Data Privacy Policy
Effective August 1st 2024
We at SonaMation respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Data Privacy Policy describes our practices with respect to Personal Information we collect from or about you when you use our website, applications, and services (collectively, “Services”).
SonaMation LLC, is a Professional Services company focused on the Implementation and Ongoing Customization of the HubSpot CRM and adjacent GTM software tools. SonaMation is using a self developed AI technology called AgentBond.
Types of Information we collect:
-
Record Level Data
-
Prompt Input and Output Data
-
Usage Data
-
Context Level Data
​
Record Level Data -
This includes: Individual Record Data that exists inside of the software applications you connect to AgentBond.
​
Legal Basis for Processing:
We process Record Level Data based on the contractual necessity to provide our services. This means that the processing of this data is necessary to fulfill our obligations under the contract with your company.
​
How we use this:
Any records in your instance are yours, we do not use this data for any purposes outside of fulfilling your requests.
​
Prompt Input and Output Data
This includes: Conversations that AgentBond is a part of
​
Legal Basis for Processing:
We process Prompt Input and Output Data based on legitimate interests to improve and maintain the functionality of AgentBond, and to ensure the security and integrity of the service.
​
How we use this:
-
Logging and Storage: To improve AgentBond's performance and functionality, your prompts and the corresponding outputs are logged and securely stored.
-
Third-Party Sharing: To enable specific functionalities, we may share your prompts with one or more of the following AI LLM Provider’s Anthropic (aka Claude) and OpenAI. Both the OpenAI API and the Anthropic Claude API are SOC 2 Compliant. OpenAI and Anthropic do not use prompt inputs or outputs for training purposes.
-
OpenAI and Anthropic may securely retain API inputs and outputs for up to 30 days to provide the services and to identify abuse. After 30 days, API inputs and outputs are removed from their systems.
-
​
Data Retention: Your prompts and outputs are retained for the lifetime of your agreement with AgentBond, after which they are anonymized or securely deleted.
​
Sensitive Information Handling:
We strongly advise against including any sensitive information in your prompts. Sensitive information refers to, but is not limited to:
-
Credit card numbers or bank account information
-
Government identifiers (e.g., Social Security Numbers, Tax IDs)
-
API keys, passwords, or other authentication credentials
​
Examples of Sensitive Information:
-
Credit Card Numbers: Avoid entering any full credit card numbers or CVV codes in conversations with AgentBond.
-
Government Identifiers: Refrain from including Social Security Numbers, Tax Identification Numbers, or other government-issued IDs.
-
Authentication Details: Do not share passwords, API keys, or other sensitive login details.
​
User Responsibility:
While we have systems in place to protect your data, it is your responsibility to ensure that sensitive information is not included in any prompts. If sensitive information is shared inadvertently, please contact our support team immediately to request its removal from our systems.
​
Compliance and Best Practices:
We adhere to industry best practices for data security and compliance with relevant regulations, including GDPR and CCPA. This includes regular audits of our data handling processes to ensure the highest level of protection for your information.
​
Context Data -
This includes:
Information that provides context about your business, such as:
-
Job functions of your team members (e.g., Sales Leader, Marketing Manager)
-
Industry-specific details (e.g., type of industry)
-
Any other information provided to tailor interactions with AgentBond
​
Legal Basis for Processing:
We process Context Data based on legitimate interests to deliver a personalized and effective user experience. This processing is necessary to provide tailored advice and improve the relevance of AgentBond’s interactions with your team.
​
How we use this:
-
Personalization: Context Data is used to customize AgentBond’s responses and recommendations to align with your business’s specific needs. For example, if a Sales Leader interacts with AgentBond, the system will focus on providing sales-related guidance and support.
-
Incorporation in Prompts and Outputs: Context Data may be integrated into prompt inputs and outputs to enhance the relevance and accuracy of responses.
​
Security and Protection:
-
Data Anonymization: Where possible, we anonymize context data.
-
Access Controls: Only authorized personnel and systems have access to context data. This access is strictly controlled and monitored to prevent unauthorized use.
-
Data Retention: Context Data is retained only for as long as necessary to fulfill the purposes for which it was collected. After that, it is securely deleted or anonymized.
​
User Control and Transparency:
-
Review and Update: You can review and update the context data we hold at any time. This ensures that the data remains accurate and relevant to your business needs.
-
Data Deletion: You have the right to request the deletion of context data. However, please note that this may affect the personalized experience and the quality of advice provided by AgentBond.
​
Compliance:
We adhere to all applicable data protection regulations, including GDPR and CCPA, ensuring that your context data is handled with the highest level of care and in compliance with legal standards.
​
Product Usage Data -
This includes: Conversations with AgentBond, Actions requested and performed by AgentBond
​
Legal Basis for Processing:
We process Product Usage Data based on contractual necessity for billing purposes and legitimate interests for analytics and service improvement.
​
How we use this: We monitor usage of the product by your company for billing and analytic purposes.
​
Data Storage, Deletion, and Retention:
Data Privacy Commitment: We are committed to maintaining the privacy and security of your data. If there are any changes to our data handling practices, including the introduction of international data transfers, we will provide clear and timely information to our customers, ensuring compliance with all applicable data protection laws.
​
Right to Request Deletion:
-
You have the right to request the deletion of any data related to your company that is processed by AgentBond. This includes, but is not limited to, Record Level Data, Prompt Input and Output Data, Context Data, and Product Usage Data.
-
To request deletion, please contact our support team at support@agentbond.ai, and specify the data you wish to be deleted. We will process your request in accordance with applicable data protection laws, such as GDPR and CCPA.
​
Data Deletion Process:
-
Verification: Upon receiving a deletion request, we will verify the identity of the requester to ensure the security of your data.
-
Scope of Deletion: Once verified, we will delete the requested data from our active databases and systems. Please note that certain data may be retained in backup systems for a limited period, where it will be securely stored and isolated, until it can be permanently deleted.
-
Timing: The deletion process typically takes 30 days to complete. We will notify you once the deletion is finalized.
​
Impact on Service:
-
Functional Implications: Deleting certain data, particularly Context Data and Prompt Input and Output Data, may negatively impact AgentBond’s ability to provide personalized and accurate responses. If critical data is deleted, AgentBond may need to "re-learn" relevant information, which could affect the quality and responsiveness of the service.
-
Alternative Options: Before proceeding with deletion, you may choose to anonymize or archive certain data instead, which would mitigate the impact on AgentBond’s performance while still addressing privacy concerns.
​
Exceptions to Deletion:
-
Legal Obligations: Certain data may need to be retained to comply with legal obligations or resolve disputes. This data will be securely stored and only used for these specific purposes.
-
Billing and Financial Records: Data related to billing and financial transactions may be retained for 7 years to comply with accounting and tax regulations.
​
Data Retention Policy:
-
Standard Retention Periods: We retain data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After this period, data is securely deleted or anonymized.
-
Data Review: We regularly review our data retention policies to ensure compliance with legal requirements and industry best practices.
​
Your Rights and Contact Information:
-
You have the right to access, rectify, or request the deletion of your data at any time. For any such requests, or if you have questions about our data deletion policy, please contact our support team at support@agentbond.ai