Privacy Policy

This Privacy Policy governs the collection, processing, storage, and transfer of personal data by CAIBots ("CAIBots", "we", "our") in connection with our Autonomous Enterprise Execution System platform and associated services. CAIBots operates as both a data controller (for information collected directly through our website and marketing activities) and a data processor (for client data processed through the CAIBots execution platform under a Business Associate Agreement or Data Processing Agreement).

This policy applies to: visitors to caibots.com, prospective clients who engage with our sales and marketing processes, and enterprise clients who deploy the CAIBots platform in their organizations.

Through our website and marketing activities, we collect: contact information provided through forms or direct outreach (name, email, company, title), interaction data (pages visited, session duration, referral source), and communications history.

Through the CAIBots execution platform deployed in client environments, we process data on behalf of our clients as a data processor. The categories of data processed depend on the workflows deployed and are defined in the applicable Data Processing Agreement or Business Associate Agreement. We do not use client execution data for any purpose other than delivering the contracted service.

For individuals in the European Economic Area, CAIBots processes personal data on the following legal bases: (1) Performance of contract — for processing necessary to deliver contracted services; (2) Legitimate interests — for marketing communications to business contacts; (3) Consent — for optional data collection activities.

EEA data subjects have the following rights: Right to access, Right to rectification, Right to erasure ("right to be forgotten"), Right to restrict processing, Right to data portability, and Right to object. To exercise any of these rights, contact: contact@caibots.com. For enterprise deployments, EEA personal data is processed in EU-hosted infrastructure by default.

For Healthcare clients, CAIBots operates as a Business Associate under HIPAA. We sign a Business Associate Agreement (BAA) with every Healthcare client before accessing or processing any Protected Health Information (PHI). All PHI processing follows the HIPAA minimum-necessary standard.

PHI handling in CAIBots deployments: Zero PHI egress — all processing occurs within the client's network perimeter. Every PHI access is logged with user identity, timestamp, data accessed, and purpose. Role-based access control governs who within the client organization can access PHI audit logs. We maintain policies and safeguards required under 45 CFR Part 164 (HIPAA Security Rule).

For Financial Services clients subject to Federal Reserve / OCC SR 11-7 model risk management guidance, CAIBots provides documentation supporting model validation requirements. This includes: Cognition layer model specifications and training methodology documentation, governance matrix configuration and validation records, ongoing monitoring data from the ROI and compliance dashboards, and audit trail records supporting independent review and challenge requirements.

CAIBots maintains SOC 2 Type II certification covering Security, Availability, and Confidentiality trust service criteria. Our SOC 2 report is available to enterprise clients under NDA. Key controls include: encryption at rest (AES-256) and in transit (TLS 1.3), access control with least-privilege principles, continuous monitoring and anomaly detection, incident response procedures with defined SLAs, and annual penetration testing by an independent firm.

Website and marketing data is retained for 36 months from last interaction, after which it is deleted or anonymized. Execution audit logs are retained for the period specified in the client's Data Processing Agreement — typically 7 years for Financial Services clients (BSA/AML requirements) and 6 years for Healthcare clients (HIPAA requirements). Enterprise clients may request deletion of all personal data associated with their account at any time by contacting contact@caibots.com, subject to legal retention obligations.

Privacy inquiries: contact@caibots.com · CAIBots · Princeton, New Jersey, USA. EEA data subjects who believe their privacy rights have been violated may lodge a complaint with their national data protection authority. UK data subjects may contact the Information Commissioner's Office (ICO).