Privacy Policy

1. Definitions and Scope

Personal Data

"Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual. In some jurisdictions, this is referred to as "Personal Information."

Customers and End Users

• A Customer is a business or organization that uses our Services.
• An End User is an individual who interacts with an AI agent or system powered by our Services.

Our Role: Controller and Processor

Hilus AI operates in two capacities:

• Controller (or "Business") – when we determine the purposes and means of processing Personal Data (for example, managing accounts, operating demo agents, maintaining our website, handling billing, and improving our Services).
• Processor (or "Service Provider") – when we process Personal Data on behalf of a Customer in connection with that Customer's deployment of the Services. In those cases, we process Personal Data in accordance with our agreements with the Customer and applicable law.

2. Categories of Personal Data We Collect

Depending on how you interact with the Services, we may collect the following categories of Personal Data.

Information You Provide

• Contact details (such as name, phone number, email address)
• Business information (company name, role, account details)
• Voice recordings and call audio
• Chat messages, transcripts, SMS/text messages
• Prompts and other content submitted to AI agents
• Outputs generated by the Services
• Appointment or workflow-related information
• Pet-related information (for veterinary use cases, if applicable)
• Photos or attachments submitted through supported channels
• Support communications and feedback
• Billing and transaction records

Payment information may be processed by third-party payment providers rather than stored directly by Hilus AI.

Information Collected Automatically

We may collect certain technical and usage information, including:

• IP address
• Browser and device information
• Usage logs and interaction data
• Call metadata (such as timestamps and duration)
• SMS delivery information
• Diagnostic and error logs

Information from Third Parties

We may receive Personal Data from:

• Customers (including information from systems or integrations configured by the Customer)
• Service providers that support infrastructure, communications, analytics, or security
• Publicly available business sources where permitted by law

3. How We Use Personal Data

We may process Personal Data to:

Provide and Operate the Services

• Enable voice and chat agents
• Facilitate call routing, messaging, scheduling, and workflow automation
• Manage Customer accounts
• Support integrations requested by Customers

Communicate

• Respond to inquiries
• Provide customer support
• Send service-related communications

Maintain and Improve the Services

• Monitor performance and reliability
• Debug errors
• Improve system accuracy, safety, and functionality
• Develop new features

Protect Security and Prevent Misuse

• Detect, prevent, and investigate unauthorized or fraudulent activity
• Protect the integrity and availability of our systems

Legal and Compliance

• Comply with applicable laws
• Respond to lawful requests
• Enforce agreements and policies

Where required by law, we rely on contract performance, legitimate interests, consent, or legal obligations, as applicable.

4. AI Systems and Model Practices

Hilus AI uses artificial intelligence technologies and third-party service providers to operate the Services.

• We do not use identifiable Customer or End User Personal Data to train general-purpose AI models owned by Hilus AI.
• We may use de-identified or aggregated data to evaluate and improve the performance, reliability, and safety of our Services.
• When acting as a processor, we process Personal Data on behalf of and at the direction of the Customer.
• We apply technical and organizational safeguards designed to reduce identification risks in internal improvement activities.

To operate the Services, data may be transmitted to third-party providers such as cloud hosting providers, telephony vendors, and AI or speech technology providers. These providers process data pursuant to contractual arrangements with us and are required to maintain confidentiality and security protections consistent with providing their services to us. Their independent processing practices are governed by their own policies and agreements.

5. Data Sharing and Disclosures

We may share Personal Data with:

Customers

To provide services requested by the Customer, including conversation logs and workflow outputs.

Vendors and Service Providers

To operate and support the Services, including cloud infrastructure, communications providers, AI technology providers, analytics services, and security tools. We require service providers to maintain appropriate confidentiality and security protections consistent with the services provided.

Customer-Enabled Integrations

If a Customer connects third-party systems, data may flow to those systems at the Customer's direction.

Legal Disclosures

When required by law or necessary to protect rights, safety, or security.

Business Transfers

In connection with a merger, acquisition, financing, bankruptcy, or sale of assets.

Hilus AI does not sell Personal Data and does not share Personal Data for cross-context behavioral advertising purposes.

6. Data Retention

We retain Personal Data only for as long as reasonably necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law or by our contractual obligations.

Retention periods may vary depending on the nature of the Services, the specific deployment configuration, applicable legal requirements, and the needs of our Customers.

For Customer deployments, retention settings may be configurable by the Customer, and we process and retain data in accordance with those configurations and our agreements.

We may delete or de-identify Personal Data when it is no longer reasonably necessary for our legitimate business purposes, subject to legal, regulatory, security, dispute resolution, and compliance requirements.

Certain account, billing, audit, and security-related records may be retained for longer periods as required for compliance or legitimate business purposes.

Retention practices may evolve over time as our Services develop, legal requirements change, or Customers implement different configurations.

7. Cookies and Similar Technologies

Our website and demo agents may use cookies or similar technologies for essential functionality, security, and analytics purposes. We do not use cookies for cross-context behavioral advertising.

You may control cookies through your browser settings. Disabling cookies may affect site functionality.

Our Services are not designed to respond to "Do Not Track" signals.

8. California Residents

If you are a California resident, please review our California Notice at Collection, which is incorporated by reference into this Policy and explains the categories of personal information we collect, the purposes for which we collect it, our retention practices, and your rights under the California Consumer Privacy Act (CCPA).

9. Your Privacy Rights

Depending on your jurisdiction, you may have rights regarding your Personal Data, which may include:

• Access
• Correction
• Deletion (subject to legal exceptions)
• Portability
• Objection or restriction
• Withdrawal of consent (where applicable)
• Non-discrimination for exercising rights

If you interact with an AI agent deployed by a Customer, that Customer may control your Personal Data. In such cases, you may need to direct certain requests to the deploying Customer.

To submit a request, contact privacy@hilus.ai. We may verify your identity before processing requests and will respond within applicable legal timeframes.

10. Security

Hilus AI maintains administrative, technical, and organizational safeguards designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

• Encryption of data in transit
• Encryption of data at rest
• Role-based and least-privilege access controls
• Logged and monitored access to production systems
• Documented incident response procedures
• Use of established cloud infrastructure providers
• Vendor confidentiality and security safeguards

While we implement commercially reasonable safeguards, no system can guarantee absolute security.

11. Security Program and Independent Audit

Hilus AI maintains a formal information security program designed to safeguard the confidentiality, integrity, and availability of data processed through the Services.

Our program includes documented security policies, risk management practices, employee security awareness measures, and vendor due diligence procedures.

12. Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect Personal Data from children under 13. If you believe a child has provided Personal Data to us, please contact privacy@hilus.ai.

13. Data Breach Notification

If a data breach occurs that affects Personal Data, we will provide notifications as required by applicable law.

14. Changes to This Policy

We may update this Policy from time to time. We will update the "Updated" date above. Continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

15. Contact Us

Hilus AI Corp.
4338 Adams Ave.
San Diego, CA 92116

Privacy inquiries: privacy@hilus.ai

General inquiries: contact@hilus.ai