Effective Date: June 2025 | Version 1.0

This Privacy Policy explains how ChatSee.ai collects, uses, stores, and protects your personal information when you visit our website at www.chatsee.ai or use our services. We encourage you to read this policy carefully. If you have any questions, please contact our Data Protection Officer at dpo@chatsee.ai.

1. Who We Are

ChatSee.ai is a company that provides AI runtime behavioral assurance solutions for enterprise customers. Our platform enables organizations to observe, detect, and remediate failures in their autonomous AI agent systems in real time. For the purposes of this Privacy Policy, Chatsee.ai Inc. is the data controller in respect of personal data collected through the chatsee.ai website and in connection with our business development activities.

Company:  Chatsee Inc.
Data Protection Officer: Atul Thombre
DPO Contact Email: dpo@chatsee.ai
Website:  www.chatsee.ai

2. Personal Data We Collect

2.1. Website Visitors

When you visit www.chatsee.ai, we may collect:
• Technical data such as your IP address, browser type and version, operating system, referring URLs, and pages visited, collected automatically through server logs and analytics tools.
• Cookie data where you have provided consent, including analytics identifiers and session cookies. Please see our Cookie Notice (Section 11) for details.
• Contact information you voluntarily provide through our contact or enquiry forms, including your name, email address, company name, job title, and message content.

2.2 Prospective and Existing Customers

In connection with sales and business development activities, we collect:
• Business contact information of individuals at prospective customer organizations, including name, email, phone number, job title, and company name.
• Communications history relating to product enquiries, demonstrations, and contract negotiations.
• Contract and commercial information where a business relationship is established.

2.3 Platform Users (Enterprise Customers)

Enterprise customers who use the ChatSee platform access it through accounts created on behalf of their organization. In this context we collect:
• Account holder information: name, email address, job title, and login credentials (passwords are stored in
hashed form only).
• Platform usage data: feature usage, API interactions, configuration settings, and audit logs.

Please note: ChatSee.ai processes the AI agent runtime data of enterprise customers (which may contain personal data of the customer's end users) strictly as a data processor under the terms of the relevant Data Processing Agreement (DPA). Enterprise customers are responsible as data controllers for the personal data they submit to the ChatSee platform.

2.4 Data We Do Not Collect

We do not intentionally collect sensitive personal data (special category data) through our website or standard platform operation, including data relating to racial or ethnic origin, political opinions, religious beliefs, health, biometric identification, or criminal records. If such data appears incidentally within AI agent conversation logs submitted to our platform by enterprise customers, it is the responsibility of the customer to apply appropriate data minimization and access controls at the point of submission.

3. How We Use Your Personal Data

4. How We Share Your Personal Data

We do not sell personal data to third parties. We may share personal data with the following categories of recipients:
• Service providers and sub-processors: We engage third-party providers to support our operations, including Google Cloud Platform (GCP) for cloud infrastructure and hosting, software development and DevOps tools, and communication services. All service providers are bound by data processing agreements and are required to process personal data only on our instructions.
• Professional advisors: Legal, financial, and compliance advisors may receive personal data where necessary to obtain professional advice. Our Legal Expert (Gurpreet Brar) and CFO (Mike Dickey) may access data in this context.
• Enterprise customers: We may share platform user data (e.g., usage reports) with the relevant enterprise customer administrator.
• Regulatory authorities and law enforcement: We may disclose personal data to competent authorities where required to do so by applicable law, regulation, or legal process.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the relevant successor entity.

5. International Data Transfers

ChatSee.ai is an international business. Our primary cloud infrastructure is hosted on Google Cloud Platform in the United States (us-central1 region). Where we transfer personal data outside the country of collection, including outside the European Economic Area (EEA) or India, we ensure appropriate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission where transfers are from the EEA.
• Data Processing Agreements with all sub-processors incorporating appropriate transfer mechanisms.
• Compliance with applicable Indian data protection regulations for data relating to Indian residents. Enterprise customers may request information about the safeguards applicable to their data by contacting dpo@chatsee.ai.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention periods are:
• Website enquiry and contact data: 2 years from the date of last contact.
• Customer account and contract data: Duration of the contractual relationship plus 5 years.
• Platform processing data (AI agent runtime data): As specified in the customer DPA; default 90 days unless configured otherwise.
• Website analytics data: 13 months from collection (individual); 24 months (aggregated).
• Security and audit logs: 12 months active retention; up to 7 years archived.
• Employee and contractor data: Duration of employment/engagement plus 7 years.
Where data is no longer required, we apply secure deletion procedures to ensure personal data is permanently removed from our systems and those of our sub-processors.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:
• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
• Right to erasure ('right to be forgotten'): You may request deletion of your personal data where there is no longer a legitimate basis for processing.
• Right to restriction of processing: You may ask us to restrict how we use your personal data in certain circumstances.
• Right to data portability: Where processing is based on consent or contract performance, you may
request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests or direct marketing at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any
time without affecting the lawfulness of prior processing.
• Rights relating to automated decision-making: We do not currently make solely automated decisions that produce significant legal or similarly significant effects.
To exercise any of these rights, please contact us at dpo@chatsee.ai. We will respond to all requests within 30 days. We may request proof of identity before processing your request. If you believe your rights have not been respected, you have the right to lodge a complaint with the relevant supervisory authority.

8. Security of Personal Data

ChatSee.ai takes the security of personal data seriously. We have implemented technical and organizational measures appropriate to the risk, including:
• Encryption of all personal data in transit using TLS 1.2 or higher.
• Encryption of personal data at rest using AES-256 within GCP storage services.
• Logical network isolation using GCP Virtual Private Cloud (VPC) with private subnets, with no direct internet exposure of databases or internal services.
• Role-based access controls (RBAC) and the principle of least privilege applied to all systems and data.
• Multi-factor authentication (MFA) required for all personnel with access to production systems.
• Continuous security monitoring using GCP Security Command Center, Grafana, and Loki.
• A formal Secure Software Development Lifecycle (SDLC) policy governing all development and deployment activities.
• Annual security training for all personnel with access to personal data.
Despite these measures, no method of transmission or storage is completely secure. If you become aware of a security concern relating to your data, please contact us immediately at security@chatsee.ai.

9. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, ChatSee.ai will notify the relevant supervisory authority without undue delay, and where required, within 72 hours of becoming aware of the breach. Where the breach is likely to result in high risk to affected individuals, we will also notify those individuals directly. Enterprise customers will be notified in accordance with the terms of their DPA.

10. Children's Privacy

ChatSee.ai's services are designed for enterprise business use and are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact dpo@chatsee.ai and we will take prompt steps to delete such data.

11. Cookies and Tracking Technologies

Our website (www.chatsee.ai) uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us provide and improve our services.

11.1 Types of Cookies We Use

• Strictly necessary cookies: Required for the basic functioning of the website. These cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with our website (e.g., pages visited, time on site). Enabled only with your consent.
• Preference cookies: Used to remember your settings and preferences. Enabled only with your consent.

11.2 Managing Your Cookie Preferences

You can control cookie settings through our cookie consent banner when you first visit our website, or at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

12. Third-Party Links

Our website may contain links to third-party websites, including integration partner sites. This Privacy Policy applies only to ChatSee.ai and chatsee.ai. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify affected individuals by email. We encourage you to review this policy
periodically.
This policy was last reviewed and approved by Atul Thombre (DPO) in June 2025.

14. How to Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us:

Company:  Chatsee Inc.
Data Protection Officer: Atul Thombre
DPO Contact Email: dpo@chatsee.ai
Website:  www.chatsee.ai

You also have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction if you are not satisfied with our response to your privacy concerns.