Last Updated: November 27, 2023
CopyAI, Inc. (“Copy.ai,” “we,” “us,” and “our”) provides a generative productivity platform to assist customers in transforming their business with generative AI.
Personal Data we collect – We collect most of the Personal Data related to you through the registration and login processes to our Services and your engagement with our website.
How we share Personal Data with third parties – We share information with our service providers as necessary to facilitate our business. We will share information when we change our corporate structure, and we will share the information with our affiliated entity.
Your Privacy Choices and Rights You may opt-out of our mailing lists and terminate your use of our website.
Security of your information - We implement technical and organizational measures to secure your Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction.
Cross-border data transfer – We use cloud-based services to store and process data in the United States and European Union and will store data at additional sites, at our discretion, in accordance with applicable laws.
Data Privacy Framework Notice – Copy.ai adheres to the EU-U.S. Data Privacy Framework Principles regarding the collection, use, and retention of personal data that is transferred from the European Union, the United Kingdom and Switzerland to the U.S.
Aggregated and analytics information - Aggregated data is not identifiable. We use standard analytical tools for legitimate business purposes.
Specific provision for EEA, UK and Swiss residents – If we process Personal Data related to you when you are in the EEA, further terms apply to our processing in relation to your rights as a data subject under EEA data protection laws.
U.S. State Law Disclosures – If you are a resident of certain U.S. states, you are entitled to specific privacy rights.
Children’s information - The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Data from children.
Data retention and deletion – We retain different types of Personal Data for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements.
Contact us – Please contact us at: email@example.com, or at our offices located at 1661 International Dr, Memphis, TN 38120, USA.
The categories of Personal Data we collect and process depend on how you interact with us, our Services and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.
A. Information You Provide to Us Directly
We collect the following Personal Data that you provide to us.
Copy.ai Account Holders
Account Creation. When you create an account, we collect your name and e-mail address. If you connect to the Platform using Sign in with Google, we collect the following information associated with your Google account: your name, email address and profile picture.
User Content. When you use our Services, we collect Personal Data that may be included in the prompt, files uploaded by you, or feedback that you provide to our Services (“Content”).
Purchases. If you decide to use the “Pro” version of our Services, you are requested to provide your payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
• Surveys. We may contact you to participate in surveys from time to time. If you decide to participate, you maybe asked to provide certain information which may include Personal Data.
• Sweepstakes or Contests. If we offer a sweepstake or contest, we will collect certain Personal Data such as your name and e-mail address if you participate in such sweepstake or contest. Note that in some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
When you contact us via the Website, for example to get a demo of our Services or to subscribe to our newsletter, or for any other reason, we will receive and process any Personal Data that you provide to us, such as your name, phone number and email address. In addition, we will collect any Personal Data that you will provide to us while communicating with us, for example via our messaging platform.
• Interactive Features. We and others who use our Services collect Personal Data that you submit or make available through our interactive features (e.g., collaboration tools, messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any information you provide on the public sections of these features will be considered “public,” unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.
• Conferences, Trade Shows, and Other Events. We collect Personal Data from individuals when we attend conferences, trade shows, and other events.
• Business Development and Strategic Partnerships. We collect Personal Data from individuals and third parties to assess and pursue potential business opportunities.
• Job Applications.
If you are sending us a job application or job inquiry we will ask you to provide us with Personal Data about yourself so we can evaluate your application. If this information is not provided, our ability to consider you as a candidate may be limited. All information is provided on a voluntarily basis and you determine the extent of information that you provide to us. The kind of information we collect from job candidates include: your first and last name, email address, phone number, a home, postal or other physical address, other contact information, title, occupation, industry, personal interests, CV, work permit or visa information (where applicable), educational and employment history, referrals and references, job preferences, and other information you provide us.
Copy.ai uses Lever, an application developed by Lever, Inc., to process recruitment applications.
B. Information Collected Automatically
The following Personal Data is collected automatically when you use our Services and our Website, using cookies and similar tracking technologies:
Your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and internet service provider. We also collect information regarding your use of our Services and Website, such as pages that you visit before, during and after using our Services and Website, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services and Website. In addition, we collect information that other people provide about you when they use our Services, including information about you when they tag you.
See Section 5 below to understand your choices regarding these technologies.
C. Information Collected from Other Sources
We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings.
We use the Personal Data we collect for all of the following purposes: To provide you with our Services and Website, including:
• To manage your information and accounts;
• To provide access to certain areas, functionalities, and features of our Services and Website;
• To provide customer or technical support; and
• To communicate with you about your account, activities on our Services, and policy changes.
• To pursue our legitimate interests such as direct marketing, research and development (including marketing research),network and information security, and fraud prevention;
• To detect security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible for that activity;
• To measure interest and engagement in our Services and Website;
• Short-term, transient use, such as contextual customization of ads;
• To improve, upgrade or enhance our Services;
• To develop new products and Services;
• To ensure internal quality control and safety;
• To authenticate and verify individual identities;
• To debug, identify and repair errors within our Services;
• To perform audits and other compliance activities;
• To enforce our agreements and policies; and
• To comply with our legal obligations.
• Subject to your consent, if such is required under applicable law, to send you e-mails or other messages and/or newsletters about us or our Services, including through one of our service providers. At any time, you can unsubscribe from our mailing list by clicking on the unsubscribe link on the message.
To the extent relevant and possible, we will make efforts to maintain Personal Data accurate, complete and up to date.
A. Sharing with third parties to provide our Services
The categories of third parties with whom we share Personal Data are described below.
• Service Providers. To assist us in meeting business operations needs and to perform certain services and functions, we provide Personal Data to vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software, and web analytics services, among others. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.
• Other Copy.ai Users at Your Direction.When you use the Services, including Copy.ai’s interactive features, you may direct Copy.ai to share certain information with other Copy.ai users within the same virtual workspace. This information can include Personal Data about yourself and details about your work and your use of the Services.
• Share Content with Friends or Colleagues. Our Services offer various tools and functionalities. For example, we allow you to provide information about your friends or colleagues through our referral services. Our referral services allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.
• Affiliates. We share your Personal Data with our company affiliates, meaning an entity that controls, is controlled by, or is under common control with Copy.ai, for our administrative purposes including activities such as IT management, for them to provide services to you, or to support and supplement the Services we provide.
• Advertising Partners. We share your Personal Data with third-party advertising partners. These third-party advertising partners may set technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”
B. Sharing with third parties to protect usor Others
We will disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, we will disclose or use users' Personal Data to defend or enforce our legal rights and in accordance with any applicable law.
C. Disclosure in the Event of Merger, Sale, or Other Structural Change
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider(together, a “Structural Change”), Personal Data relating to you will be sold or transferred as part of the Structural Change, provided that the receiving entity will comply with this policy.
• “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that our Services and website do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Your consent applies to the following domains: www.copy.ai.
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, ourServices may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Please note you must separately opt out ineach browser and on each device.
However, no system is 100% secure, and we cannot guarantee or warrant that the Services or our website will be immune from cyber-attacks, malicious activities, malfunctions, honest mistakes or other types of abuse and misuse. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
We are a global company with headquarters in the US. We therefore transfer Personal Data outside of the country it was collected in or outside of the European Economic Area ("EEA")to, among others, the USA, to Brazil, Costa Rica, Philippines, or Canada. All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard Personal Data relating to you consistent with the requirements of applicable laws. If our use of the Personal Data is governed by laws restricting the transfer of personal information to other countries that do not provide an adequate level of protection to the Personal Data, we will use appropriate safeguards, in particular, by way of entering into appropriate contractual agreements with the relevant recipients, or by adhering to equivalent data transfer regulations to protect the security and confidentiality of such personal information.
When we transfer Personal Data from outside of the US, we make use of the EU-U.S. Data Privacy Framework to receive personal data transfers from the European Union/European Economic Area to the U.S. (see “EU-U.S. Data Privacy Framework Notice” section below), and the standard contractual data protection clauses, which have been approved by the European Commission, to safeguard the transfer of information we collect from the European Economic Area, the United Kingdom (the "UK"), and Switzerland.
Copy.ai complies with the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and relies on the European Commission’s adequacy decision for the EU-U.S. DPF to receive personal data transfers from the European Economic Area. Copy.ai adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Copy.ai. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (together with the EU-U.S. DPF Principles, the “DPF Principles”). If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Under the DPF Principles we are responsible for the processing of personal data we receive and, subsequently, for the personal data that we then transfer to a third-party service provider, if the personal data is processed in a manner inconsistent with the Data Privacy Framework.
If you have any questions, concerns, or complaints about our compliance with the DPF Principles, we encourage you to contact us under the contact details set forth in the “Contact Us” section below. In this section you can also find information regarding our EU representative that can respond to your inquiries or complaints.
If you have an unresolved complaint regarding our handling of personal data we received in reliance on the Data Privacy Framework, please contact our U.S.-based third-party dispute resolution provider (free of charge), JAMS, at https://www.jamsadr.com/dpf-dispute-resolution.
Finally, if you have a complaint that we have violated the DPF Principles that has not been resolved by other means, you may have the ability to invoke binding arbitration as outlined more fully on the Data Privacy Framework website.
Copy.ai is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and they use their own cookies to provide their service (you can find further information about cookies in Section 5 above.
We use standard analytics tools like Google Analytics to learn about how you and other users use our Website and Services, how we should improve your user experience and which improvements we should prioritize. We will use additional or other analytics tools, from time to time, in support of our Services-related activities and operations. The privacy practices of these tools are subject to their own privacy policies.
In order to find out how Google uses data when you use their services you can visit: http://www.google.com/policies/privacy/partners/.
We use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.
Under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), we are considered a data controller with respect to the Services we provide to you, or with respect to the information you provide us as a job candidate. If you are a resident of a territory in the European Economic Area (“EEA”), the United Kingdom orSwitzerland, we base our processing of Personal Data as a data controller on the following lawful grounds:
At any time, you can contact our privacy team at: firstname.lastname@example.org and request to exercise your rights in accordance with the provisions provided bylaw:
Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request. We will look into your inquiry and make good-faith efforts to respond promptly.
Where we process PersonalData as part of the Services, as a data processor of our users, we are committed to assist our data controllers to fulfill the above mentioned rights under the GDPR.
If you have any concerns about the way we process Personal Data related to you, you are welcome to contact our privacy team at: email@example.com or write to us at: Copy.AI, Inc., 1661 International Drive, Memphis, TN 38120, USA.
Several U.S. states have enacted privacy laws to grant new privacy rights to their residents.
To the extent provided for by local law and subject to applicable exceptions, individuals may have privacy rights in relation to their Personal Data including the following:
· Access their information
· Correct their inaccurate information
· Opt out if a business “sells” their information, uses or shares it for certain advertising purposes, or profiles them to make decisions with legal or similarly significant effects
· Be notified about a business’s data practices
· Nondiscrimination for exercising their privacy rights
· Delete their personal information
The following table provides additional information about the categories of Personal Data we collect and how we disclose that information. You can read more about the categories of Personal Data we collect in “Personal Data we collect” above, how we use Personal Data in “The purposes of use of the Personal Data” above, and how we retain Personal Data in “Data Retention and Deletion” below.
We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising (as those terms are defined under applicable local law). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about a consumer.
Exercising Your Rights. To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request to:
1661 International Drive
Memphis, TN 38120, USA
Verification. In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.
Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted to firstname.lastname@example.org.
Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request to email@example.com.
Additional Privacy Rights for California Residents
California Shine the Light. California Civil Code Section 1798.83 (the “Shine the Light” law) permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Data (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Data disclosed to those parties.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Data from children. If you learn that your child has provided us with Personal Data without your consent, you may contact us as set forth below. If we learn that we have collected a child’s Personal Data in violation of applicable law, we will promptly take steps to delete such information.
We retain different types of Personal Data for different periods, depending on the purposes for processing such information, our legitimate business purposes as well as pursuant to legal requirements under the applicable laws.
We will maintain your contact details, to help us stay in contact with you. At any time before or after the termination of the Services, you can contact our privacy team at: firstname.lastname@example.org, and request to delete your contact details.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable Personal Data, when we no longer need to process the information.
In any case, as long as you use the Services, we will keep information about you, unless applicable law requires us to delete it.
Tennessee, Memphis - Colonnade
1661 International Dr
Memphis, TN 38120, USA
If you are an EEA resident and have any concerns about the way we process Personal Data related to you, you are welcome to contact our representative in the EU at: email@example.com. We will look into your inquiry and make good-faith efforts to respond promptly.