Privacy Policy

INTRODUCTION AND SCOPE

Your privacy matters to us at Symbiont. This Privacy Policy ("Policy") applies to personal information collected by Symbiont, LLC ("Symbiont," "we," "us," or "our") when you interact with our website, products and services, and other websites or services that link to this Policy.

Symbiont is a Florida limited liability company that provides an artificial intelligence-powered conversational interface system for businesses (the "Service"). This Policy explains how we collect, use, share, and protect your personal information, and describes your rights concerning your information.

Our Service is currently deployed across multiple industries including but not limited to automotive, pool construction, home services (roofing, plumbing, HVAC), solar, and other consumer service businesses. The Service is offered for U.S. business operations only; we do not currently offer this Service for EU/UK consumer operations.

Please read this Policy carefully to understand what we do with your personal information and what your rights are.

1. INFORMATION WE COLLECT

Website Visitors and Prospective Customers

We collect personal information from you when you access our website, request information or a demo, contact us, or otherwise interact with Symbiont. The types of personal information we collect include:

Contact Information

• First name and last name
• Email address
• Telephone number
• Mailing address
• Company name and job title
• Location data

Communication Records

• Complete transcripts of conversations with our AI chatbot
• Messages sent through contact forms or email
• Customer support interactions
• Feedback and survey responses

Live Agent Access: Live human agents from Client Businesses may join your conversation at any time. When this occurs, the agent has access to your full conversation history and any information you provided.

Behavioral Analysis

We analyze conversation patterns to understand customer intent and engagement level. This analysis helps Client Businesses provide better service and does not involve sensitive personal data. Analysis includes engagement scoring and progression tracking to improve service quality.

Service Inquiry and Preference Information

• Details regarding demos or service information you requested
• Features or services in which you are interested
• Communication preferences for service-related follow-up

Information We Collect Automatically

When you visit our website or use our Service, we automatically collect certain information from your device:

Device Information

• Internet Protocol (IP) address
• Browser type and version
• Operating system
• Device type and identifiers
• System language

Website Activity

• Pages and screens you view or visit
• Search terms you enter
• How you interact with our website
• Time, frequency, and duration of your visits
• Referring website addresses

Returning Visitor Recognition

When our Service is deployed on a Client Business website, we may use a persistent cookie or similar identifier to recognize a returning browser across sessions. This allows us to associate your current visit with previous visits and build a browsing history (such as pages viewed, product or service searches, and visit frequency) tied to an anonymous identifier.

This identifier is not your name or direct contact information unless you voluntarily provide that information during a chat or form submission.

Returning-visitor recognition is limited to the Client Business website properties where our Service is deployed and is not used by Symbiont to track you across unrelated third-party websites.

Communications Interactions

• Whether you opened, clicked on, or forwarded email messages
• Email engagement metrics

Connectivity Information

• Network type and carrier
• Connection quality and performance data

Cookies, Pixels, and Web Beacons

Symbiont uses standard automated data collection tools, including cookies, pixels, and web beacons to collect information about how visitors use our website and to improve user experience. These tools help us:

• Maintain website functionality and remember user preferences
• Provide security and protect against malicious attacks
• Analyze traffic patterns and improve our Service
• Provide personalized content and optimize user experience
• Comply with data privacy regulations

Cookies: Small text files placed on your device by a web server. We use:

• Essential/session cookies for security, authentication, and session management
• Persistent identification cookies or similar identifiers to recognize returning visitors across sessions when our Service runs on Client Business websites

Persistent identifiers used for returning visitor recognition typically remain active for 90 days from your last interaction unless you clear your browser cookies earlier.

Pixels and Web Beacons: Small pieces of code placed on websites or in emails for tracking and analytics purposes.

You can control non-essential cookies through your browser settings. Note that disabling necessary cookies may affect website functionality.

For Client Business websites where Symbiont acts as a data processor, the Client Business (as data controller) is responsible for any required cookie consent notices and consent choices presented on its site.

Website Analytics

We use internal analytics tools to analyze traffic to our website and improve our Service. For Symbiont's corporate website, analytics are generally aggregate. For Client Business websites using our Service, analytics may include pseudonymous visitor-level activity history to support engagement measurement and limited on-site widget banner/CTA personalization.

Aggregate Information

We may de-identify or aggregate personal information so that you are not identified as an individual. We may use and share de-identified or aggregated information with third parties without restriction for analytics, research, and business purposes.

SMS COMMUNICATIONS

We offer the ability to send you a one-time SMS message containing a unique link when you request it (such as comparison reports or information links). The following terms apply:

One-Time, User-Requested Messages Only

We only send SMS messages when you explicitly request them. Each message is a one-time delivery containing the information or link you requested. We do not send recurring, promotional, or marketing text messages. You will not receive additional SMS messages unless you make another request. Standard message and data rates may apply from your mobile carrier.

One-Way SMS (No Reply Capability)

Our SMS messages are sent from a one-way, non-reply number. You cannot reply to these messages. If you have questions or need assistance, please contact us at support@symbiont.chat or call 1-941-404-5402.

SMS Data Sharing and Privacy

Your phone number is used solely to deliver the requested message. We may share your phone number with third-party SMS service providers who assist in message delivery. We do not sell your phone number or use it for marketing purposes.

2. HOW WE USE PERSONAL INFORMATION

We collect personal information to operate our business, provide our Service, and fulfill your requests. Our uses include:

• Provide and Operate Services: To deliver, maintain, improve, and protect our website and Service
• Customer Support: To provide technical support and respond to your inquiries
• Communications: To send service updates, operational notices, and information you request
• Research and Analytics: To conduct research, monitor and analyze trends, usage patterns, and improve our business
• Personalization: To customize content and your experience on our website
• Widget Personalization: To personalize content displayed in our chat widget on Client Business websites, including greeting messages and banner/CTA text based on prior visits, browsing activity, and interaction patterns. This personalization is limited to on-site widget content and is not used for decisions that produce legal or similarly significant effects.
• Security: To protect the security and proper functioning of our website and Service
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests
• Enforce Terms: To enforce our contracts and Terms of Service, including investigating potential violations
• Fraud Prevention: To detect, prevent, or address fraud, security, or technical issues
• Protect Rights: To protect against harm to the rights, property, or safety of Symbiont, our users, customers, or the public

3. HOW WE SHARE PERSONAL INFORMATION

Service Providers

We share personal information with third-party service providers who assist us with operating our business and providing our Service. These providers have access to personal information only to perform specific tasks on our behalf and include:

• Amazon Web Services (AWS): For cloud hosting and data storage infrastructure
• SMS Service Providers: For delivering one-time, user-requested text messages containing unique links
• Customer Support Tools: For managing customer inquiries and support tickets
• AI/Language Model Providers: For processing conversational queries and generating responses through artificial intelligence models

Sharing with Client Businesses

When you interact with our Service on a Client Business's website, we share your contact information and conversation history with that Client Business. The Client Business is the data controller for this information and is responsible for its own privacy practices.

Customer inquiries are transmitted to Client Businesses using secure delivery methods, which may include email, webhook integration, or industry-standard lead transmission formats appropriate to the Client Business's vertical. This includes contact information you provide (name, email, phone) and details of your interest in the Client Business's products or services. All transmissions are sent using secure, encrypted methods in compliance with applicable data protection regulations.

As Directed by You

We share information with third parties when you direct us to do so or when we have your consent.

Legal Requirements

We may share personal information if we have a good-faith belief that access, use, preservation, or disclosure is reasonably necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests
• Enforce our Terms of Service, including investigating potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect against harm to the rights, property, or safety of Symbiont, our users, customers, or the public as required or permitted by law

Business Transfers

We may share personal information as part of a merger, acquisition, financing, liquidation, bankruptcy, or sale of assets. If Symbiont is involved in such a transaction, your personal information may be transferred to the acquiring company. In such cases, your personal information would remain subject to the terms of the applicable privacy policy in effect at the time, unless you consent otherwise.

No Sale of Personal Information

We do not sell, rent, or lease your personal information to third parties for monetary or other valuable consideration. We share personal information only as described in this Policy.

4. DATA RETENTION

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Specific Retention Periods

We store information we collect on servers provided by Amazon Web Services in the United States for the following periods:

• Conversation Transcripts: 90 days in primary data store
• Contact Information: 90 days from last interaction, or until you request deletion
• Service Inquiry Data: 90 days from last interaction, or until you request deletion
• Analytics Data: 90 days
• Browsing History & Visit Data: 90 days from last interaction (including persistent identifier-based journey data used for returning visitor recognition and widget personalization)
• Pool Design Property Address: When you provide a property address for our pool design and visualization features, a short-term recovery copy is retained for up to 7 days after your request is processed, after which it automatically expires
• Security Logs: 1 year

Secondary Data Stores

Personal information may remain in the following secondary data stores:

• Database backups
• Log files
• Reports that were generated using the information

Records in the primary data store are automatically detected and removed using built-in AWS functionality. When you request deletion, we will remove your information from active systems but some data may persist in backups for technical and legal reasons.

5. DATA SECURITY

Security Measures

We implement comprehensive technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption standards
• Access Controls: Strict role-based access controls limit employee access to personal information on a need-to-know basis
• Authentication: Secure authentication and session management protocols
• Security Audits: Regular security assessments, penetration testing, and vulnerability scans
• Monitoring: 24/7 security monitoring and incident detection systems
• Incident Response: Documented procedures for detecting, investigating, and responding to security incidents
• Employee Training: Ongoing privacy and security training for all personnel
• Vendor Management: Third-party security requirements and regular vendor assessments

Limitations

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of information transmitted over the internet or stored in our systems. You are responsible for protecting your account credentials and for the security of information you transmit to us over the internet.

Florida Information Protection Act (FIPA) Compliance

As a Florida-based company, we comply with the Florida Information Protection Act of 2014 (Fla. Stat. § 501.171). In the event of a data breach affecting Florida residents, we will provide notification within 30 days of discovery as required by law, unless law enforcement determines that notification would impede a criminal investigation.

6. YOUR PRIVACY RIGHTS

Depending on your state of residence, you may have certain rights regarding your personal information under applicable privacy laws.

General Rights

• Access: Request access to the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Opt-Out: Opt out of certain data processing activities where required by law
• Data Portability: Receive a copy of your personal information in a portable format

Service Communications (No Promotional Marketing)

We do not send recurring promotional marketing communications. Communications from Symbiont are service-related (for example, support responses, requested information, operational notices, or legal updates).

Widget Banner Personalization Scope

Personalization in our Client Business widget is limited to on-site banner or CTA text based on prior on-site interactions. We do not use this process for cross-context behavioral advertising or for decisions that produce legal or similarly significant effects.

7. CALIFORNIA RESIDENTS (CCPA/CPRA)

California Consumer Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Personal Information Collected (Preceding 12 Months)

We have collected the following categories of personal information from California residents:

• Identifiers: Name, email address, phone number, IP address, device identifiers
• Commercial Information: Service usage, products or features of interest
• Internet/Network Activity: Browsing history, search history, interaction with our website
• Geolocation Data: General geographic location derived from IP address
• Professional Information: Employer name, job title (if provided)
• Sensitive Personal Information: Precise geolocation data (when you voluntarily provide your physical address for service-specific features such as AI visualization or in-area service requests)

Sources of Personal Information

• Directly from you (forms, emails, chat interactions)
• Automatically from your device or browser
• From Client Business customers (when you interact with our Service on their websites)

Business Purposes for Collection

• Providing and operating our Service
• Communicating with you and responding to inquiries
• Providing requested demos, information, and support
• Analyzing and improving our Service
• Security, fraud prevention, and legal compliance
• Managing customer accounts and relationships

Categories Disclosed for Business Purposes (Preceding 12 Months)

• Identifiers: Shared with service providers (AWS and AI/language-model providers) and Client Business customers
• Commercial Information: Shared with Client Business customers
• Internet/Network Activity: Shared with service providers (AWS)
• Geolocation Data: Shared with Client Business customers
• Sensitive Personal Information: Shared with Client Business customers

No Sale or Sharing of Personal Information

We do not sell or share personal information as defined by the CCPA. We do not have actual knowledge that we sell or share personal information of minors under 16 years of age.

Global Privacy Control (GPC)

We do not sell or share personal information for cross-context behavioral advertising. On Symbiont-controlled websites, where a valid GPC signal is detected, we treat it as an opt-out preference for sale/sharing under applicable law; because we do not sell or share personal information, no additional sale/sharing action is typically required. On Client Business websites where Symbiont acts as a data processor, the Client Business (data controller) determines whether and how GPC signals are applied, and we support those controller instructions as required by law.

Your California Privacy Rights

California residents have the right to:

• Know: Request information about the personal information we collect, use, disclose, sell, or share
• Delete: Request deletion of your personal information
• Correct: Request correction of inaccurate personal information
• Opt-Out: Opt out of the sale or sharing of your personal information (we do not sell or share)
• Limit Use: Limit the use and disclosure of sensitive personal information
• Non-Discrimination: Not receive discriminatory treatment for exercising your CCPA rights

Record of CCPA Requests

In the past 12 months, we have received zero (0) requests to know, delete, correct, or opt-out under the CCPA.

How to Exercise Your Rights

To exercise your California privacy rights, contact us:

• Email: privacy@symbiont.chat
• Phone: 1-941-404-5402

You may designate an authorized agent to make requests on your behalf by providing proof of authorization or a signed permission.

We will respond to verified requests within 45 days. If we need more time, we will notify you and may take up to 90 days total.

8. US STATE PRIVACY LAWS

If you are a resident of Virginia, Colorado, Connecticut, Utah, Montana, Texas, Oregon, Delaware, Nebraska, New Jersey, Tennessee, Maryland, New Hampshire, or Minnesota, you have rights under your state's privacy law.

Certain state-law obligations and rights apply only when statutory thresholds are met and/or when specific processing activities occur. Symbiont does not engage in cross-context behavioral advertising and does not use profiling to make decisions that produce legal or similarly significant effects.

Your Rights Under State Privacy Laws

Depending on your state, you may have the right to:

• Confirm whether we process your personal information
• Access your personal information
• Correct inaccuracies in your personal information
• Delete your personal information
• Obtain a copy of your personal information in a portable format
• Opt out of targeted advertising (we do not engage in targeted advertising)
• Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (we do not use profiling for those decisions)
• Opt out of the sale of personal information (we do not sell personal information)
• Not be discriminated against for exercising your privacy rights

Data Protection Assessments

Upon request, we can provide information to demonstrate our compliance with applicable state privacy laws and to assist you with data protection assessments or impact analyses.

Exercising Your Rights

To exercise your rights under state privacy laws, contact us:

• Email: privacy@symbiont.chat
• Phone: 1-941-404-5402

We will respond to your request within the timeframe required by your state's law (typically 45 days).

9. CHILDREN'S PRIVACY

The Service is intended for adults. It is not directed to or intended for individuals under 18 years of age, and use by anyone under 18 is not permitted.

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information promptly.

For California Residents: We do not have actual knowledge that we collect or sell personal information of minors under 16 years of age.

If you are a parent or guardian and believe we may have collected information from your child, please contact us immediately at privacy@symbiont.chat.

10. THIRD-PARTY WEBSITES AND SERVICES

Our website may contain links to third-party websites and services, including social media platforms. These third parties have their own privacy policies, and we are not responsible for their privacy practices or content.

When you click on a link to a third-party website or interact with third-party services (such as social media buttons), those parties may collect information about you. Your interactions with third-party websites and services are governed by their privacy policies, not this Policy.

We encourage you to review the privacy policies of any third-party websites or services you visit.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Post the updated Policy on our website
• Notify you through our Service or by email for material changes
• Obtain your consent if required by law

We encourage you to review this Policy periodically. Your continued use of our Service after changes are posted constitutes your acceptance of the updated Policy.

12. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within 45 days and in accordance with applicable data protection laws.

13. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida and applicable United States federal law, without regard to conflict of law principles.

Any disputes arising under this Privacy Policy shall be subject to the dispute resolution provisions in our Terms of Service, including mandatory arbitration in Manatee County, Florida.