Privacy Policy

Selsa Inc. Privacy Policy

Effective Date: June 1, 2025

This Privacy Policy describes how Selsa Inc. (“we,” “our,” or “us”) collects, uses, discloses, and protects the personal and business data of clients and their users when interacting with our AI-powered services. By using our Services, clients agree to the terms of this Policy.

1. Introduction and Consent

Selsa Inc. respects your privacy and is committed to protecting the personal information you share with us. By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices outlined here, please do not use our Services.

2. Types of Data We Collect

2.0 Account Creation Options

Users may choose to create an account using their email address or through third-party single sign-on (SSO) mechanisms such as Google, Apple ID, or other supported providers. When registering via a third-party account ("Third Party Account"), Selsa Inc. receives access to select information, including but not limited to name, email address, and any public data associated with that platform, as permitted by the user during authentication. This data is used solely to facilitate account setup and user authentication. Selsa Inc. stores only the minimum required data and tokens for login continuity. The privacy practices of third-party providers are governed by their respective policies, and Selsa Inc. assumes no responsibility for their practices.

2.1 Client Registration Data

We collect business-related contact details including full name, business email, phone number, company name, and billing details. This information is used to authenticate access and set up client accounts.

2.2 Session Interaction Data

We record conversations between users and our AI agents including session transcripts, timestamps, and conversion events. This enables performance analytics and customer experience optimization.

2.3 Technical, Behavioral, and Device-Based Information

We automatically collect certain technical and behavioral data to enhance service delivery, maintain system security, and analyze user engagement. This includes:

IP Address and Device Identifiers: We collect IP addresses, device IDs, UDIDs, AD-IDs, and browser fingerprints for fraud prevention, location analysis, and device optimization.
Geolocation Data: Geolocation is inferred from IP addresses and other signals to understand usage distribution and deliver localized services.
Session Behavior: Includes clickstream data, navigation paths, time spent, user actions, and system interactions, used to refine logic performance and interface usability.
Cookies and Tracking Technologies: We use first- and third-party cookies, pixels, and session replay tools for analytics, A/B testing, and advertising attribution. Data collected via these methods may include referring URLs, screen resolution, and OS/browser types.

To the extent that any of this information is linked or linkable to an identified person, we treat it as Personal Information. We may cross-reference behavioral data with registered user records to improve targeting or logic performance. Third-party analytics tools may also be employed to assist in the collection and analysis of this information (e.g., Google Analytics, Microsoft Clarity).
We collect browser types, device IDs, IP addresses, geolocation data, operating system versions, and error reports to ensure service reliability and fraud prevention.

2.4 Payment and Billing Data

We partner with payment processors like Stripe to handle sensitive payment details. We store invoices, credit balances, and transaction history for account management and compliance.

2.5 Uploaded Business Materials

Clients may provide brand guidelines, FAQs, or scripted prompts to configure their agents. This data is used solely to enhance agent functionality.

3. Purposes of Data Use

We collect and process both personal and non-personal information for the following purposes:

3.1 Non-Personal Information

To conduct product research, performance benchmarking, and user behavior analytics
To improve the structure, content, and functionality of our website and platform
To secure our services, prevent fraud, and detect technical issues
To support marketing optimization and A/B testing

3.2 Personal Information

To enable user onboarding, authentication, and secure account access
To deliver and customize AI agent logic based on client inputs and goals
To respond to customer support inquiries and service requests
To send operational communications, billing notices, and system alerts
To fulfill client requests for product demos, consultations, or follow-up meetings
To analyze user engagement and campaign performance
To support email-based service communications, marketing campaigns (where legally permitted), and client success outreach
To comply with applicable laws and regulations, including taxation and anti-fraud requirements

We may use contact data to notify you about material changes to this policy, service updates, or company news. If legally required, marketing communications will be subject to opt-in consent with easy opt-out options included in each message.

We use collected data to:

Deliver, manage, and improve agent interactions
Personalize user experiences and logic paths
Monitor engagement and conversion metrics
Respond to service inquiries and client support needs
Ensure legal and security compliance

4. Data Disclosure and Use by Third Parties

4.5 Third-Party Subprocessors

Selsa Inc. may engage third-party subprocessors to facilitate our services. These subprocessors provide infrastructure, hosting, analytics, communications, and support functionality. We ensure that all subprocessors operate under binding agreements requiring data protection commitments aligned with this Privacy Policy.

A current list of subprocessors is available upon request. Clients will be notified in advance of any material changes to our subprocessor list. Selsa Inc. conducts due diligence on each subprocessor’s security and privacy practices before onboarding, including reviewing compliance frameworks such as SOC 2, ISO 27001, or equivalent certifications.

Client Notification Policy for Subprocessor Changes
Selsa Inc.will provide a minimum of 14 days’ notice via email before engaging any new subprocessors. Clients who object to such changes may contact privacy@Selsa.ai with legitimate grounds. In the absence of objections, continued use of the Services constitutes acceptance of the updated subprocessor engagement.

Selsa Inc. does not sell or rent client data. Data is shared only under the following conditions:

4.1 Service Providers

We engage infrastructure, hosting, analytics, and support vendors under data processing agreements. Access is restricted to necessary operations.

4.2 Legal Obligations

We may disclose data to comply with court orders, legal requirements, or law enforcement investigations.

4.3 Business Transactions

If Selsa Inc. undergoes a merger or acquisition, user data may be part of the transferred assets, subject to consistent privacy protections.

4.4 Aggregated and Anonymized Data

We may use anonymized data for product improvement, benchmarking, and research. This data does not identify individuals or businesses.

5. Data Security and Integrity

Selsa Inc. takes reasonable administrative, technical, and physical measures to safeguard the security and integrity of your personal information. These measures include, but are not limited to:

SSL/TLS encryption for all data in transit
Role-based access control with logging and audit capabilities
Regular penetration testing and third-party security audits
Use of secure cloud infrastructure with firewalled virtual networks and data redundancy protocols

Your personal data is stored on secure, third-party servers that comply with strict data protection standards, including SOC 2 Type II and ISO/IEC 27001 certifications.

Despite these efforts, please note that no data transmission over the Internet or electronic storage method is entirely secure. As such, Selsa Inc. cannot guarantee that unauthorized access, data breaches, or other cyber incidents will never occur.

In the event of a data breach that affects your personal information, we will notify affected individuals and appropriate authorities as required by applicable data protection laws.

Selsa Inc. SHALL NOT BE RESPONSIBLE OR LIABLE FOR ANY UNAUTHORIZED ACCESS, HACKING, LOSS, THEFT, DELETION, OR ALTERATION OF DATA EXCEPT AS REQUIRED BY LAW.

We maintain industry-standard security measures, including:

SSL encryption for data in transit
Firewalled storage systems
Strict access controls and audit trails
Regular third-party security audits
Periodic SOC 2 Type II assessments
Internal incident response protocols tested quarterly

Client administrators are expected to implement secure practices and notify Selsa Inc. of any unauthorized account activity.

6. Data Retention Policies

Selsa Inc. adheres to structured data retention protocols to ensure compliance, operational continuity, and privacy alignment. The following categories define retention by data type:

6.1 Interaction Logs

Stored for 90 days by default to enable performance analytics, conversion tracing, and customer service reviews.
Extension available upon client request via written agreement.
Logs are deleted within 30 days upon account termination unless active legal, audit, or support obligations apply.

6.2 Configuration and Business Assets

Agent scripts, client-uploaded FAQs, prompts, and business rules are retained throughout the client service lifecycle.
Assets are exported or deleted at termination based on client instructions or applicable laws.

6.3 Payment and Billing Records

Retained for a minimum of 3 years for audit, reconciliation, and tax compliance purposes.
Includes transaction metadata, invoice history, and credit balances.

6.4 Legal Hold, Backup, and Dispute Resolution

In the event of litigation, contract disputes, or regulatory inquiries, relevant data may be preserved beyond standard timelines.
Periodic encrypted backups may result in temporary storage beyond deletion events, which are purged on a rotating basis within 60 days.

Clients may request tailored retention protocols by contacting: privacy@Selsa.ai

7. International Data Transfers

Selsa Inc. may store and process personal data in jurisdictions outside the client’s home country, including the United States and other countries that may not offer the same level of data protection. We take appropriate steps to ensure that cross-border data transfers comply with applicable privacy laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

7.1 Legal Transfer Mechanisms

For international transfers, Selsa Inc. relies on:

Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the European Economic Area (EEA).
Adequacy decisions issued by the European Commission (e.g., for countries deemed to have adequate protection levels).
Binding Corporate Rules (if applicable in the future).

7.2 Subprocessor Safeguards

All subprocessors handling client data across borders must:

Sign data processing agreements incorporating SCCs or equivalent safeguards.
Demonstrate compliance with recognized security and privacy frameworks (e.g., ISO 27001, SOC 2).
Undergo annual risk and privacy assessments conducted by Selsa Inc. .

7.3 Client Transparency and Objections

Clients may request a list of subprocessors with locations and transfer mechanisms.
If a client objects to an international transfer mechanism, they must notify privacy@Selsa.ai within 14 days of disclosure. Selsa Inc. will work to address objections or offer alternative solutions.

By continuing to use our Services, clients acknowledge and consent to the international transfer, storage, and processing of their data in accordance with this section.

8. User Rights and Control

Clients and end-users may have the following rights under applicable privacy laws, including the GDPR, CCPA, and others:

Access and Portability: You have the right to access the personal data we hold about you and request a copy in a commonly used, machine-readable format. This enables you to move your data to another service provider.
Correction of Inaccurate Information: You can request correction of data that is incomplete or inaccurate.
Deletion and Erasure: You may request that we delete personal data where it is no longer necessary or legally required.
Restriction of Processing: You may restrict how we process your data, particularly when accuracy or legal basis is contested.
Withdrawal of Consent: Where data is processed based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of prior processing.
Objection to Processing: Where we rely on legitimate interests, you may object to the use of your data for reasons relating to your particular situation.

To exercise these rights, please contact: privacy@Selsa.ai. We may require identity verification before fulfilling certain requests. We will respond to qualifying requests within the timeframes specified by applicable law.

Clients and end-users may have the right to:

Access and receive a copy of their data
Correct or update inaccurate data
Request deletion or restrict processing
Withdraw consent at any time

For inquiries, contact: privacy@Selsa.ai

9. California Privacy Rights (CCPA)

If you are a California resident, you may have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request details about the categories and specific pieces of personal information we have collected, used, or disclosed about you in the past 12 months.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., compliance with legal obligations).
Right to Opt-Out of Sale: Selsa Inc. does not sell personal data to third parties.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at privacy@Selsa.ai and include “CCPA Request” in the subject line. We will verify your identity before processing requests.

10. Cookie Usage and Tracking Technologies

Selsa Inc. and our partners use cookies and similar technologies (e.g., web beacons, tracking pixels, session replay tools) to enhance user experience, monitor service performance, and deliver relevant marketing content.

10.1 Types of Cookies

Strictly Necessary Cookies: Required for platform operation, login security, and session continuity.
Performance and Analytics Cookies: Used to track user interaction, page load times, and conversion metrics (e.g., via Google Analytics).
Functionality Cookies: Enable saved preferences and personalized experiences.
Advertising Cookies: May be used to deliver tailored advertisements and measure marketing effectiveness.

10.2 User Choices

Users may adjust cookie settings within their browser or device preferences. Disabling cookies may impact certain service functions.

Selsa Inc. honors “Do Not Track” signals and displays a cookie consent banner upon your first visit to our website. This banner provides a clear explanation of cookie types used and allows users to accept or customize their preferences in accordance with applicable laws such as the CCPA and GDPR. Users can revisit or update their cookie preferences at any time by accessing the cookie settings link provided in the site footer.

11. Children's Privacy

Our services are intended for users aged 18 and above. We do not knowingly collect information from minors. If such data is discovered, we will promptly delete it.

10. Notification of Policy Changes

Selsa Inc. may revise this Privacy Policy. Clients will be notified of material updates at least 14 days in advance via email and in-dashboard alerts. Continued use of the Services indicates acceptance.

11. Contact Information

For questions, complaints, or data access requests:

Selsa Inc.
Legal & Privacy Department
Email: privacy@Selsa.ai