Privacy Policy

Last Updated: 6/15/2023

By downloading, accessing, using and/or interacting with our Services, you agree and expressly consent to our collection, use and disclosure of the information that you provide as described in this Privacy Policy. This Privacy Policy is incorporated by reference into the Terms of Service available at https://www.mightybot.io/terms-of-service (our “Terms of Service”) and is subject to the provisions of the Terms of Service. Capitalized terms used but not defined in this Privacy Policy shall have the meaning ascribed to such terms in our Terms of Service. If you have any concerns about providing information to us or the use of that information as described in this Privacy Policy you should not use our Services. Because we are always looking for new and innovative ways to help you achieve your goals in connection with the use of our Services, this Privacy Policy may change over time, so please review it frequently. The effective date at the top indicates the last time this Privacy Policy was modified. If we modify the terms of this Privacy Policy, we will notify you by push notification, and/or by posting a notice on our website thirty (30) days prior to the effective date of the changes. If we are required by applicable data protection laws to give you enhanced notice or seek your consent for any such changes, we will do so. You can see when this policy was last updated by checking the “last updated” date displayed at the top of this policy. Any revised Privacy Policy will supersede all previous privacy policies. If you have any questions about this Privacy Policy, please contact us by emailing us at [email protected] or by writing to us at: Paladin Max, Inc. 712 Bancroft Road #925 Walnut Creek, CA 94598 Email: [email protected]
  1. Personal Information We Collect
  2. How We Collect Information
  3. How And Why We Use Your Personal Information
  4. Ways You Might Share Your Personal Information Through Our Services
  5. Where Your Personal Information Is Held
  6. How Long Your Personal Information Is Kept
  7. Your Personal Information Rights
  8. How your imported data is used
  9. How To Exercise Your Rights
  10. Your Controls
  11. Permission Authorizations
  12. How We Respond to Do Not Track Signals
  13. Our Policies Regarding Children
  14. Filing a Complaint
  15. Extra Help
We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household or natural person: We collect information that you chose to provide to us, for example, when you create an account, manage your user profile, participate in any interactive features of our Services, request customer support or otherwise communicate with us. In some cases, information may be automatically collected from you when you interact with our website or Services. We only collect personal information that is necessary for providing our products and services in accordance with the principles of legitimacy, legality, necessity and good faith. In particular, and in the past twelve (12) months, we collected the following categories of personal information by: We will only use your personal information for achieving the purposes listed in this Privacy Policy. Before using your personal information beyond the purposes outlined in this Privacy Policy, we will inform you in a timely and reasonable manner and:
  • Obtain your consent
  • Explain why we would like to use your personal information
We only use your personal information when we have a proper reason for doing so, such as:
  • When you have given us your consent
  • For the performance of our contract with you or to take steps at your request before entering into a contract, including:
    • To provide our Services to you
    • To update and enhance our customer records
  • For our legitimate interests or those of a third party, including:
    • To prevent and detect fraud
    • To prevent unauthorized access and modification to systems
    • To update and enhance our records
    • To ensure our business policies are adhered to (such as those covering security and internet use)
    • To ensure safe working practices, staff administration and assessments
    • For our operational reasons, such as improving efficiency, training, and quality control
    • For statistical analysis to help us manage our business, such as in relation to customer base, product range or other efficiency measures
    • To conduct external audits and quality checks
  • To comply with our legal and regulatory obligations, including:
    • To update and enhance our records
    • To file statutory returns
    • To conduct external audits and quality checks
Because we are continuously improving our products and Services, we may launch optimization functions from time to time which may increase or change the scope, purpose and/or method of collecting and using your personal information. In the event any optimization functions increase or change the scope, purpose, and/or method of collecting and using your personal information, we will clearly explain it to you by updating this Privacy Policy, provide for a pop-up window or on-site letter, and give you the option to agree. You have the right to refuse to agree, but if we are restricted from using the personal information necessary to realize the updated services or functions, we may not be able to provide you with the updated services and/or functions or may not be able to achieve the effect of the updated services. The basic functions of our Services will not be affected by our launch of optimization functions. In particular, and over the past twelve (12) months, we collected and used the below types of personal information in the following contexts for the following reasons: Social Sharing Features. Our Services may offer social sharing features and other integrated tools which let you share actions you take on our Services with other media, and vice versa. The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide such features. We store information about users on servers primarily located in Oregon, United States of America. If you are accessing our Services from outside of the United States of America, please know personal information you submit may be transferred to and stored on servers in the United States of America. The data protection and other laws of the United States of America and/or other countries might not be as comprehensive as those in your country. By submitting your data and/or using our Services, you acknowledge that your data might be transferred, stored and processed in and to the United States of America. Typically, we will keep your personal information while you have an account with us or while we are providing Services to you. Thereafter, we will keep your personal information for as long as is necessary to respond to your questions, complaints, claims or as required by law. We will not retain your personal information for longer than necessary for the purposes set out in this policy. How Your Personal Information Is Kept Secure How Your Personal Information Is Kept Secure: We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and subject to a duty of confidentiality. We continually test our systems and in the process of securing SOC II and ISO 27001 certifications, which means we follow top industry standards for information security. We use reasonable security measures to protect your personal information aligned with the Center for Internet Security’s Critical Security Controls (The 18 CIS Critical Security Controls). We adopt encryption technology to protect your personal information. We have established special management regulations, procedures and organizations to safeguard the security of the personal information we collect. We hold security and privacy protection training courses to enhance employees’ awareness of the importance of protecting personal information. In the event of a personal information security incident, we will initiate the emergency plan for security incidents, report to the relevant government authorities at the earliest convenience, inform you of the basic situation of the security incident, the treatment measures and remedies we will take or have taken as well as our advice for you, via announcements, push notifications or emails. If it is difficult to inform every user, we will issue the warning through public announcements. Notwithstanding the security measures that have been taken and the legal requirements that have been implemented, we still cannot guarantee the security of your personal information when communicating through unsafe channels. Therefore, you should also take measures to ensure the security of your personal information, such as changing your account password regularly. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. You have specific rights regarding your personal information, which are described in this section. You or an authorized agent acting on your behalf may exercise your personal information rights by submitting a verifiable request (see Section 8 (How To Exercise Your Rights) below). If an authorized agent submits a request to know or delete your personal information, we require you to:
  • Provide your authorized agent with signed permission to exercise your rights and choices
  • Verify your identity directly with us
  • Directly confirm with us your authorized agent has permission to submit the request
In order to enable generative AI capabilities within Our Services, we may share information you provide to us through direct upload, manual input, or third-party integrations (e.g., Google Drive, Slack) with large language model (LLM) partners. Data you share with us may, in unmarked chunks, be submitted to our LLM partners for context when generating a response. We will never send your documents in their complete original form to any other organization, including our LLM partners. We currently partner with the following companies as LLM providers: As we neither fine-tune nor operate large language models (LLMs) of our own, we do NOT use any data we collect from you for training LLMs. Our Services use retrieval-augmented generation (RAG) technology, which does not re-train or modify the LLMs themselves in any way. We make use of LLMs from OpenAI via their public-facing API. OpenAI has explicitly stated that it does not use data sent to it via API for training LLMs. Details can be found in OpenAI’s enterprise privacy policy here: https://openai.com/enterprise-privacy. 9. How To Exercise Your Rights To exercise the access, data portability, correction, and deletion rights We make use of LLMs from OpenAI via their public-facing API. OpenAI has explicitly stated that it does not use data sent to it via API for training LLMs. Details can be found in OpenAI’s enterprise privacy policy here: https://openai.com/enterprise-privacy To exercise the access, data portability, correction, and deletion rights described above please submit a verifiable request to us emailing us at [email protected]. Only you, or a person authorized by law to act on your behalf, may make a verifiable request related to your personal information. You may only make a verifiable request for access or data portability twice within a twelve (12) month period. The verifiable request must:
  • Come from the email address which you used to sign up for your account with us so we may reasonably verify you are the person about whom we collected personal information about
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We endeavor to respond to any verifiable request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period required in writing. We will send you confirmation of receipt of any verifiable request within ten (10) business days of its receipt. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by the method you submitted your request. If we cannot comply with a verifiable request, we will explain our reasons to you in writing, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another without hindrance. Typically, you will not have to pay a fee to access your personal information or to exercise any of your privacy rights. However, except in relation to consent withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the request. We may also refuse to comply with your request in such circumstances. We may decline to comply with your request under the following circumstances, and in accordance with applicable laws and regulations:
  • Where it is related to our obligations under law and/or regulation
  • Where it is related to national security and national defense security
  • Where it is related to public safety, public health and major public interests
  • Where it is related to criminal investigation, prosecution, and trial
  • Where there is sufficient evidence to show that you have subjective malice or abuse of rights
  • Where responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals and organizations
  • Where trade secrets are involved
  • Other conditions stipulated by laws and regulations
We give you control over our use and collection of your personal information. In this section, we detail your controls.
We will not discriminate against you for exercising any of your controls or rights over your personal information. Unless otherwise permitted, when you exercise your controls or rights over your personal information, we will not:
  • Deny you services
  • Charge you different prices or rates for services, including through discounts or other benefits, or by imposing penalties
  • Provide you a different level or quality of services
  • Suggest that you may receive a different price or rate for services or a different level or quality of services
In order to provide you with convenient and high-quality services, we may request some permissions on your device. When you use the corresponding function, you will see a pop-up reminder requesting your authorization to access certain device functions. You can choose to turn off some or all permissions in the setting function of the client or device. The methods for granting or withdrawing permissions may be different in different devices. Because consumers are often unaware that their do not track beacons are active, do not track frequently does not reflect the actual preferences of our users. We currently do not respond to Do Not Track signals. In the meantime, you may opt out of certain types of tracking, including certain analytics and tailored advertising by changing your cookie settings. As set out in our Terms of Service (available athttps://www.mightybot.io/terms-of-service), you must be at least 18 years old or have the requisite power and authority to access and/or use our Services. If you are still a minor (i.e., under 18 years old), you must obtain the consent of your parent or legal guardian to use our Services. If you are the legal guardian of a minor, please pay attention to whether the minor uses our Services or provides his or her personal information after obtaining your authorization and approval. If you have questions about the personal information of the minor under your guardianship, please contact us at [email protected] or write to our address listed at the beginning of this Policy. Our Services are not intended for children under the age of thirteen (13) or the minimum age in the relevant territory if that age is older than thirteen (13) (the “Child” or “Children”), and we do not knowingly collect any personal information from such Children. Children should not use or attempt to use our Services, and if you are a Child, please do not attempt to use our Services or send any information about yourself to the Company. In the event that we learn that we have inadvertently gathered personal information from a Child, we will take reasonable measures to delete such information from our records. Parents who believe that we might have gathered any information from or about a Child may submit a request to delete such information to [email protected] or write to our address listed at the beginning of this Policy. We hope that we can resolve any query or concern you raise about our use of your personal information. If you would like to make a complaint regarding our privacy practices, please contact us at [email protected].