Back to Home

Privacy Policy

Last Updated:

Welcome to Ask Alfred. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our AI workplace platform.

Table of Contents

1. Information We Collect

1.1 Account Registration Information

When you create an account, we collect:

  • Basic Information: Full name, email address, password (encrypted)
  • Optional Profile Details: Phone number, job position, company name, bio, LinkedIn profile, email signature
  • Preferences: Country, language, geographic location (if provided)
  • Profile Picture: Optional avatar upload

1.2 Chat & AI Conversation Data

When you use our AI assistant, we collect:

  • Messages: All text conversations between you and the AI assistant
  • File Uploads: Documents, images, and files you share (up to 25MB per file, 10 files per conversation)
  • AI Responses: Generated responses from our AI system
  • Tool Usage: Records of which AI tools were used in your conversations
  • Feedback: Your ratings (like/dislike) on AI responses
  • Session Metadata: Session titles, timestamps, conversation context

1.3 AI Memory & Learning Data

To provide personalized assistance, our AI system creates:

  • Memory Summaries: Key facts and preferences learned from your conversations
  • Knowledge Base Entries: Question-answer pairs extracted from your sessions
  • Vector Embeddings: Mathematical representations of your content for semantic search
  • Usage Analytics: How frequently certain knowledge is referenced

1.4 Uploaded Files & Documents

When you upload files to the platform, we collect:

  • File Metadata: File name, type, size, upload date
  • File Content: The actual document content (PDFs, Word docs, Excel sheets, PowerPoint, images, text files)
  • AI Analysis Results: Extracted metadata, summaries, and classifications generated by our AI
  • Folder Organization: Directory structure and file management preferences

1.5 Contact Form Submissions

When you contact us through our website, we collect:

  • Name, email, phone number (optional), company name (optional)
  • Inquiry type, team size, primary use case
  • Your message and any additional information provided

1.6 Usage & Analytics Data

We automatically collect:

  • Activity Logs: Login times, last seen timestamps, feature usage
  • Session Information: IP address, browser type, device information
  • API Usage: Number of requests, AI model usage, token consumption
  • Performance Data: Response times, error logs, system health metrics

1.7 CRM Integration Data (Optional)

If your organization connects HubSpot, we sync:

  • Contact Information: Names, emails, phone numbers, company associations
  • Company Data: Company names, industries, addresses
  • Deals & Quotes: Sales pipeline data, deal values, quote information
  • Note: This data remains isolated within your organization's tenant and is never shared across tenants.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

  • Provide AI-powered chat assistance and document processing
  • Enable semantic search across your documents and knowledge base
  • Generate business documents (emails, PDFs, presentations)
  • Sync and search CRM data (if HubSpot integration is enabled)
  • Facilitate team collaboration and file sharing

2.2 Personalization & Improvement

  • Remember your preferences and conversation context
  • Build personalized AI memory for more relevant responses
  • Create knowledge base entries from your conversations
  • Customize branding (logos, colors) for your organization

2.3 Communication

  • Send account-related emails (welcome, password reset, notifications)
  • Respond to contact form inquiries and support requests
  • Notify you about important platform updates or changes

2.4 Security & Compliance

  • Authenticate users and prevent unauthorized access
  • Detect and prevent fraud, abuse, or security threats
  • Maintain audit trails for compliance purposes
  • Monitor system performance and troubleshoot issues

2.5 Analytics & Optimization

  • Understand how features are used to improve our platform
  • Track AI model performance and accuracy
  • Calculate usage costs and manage resource allocation
  • Generate anonymized usage statistics

3. AI & Machine Learning

3.1 How Our AI Works

Ask Alfred uses advanced AI technology to provide intelligent assistance. Here's how your data is processed:

  • Conversation Processing: Your messages are sent to AI models (primarily Google Gemini) to generate responses
  • Document Analysis: Uploaded files are analyzed by AI to extract information, create summaries, and enable search
  • Semantic Search: Your content is converted into vector embeddings (mathematical representations) stored in a specialized database (Weaviate)
  • Memory System: The AI creates summaries of your conversations to provide context-aware responses over time

3.2 AI Training & Your Data

Important: Your data is NOT used to train AI models. We use third-party AI services (Google Gemini, OpenAI) via their APIs, which do not use customer data for model training according to their enterprise terms of service.

3.3 AI-Generated Content

Content generated by our AI (responses, summaries, documents) is:

  • Stored in your account and associated with your organization
  • Used to build your personalized knowledge base
  • Not shared with other organizations or users
  • Subject to the same privacy protections as your input data

4. Third-Party Services

We use the following third-party services to operate our platform. Your data may be shared with these providers:

4.1 Google Gemini AI

  • Purpose: Primary AI engine for chat responses, document analysis, and file processing
  • Data Shared: Your messages, uploaded files (images, PDFs, documents), file metadata
  • Location: United States (Google Cloud infrastructure)
  • Privacy Policy: Google Cloud Privacy Notice
  • Data Usage: Not used for AI training under Google Cloud API terms

4.2 OpenAI

  • Purpose: Text embeddings for semantic search functionality
  • Data Shared: Text content from documents and messages for embedding generation
  • Location: United States
  • Privacy Policy: OpenAI Privacy Policy
  • Data Usage: Not used for AI training under OpenAI API Enterprise terms

4.3 Weaviate (Vector Database)

  • Purpose: Store vector embeddings for semantic search, AI memory, and knowledge retrieval
  • Data Shared: Document embeddings, memory summaries, knowledge base entries
  • Location: Cloud-hosted (configurable by deployment)
  • Privacy Policy: Weaviate Privacy Policy
  • Multi-Tenancy: Your data is isolated in dedicated tenant collections

4.4 Resend (Email Service)

  • Purpose: Send transactional emails (password resets, welcome emails, contact confirmations)
  • Data Shared: Email addresses, names, email content
  • Location: United States / Europe (configurable)
  • Privacy Policy: Resend Privacy Policy

4.5 HubSpot (Optional CRM Integration)

  • Purpose: Sync CRM data (contacts, companies, deals, quotes) for AI-powered search
  • Data Shared: Contact information, company data, deal pipelines (bidirectional sync)
  • Location: United States / Europe (HubSpot data centers)
  • Privacy Policy: HubSpot Privacy Policy
  • Control: This integration is optional and can be disabled by your organization

5. Data Storage & Security

5.1 Multi-Tenant Architecture

We use a secure multi-tenant system that ensures:

  • Complete Data Isolation: Your organization's data is automatically separated from other organizations
  • Tenant Scoping: All database queries are filtered by your organization's unique tenant ID
  • No Cross-Contamination: Data from one organization never appears in another organization's results
  • Domain-Based Access: Each organization has its own subdomain (e.g., yourcompany.askalfred.ai)

5.2 Security Measures

We implement industry-standard security practices:

  • Password Protection: Passwords are hashed using bcrypt (irreversible encryption)
  • API Authentication: Laravel Sanctum tokens for secure mobile and API access
  • HTTPS Encryption: All data transmitted over secure connections
  • Database Security: Prepared statements, mass assignment protection, foreign key constraints
  • Session Security: HTTP-only cookies, CSRF protection, session timeouts (2 hours)
  • Integration Credentials: Third-party API keys stored encrypted in the database

5.3 Access Controls

  • Role-Based Permissions: Control which users can access which features
  • User Authentication: Email verification, password reset flows
  • API Rate Limiting: Prevent abuse with rate limits on sensitive endpoints
  • Audit Trails: Track user actions for accountability and compliance

5.4 Data Backups

  • Regular automated backups of all database and file storage
  • Secure backup storage with encryption at rest
  • Disaster recovery procedures for business continuity

6. Data Retention

We retain your data for the following periods:

6.1 Active Accounts

  • User Profile Data: Retained while your account is active
  • Chat Conversations: Stored indefinitely until you delete them or close your account
  • Uploaded Files: Retained until you delete them or close your account
  • AI Memory: Maintained to improve your experience; deleted with account closure

6.2 Deleted Accounts

  • Grace Period: 30 days to recover your account and data after deletion request
  • Permanent Deletion: After 30 days, all personal data is permanently deleted
  • Cascade Deletion: Account deletion automatically removes all associated data (chats, files, memory)

6.3 Logs & Analytics

  • Activity Logs: Retained for 1 year maximum
  • Security Logs: Retained for 1 year for fraud prevention and compliance
  • Usage Analytics: Aggregated, anonymized data may be retained longer for platform improvement

6.4 Email Records

  • Transactional Emails: Email delivery records retained by Resend for 1 year
  • Contact Form Submissions: Retained for 1 year or until resolved

6.5 Third-Party Services

  • Gemini File Uploads: Temporary files auto-deleted after 48 hours by Google
  • Weaviate Vectors: Deleted when source content or account is deleted
  • HubSpot Sync Data: Retained according to your HubSpot account settings

7. Cookies & Tracking

7.1 Essential Cookies

We use cookies that are strictly necessary for the platform to function:

  • Session Cookie: Keeps you logged in and maintains your session state (expires after 2 hours of inactivity)
  • CSRF Token: Protects against cross-site request forgery attacks
  • Authentication Token: For mobile app and API access (Sanctum tokens)

7.2 Cookie Properties

  • HTTP-Only: Cookies are not accessible via JavaScript (security measure)
  • Secure: Cookies transmitted only over HTTPS connections
  • SameSite: Set to 'lax' to prevent certain types of attacks

7.3 No Third-Party Tracking

We do not use:

  • Google Analytics or similar web analytics
  • Advertising cookies or tracking pixels
  • Social media tracking tools
  • Cross-site tracking technologies

8. Your Privacy Rights

You have the following rights regarding your personal data:

8.1 Access Your Data

  • View all your profile information in your account settings
  • Access all chat conversations and uploaded files through your dashboard
  • Use our API to export your data in JSON format

8.2 Modify Your Data

  • Edit your profile information (name, email, phone, bio, position, etc.)
  • Update your password and preferences
  • Change your avatar or profile picture
  • Organize and rename files and folders

8.3 Delete Your Data

  • Chat Sessions: Delete individual conversations (this also deletes all messages in that session)
  • Files: Delete uploaded documents and images
  • Avatar: Remove your profile picture
  • Account: Request complete account deletion (contact support@askalfred.ai)

8.4 Export Your Data

  • Use our API to retrieve all your data in machine-readable format (JSON)
  • Download individual files and documents you've uploaded
  • Request a data export by contacting support@askalfred.ai

8.5 Control Integrations

  • Enable or disable optional integrations (HubSpot CRM)
  • Disconnect third-party services at any time
  • Revoke API tokens from mobile devices

8.6 Opt-Out of Communications

  • Unsubscribe from promotional emails (we don't send marketing emails currently)
  • Manage email notification preferences
  • Note: You cannot opt-out of essential service emails (password resets, security alerts)

9. International Data Transfers

Ask Alfred operates globally, and your data may be processed in different countries:

9.1 Data Processing Locations

  • United States: Primary data processing location for AI services (Google Gemini, OpenAI)
  • Cloud Infrastructure: Data may be stored on cloud servers in multiple regions
  • Third-Party Services: Each service provider operates in specific jurisdictions (see Section 4)

9.2 Data Protection

When transferring data internationally, we ensure:

  • Third-party services comply with their respective privacy regulations
  • Encryption in transit and at rest for all sensitive data
  • Contractual protections with service providers
  • Compliance with applicable data protection laws

9.3 Your Location

  • Location data is optional and only collected if you provide it
  • Geographic coordinates are used for organizational purposes only
  • No location tracking or GPS data collection

10. Children's Privacy

Ask Alfred is not intended for use by children:

  • Age Requirement: Users must be at least 13 years old
  • No Knowingly Collected Data: We do not knowingly collect information from children under 13
  • Parental Notification: If we discover we've collected data from a child under 13, we will delete it immediately
  • Contact Us: If you believe a child has provided us with personal information, please contact support@askalfred.ai

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Improvements to clarity or transparency

11.1 Notice of Changes

  • Effective Date: The "Last Updated" date at the top of this policy will be updated
  • Material Changes: We will notify you via email or in-app notification for significant changes
  • Your Continued Use: Using the platform after changes constitutes acceptance of the updated policy

11.2 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Ask Alfred Privacy Team

Email: support@askalfred.ai

Website: askalfred.ai

We will respond to your inquiry within 2 business days.

Thank you for trusting Ask Alfred with your data. We are committed to maintaining the highest standards of privacy and security to protect your information.