Privacy Policy

1. Introduction
‍
Certus AI, Inc. ("Certus AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites (www.certus-ai.com and implementcertus-ai.com), use our voice AI services, or interact with our platform in any way.By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect: Overview

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you register for an account, express interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us. This includes: name, email address, phone number, mailing address, business name and details, payment information (credit card numbers, billing address), account credentials (username and password), and any other information you choose to provide.

2.2 Voice and Call Data

As a voice AI platform for restaurants, we collect and process: voice recordings and transcriptions of calls handled by our AI agents, call metadata (duration, timestamps, caller phone numbers), order information and transaction details, customer preferences and order history, and conversation logs between customers and our AI agents. This data is essential for providing our core services, improving AI performance, and enabling restaurants to serve their customers effectively.

2.3 Information Collected via Forms

When you interact with forms on our websites (such as demo request forms powered by Typeform), we collect the information you voluntarily submit, including your name, phone number, email address, business details, and responses to qualification questions. This is first-party data collection based on your intentional action.

2.4 Automatically Collected Information

When you access our website or Services, we automatically collect certain information, including: device information (device type, operating system, unique device identifiers), browser information (browser type, version, language preferences), IP address and general geographic location, pages visited, time spent on pages, and navigation paths, referring URLs and exit pages, date and time of access, and clickstream data and interaction patterns.
‍
3. Cookies, Pixels, and Tracking TechnologiesWe use various tracking technologies to collect and store information about your interactions with our Services. We obtain your consent before placing non-essential cookies on your device, in accordance with applicable privacy laws.

‍3.1 Cookies

‍Cookies are small data files stored on your device. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted or expired). Types of cookies we use include:Essential Cookies — Required for the operation of our website and Services, including consent management (CookieYes) and infrastructure services (Cloudflare).Performance/Analytics Cookies — Help us understand how visitors interact with our website.Functionality Cookies — Remember your preferences and settings, including form preferences (Typeform).Marketing/Advertising Cookies — Track browsing habits to deliver relevant advertisements and measure campaign effectiveness.

‍3.2 Specific Tracking Technologies We Use

‍We use the following third-party tracking technologies on our websites: On certus-ai.com (our main website):

‍Google Analytics (GA4) — Website analytics to understand visitor behavior, page views, and navigation patterns. Sets cookies including _ga and ga# with a maximum duration of 2 years. Data is sent to the United States.Hyros — Marketing attribution platform to measure advertising campaign performance and track conversion paths. Sets cookies including __mh_tt_s with a maximum duration of 400 days. Data is sent to the United States.

SalesLoft — Sales engagement platform that tracks visitor behavior to optimize outreach and identify interested prospects. Sets cookies including sliguid, slirequested, slireg, and site_identity with a maximum duration of 1 year. Data is sent to the United States and Germany.

YouTube — Embedded video content on our website. YouTube (owned by Google) sets cookies to track interactions with embedded videos, store video player preferences, and enable video functionality. Sets multiple cookies with varying durations. Data is sent to the United States.

Typeform — Embedded forms for demo requests and inquiries. Sets cookies including tf_random_id, tf_respondent_cc, attribution_user_id, and tracking_session_id for form functionality and analytics. Data is sent to the United States.

Convuu — Website call demo widget enabling visitors to interact with our AI phone agent. Sets a device fingerprint cookie. Data is sent to the United States.

Webflow Optimize (Intellimize) — Website personalization and optimization tool integrated with our website platform. Sets cookies for visitor identification and experience optimization. Data is sent to Ireland and the United Kingdom.

‍On implementcertus-ai.com (our landing pages):

‍Meta Pixel (Facebook/Instagram) — Advertising pixel for conversion tracking, retargeting, and measuring the effectiveness of our advertising campaigns on Meta platforms. Data is sent to the United States.

Google Analytics (GA4) — Website analytics as described above.

Hyros — Marketing attribution as described above.

‍3.3 Managing Tracking Technologies

‍We use CookieYes as our consent management platform. When you first visit our website from a region covered by applicable privacy laws (including the European Union, United Kingdom, California, and Canada), you will be presented with a consent banner that allows you to:Accept All cookies and tracking technologiesDecline all non-essential cookies and tracking technologiesCustomize your preferences by cookie category (Analytics, Functional, Marketing)You can change your consent preferences at any time by clicking the "Revisit Consent" button available on our website.Non-essential tracking technologies are blocked until you provide consent. If you decline cookies, we will only use essential cookies necessary for the basic operation of our website. This means advertising pixels (such as Meta Pixel) will not fire, analytics tools will not track your visit, and your activity will not be used for retargeting or attribution.You can also control cookies through your browser settings. Most browsers allow you to refuse cookies, delete cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of our Services.You can opt out of interest-based advertising through: the Digital Advertising Alliance (DAA) at optout.aboutads.info, the Network Advertising Initiative (NAI) at optout.networkadvertising.org, the European Interactive Digital Advertising Alliance (EDAA) at youronlinechoices.eu, and individual platform settings (Google, Meta, etc.).

‍4. How We Use Your Information

‍We use the information we collect for various purposes, including: providing, operating, and maintaining our Services; processing and completing transactions, including order processing through our AI agents; improving, personalizing, and expanding our Services; training and improving our AI models and voice recognition capabilities; understanding and analyzing how you use our Services; developing new products, services, features, and functionality; communicating with you, including for customer service, updates, and marketing; sending you promotional communications (with your consent where required); processing payments and preventing fraud; measuring the effectiveness of our advertising campaigns; complying with legal obligations; and protecting our rights, privacy, safety, or property.

‍5. How We Share Your Information

‍We may share your information in the following circumstances:

‍5.1 Service Providers

‍We share information with third-party vendors, service providers, and contractors who perform services on our behalf, including but not limited to: cloud hosting and infrastructure providers (AWS, Google Cloud, etc.), payment processors, POS system integrations (Toast, Square, Clover, NCR, and others), analytics and marketing platforms (Google Analytics, Hyros, SalesLoft), advertising platforms (Meta), customer support tools, email and communication service providers, and consent management (CookieYes).

‍5.2 Restaurant Partners

‍When you interact with our AI agents on behalf of a restaurant, we share relevant information with that restaurant partner, including order details, contact information, and conversation records necessary to fulfill your orders and provide customer service.

‍5.3 Business Transfers

In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity.

‍5.4 Legal Requirements

‍We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Certus AI, our users, or others.

5.5 SMS/Text Messaging Privacy

Certus AI may send SMS (text) messages to individuals who voluntarily provide their phone number and explicitly opt in to receive SMS communications through our website forms (such as the Book a Demo form). These messages are limited to transactional communications related to our Services, including demo confirmations, appointment reminders, meeting links, and implementation updates.No Sharing of SMS Opt-In Data. Certus AI will not sell, rent, loan, trade, lease, or otherwise transfer for profit any phone numbers or personal information collected through our SMS opt-in process to any third party or affiliate for their own marketing purposes. Phone numbers collected for SMS communications are used solely by Certus AI to send the transactional messages described at the time of opt-in.Opting Out. You may opt out of SMS messages at any time by replying STOP to any message. After opting out, you will receive a one-time confirmation and no further SMS messages will be sent unless you re-subscribe.Help. For questions about our SMS program, reply HELP to any message or contact us at info@certus-ai.com.Message Frequency and Rates. Message frequency varies based on your interactions with Certus AI. Message and data rates may apply depending on your mobile carrier and plan. Certus AI is not responsible for carrier charges.

‍6. Data Retention

‍We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Voice recordings and call data are retained for the duration of our service agreement with the relevant restaurant partner and for a reasonable period thereafter. Account information is retained for the duration of your account and for a reasonable period thereafter. Cookie and tracking data is retained for the periods specified in Section 3.2 above, or until you withdraw consent. When we no longer need to retain your information, we will securely delete or anonymize it.

‍7. Data Security We implement appropriate technical and organizational security measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include: encryption of data in transit and at rest, secure data centers with physical access controls, regular security assessments and penetration testing, access controls and authentication mechanisms, employee training on data protection, and incident response procedures. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

‍8. Your Privacy Rights8.1 General Rights

‍Depending on your location, you may have certain rights regarding your personal information, including: the right to access the personal information we hold about you, the right to correct inaccurate or incomplete information, the right to delete your personal information, the right to restrict or object to processing, the right to data portability, the right to withdraw consent, and the right to opt out of marketing communications.

‍8.2 California Privacy Rights (CCPA/CPRA)

‍If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information (subject to certain exceptions); the right to opt out of the sale or sharing of personal information; the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your privacy rights.We do not sell your personal information. We do share certain information with advertising platforms (such as Meta) for targeted advertising purposes, which may constitute "sharing" under the CPRA. You can opt out of this sharing by declining marketing cookies via our consent banner.To exercise these rights, please contact us using the information provided below. We will verify your identity before processing your request.

‍8.3 European Privacy Rights (GDPR)

‍If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and similar laws, including: the right to access, correct, or delete your personal data; the right to restrict or object to processing; the right to data portability; the right to withdraw consent at any time; and the right to lodge a complaint with a supervisory authority. Our legal bases for processing personal data include: consent (for non-essential cookies and marketing), contract performance (for providing our services), legitimate interests (for improving our services and fraud prevention), and legal obligations.

‍8.4 Canadian Privacy Rights

‍If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including the right to access your personal information, the right to challenge the accuracy and completeness of your information, and the right to withdraw consent for the collection, use, or disclosure of your information.

‍8.5 Do Not Track Signals

‍Our consent management platform respects Global Privacy Control (GPC) signals. When a GPC signal is detected, we treat it as a valid opt-out request for the sale or sharing of personal information.

‍9. Third-Party Links and Services

‍Our Services may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

‍10. Children's Privacy

‍Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information. If you believe we may have collected information from a child under 16, please contact us immediately.

‍11. International Data Transfers

‍Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses where required.

‍12. Changes to This Privacy Policy

‍We may update this Privacy Policy from time to time, including when we add or remove tracking technologies from our websites. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Services after any modifications to this Privacy Policy constitutes your acceptance of the updated terms.

‍13. Contact Us

‍If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:Email: info@certus-ai.com Website: www.certus-ai.comFor data subject access requests or to exercise your privacy rights, please email us at info@certus-ai.com with the subject line "Privacy Rights Request."To request deletion of your personal data, please email info@certus-ai.com with the subject line "Data Deletion Request."

‍14. Cookie Declaration

‍For a complete, up-to-date list of all cookies used on our website, please refer to the cookie declaration below, which is automatically updated by our consent management platform.