emails only if you have consented (opt‑in, unsubscribe anytime).
• Detect and prevent fraud or misuse.

How We Share Personal Information

We may share personal information with:

Service providers: AWS (hosting – Frankfurt), OpenAI (LLM inference), future payment processor.
Legal compliance: Courts or regulators when required by law.
Corporate events: In connection with a merger or acquisition, subject to confidentiality.

Data security and retention

TLS 1.3 in transit, AES‑256 at rest, least‑privilege IAM, daily backups. Personal data retained no longer than necessary or as required by law.

International data transfers

Primary servers are in AWS eu‑central‑1 (Frankfurt). If data flows outside the EEA, transfers rely on Standard Contractual Clauses (SCCs) and Israeli regulations.

Children's Privacy

The Service is not directed to individuals under 18 and we do not knowingly collect their data.

Your Rights & Choices

Subject to law, you may:

• Access, correct, delete, or export your data.
• Object to processing or withdraw consent.

Email mydatarequest@davay.ai; we respond within 30 days.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through email and an in-app banner at least 14 days before the change takes effect. Your continued use of the Service after such notice constitutes your acceptance of the revised Privacy Policy.

Contacting Us

For privacy questions email contact@davay.ai or write to Davay.ai PO Box 6718, Ramat‑Gan 5216701, Israel.

Last updated: May 4, 2025