Privacy Notice

Last Updated: November 27, 2023

CopyAI, Inc. (“Copy.ai,” “we,” “us,” and “our”) provides a generative productivity platform to assist customers in transforming their business with generative AI.

We respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to personal data (“Personal Data”) that we collect from or about you when you use our applications and services (collectively, “Services”) or when you visit our website at copy.ai (the “Website”). This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings.

1. A Summary of The Policy

Personal Data we collect – We collect most of the Personal Data related to you through the registration and login processes to our Services and your engagement with our website.

The purposes of use of the Personal Data – We collect Personal Data related to you for various business purposes as further detailed in ‘The purposes of use of yourPersonal Data’ section of this privacy policy.

How we share Personal Data with third parties – We share information with our service providers as necessary to facilitate our business. We will share information when we change our corporate structure, and we will share the information with our affiliated entity.

Your Privacy Choices and Rights You may opt-out of our mailing lists and terminate your use of our website.

Security of your information - We implement technical and organizational measures to secure your Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Cross-border data transfer – We use cloud-based services to store and process data in the United States and European Union and will store data at additional sites, at our discretion, in accordance with applicable laws.

Data Privacy Framework Notice – Copy.ai adheres to the EU-U.S. Data Privacy Framework Principles regarding the collection, use, and retention of personal data that is transferred from the European Union, the United Kingdom and Switzerland to the U.S.

Aggregated and analytics information - Aggregated data is not identifiable. We use standard analytical tools for legitimate business purposes.

Specific provision for EEA, UK and Swiss residents – If we process Personal Data related to you when you are in the EEA, further terms apply to our processing in relation to your rights as a data subject under EEA data protection laws.

U.S. State Law Disclosures – If you are a resident of certain U.S. states, you are entitled to specific privacy rights.

Children’s information - The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Data from children.

Data retention and deletion – We retain different types of Personal Data for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements.

Changes to this privacy policy – We will update this privacy policy from time to time after giving proper notice. Read more.

Contact us – Please contact us at: legal@copy.ai, or at our offices located at 1661 International Dr, Memphis, TN 38120, USA.

2. Personal Data We Collect

The categories of Personal Data we collect and process depend on how you interact with us, our Services and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.

A. Information You Provide to Us Directly

We collect the following Personal Data that you provide to us.

Copy.ai Account Holders

Account Creation. When you create an account, we collect your name and e-mail address. If you connect to the Platform using Sign in with Google, we collect the following information associated with your Google account: your name, email address and profile picture.

User Content. When you use our Services, we collect Personal Data that may be included in the prompt, files uploaded by you, or feedback that you provide to our Services (“Content”). 

Purchases. If you decide to use the “Pro” version of our Services, you are requested to provide your payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).

• Surveys. We may contact you to participate in surveys from time to time. If you decide to participate, you maybe asked to provide certain information which may include Personal Data.

• Sweepstakes or Contests. If we offer a sweepstake or contest, we will collect certain Personal Data such as your name and e-mail address if you participate in such sweepstake or contest. Note that in some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.

 

Website visitors

When you contact us via the Website, for example to get a demo of our Services or to subscribe to our newsletter, or for any other reason, we will receive and process any Personal Data that you provide to us, such as your name, phone number and email address. In addition, we will collect any Personal Data that you will provide to us while communicating with us, for example via our messaging platform.

 

• Interactive Features. We and others who use our Services collect Personal Data that you submit or make available through our interactive features (e.g., collaboration tools, messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any information you provide on the public sections of these features will be considered “public,” unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.

• Conferences, Trade Shows, and Other Events. We collect Personal Data from individuals when we attend conferences, trade shows, and other events.

• Business Development and Strategic Partnerships. We collect Personal Data from individuals and third parties to assess and pursue potential business opportunities.

Job Applications.

If you are sending us a job application or job inquiry we will ask you to provide us with Personal Data about yourself so we can evaluate your application. If this information is not provided, our ability to consider you as a candidate may be limited. All information is provided on a voluntarily basis and you determine the extent of information that you provide to us. The kind of information we collect from job candidates include: your first and last name, email address, phone number, a home, postal or other physical address, other contact information, title, occupation, industry, personal interests, CV, work permit or visa information (where applicable), educational and employment history, referrals and references, job preferences, and other information you provide us.

Copy.ai uses Lever, an application developed by Lever, Inc., to process recruitment applications.

B. Information Collected Automatically

The following Personal Data is collected automatically when you use our Services and our Website, using cookies and similar tracking technologies:

Your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and internet service provider. We also collect information regarding your use of our Services and Website, such as pages that you visit before, during and after using our Services and Website, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services and Website. In addition, we collect information that other people provide about you when they use our Services, including information about you when they tag you.

We use such cookies and similar tracking technologies to process the above mentioned Personal Data to make it easier for you to log-in and to facilitate the Website and Services activities, to analyze performance and marketing activities, and to personalize your experience. Please see which cookies we place and why at https://www.copy.ai/cookies. We also use standard analytics tools as described in the Section titled “Aggregated and analytics information” of this privacy policy.

See Section 5 below to understand your choices regarding these technologies.

C. Information Collected from Other Sources

We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings.

3. The Purposes of Use of The Personal Data

We use the Personal Data we collect for all of the following purposes: To provide you with our Services and Website, including:

• To manage your information and accounts;

• To provide access to certain areas, functionalities, and features of our Services and Website;

• To provide customer or technical support; and

• To communicate with you about your account, activities on our Services, and policy changes.

• To pursue our legitimate interests such as direct marketing, research and development (including marketing research),network and information security, and fraud prevention;

• To detect security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible for that activity;

• To measure interest and engagement in our Services and Website;

• Short-term, transient use, such as contextual customization of ads;

• To improve, upgrade or enhance our Services;

• To develop new products and Services;

• To ensure internal quality control and safety;

• To authenticate and verify individual identities;

• To debug, identify and repair errors within our Services;

• To perform audits and other compliance activities;

• To enforce our agreements and policies; and

• To comply with our legal obligations.

• Subject to your consent, if such is required under applicable law, to send you e-mails or other messages and/or newsletters about us or our Services, including through one of our service providers. At any time, you can unsubscribe from our mailing list by clicking on the unsubscribe link on the message.

We will process, use, retain and share Personal Data solely for the purposes described in this privacy policy and only when reasonably necessary and proportionate to achieve such purposes for which such information was collected and processed.

To the extent relevant and possible, we will make efforts to maintain Personal Data accurate, complete and up to date.

4. How We Share Personal Data With third parties

We disclose Personal Data related to you to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below. We only allow these third parties to use it as necessary to fulfill the purposes for collecting the Personal Data under this privacy policy and under strict conditions.

A. Sharing with third parties to provide our Services

The categories of third parties with whom we share Personal Data are described below.

• Service Providers. To assist us in meeting business operations needs and to perform certain services and functions, we provide Personal Data to vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software, and web analytics services, among others. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.

• Other Copy.ai Users at Your Direction.When you use the Services, including Copy.ai’s interactive features, you may direct Copy.ai to share certain information with other Copy.ai users within the same virtual workspace. This information can include Personal Data about yourself and details about your work and your use of the Services.

• Share Content with Friends or Colleagues. Our Services offer various tools and functionalities. For example, we allow you to provide information about your friends or colleagues through our referral services. Our referral services allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

• Affiliates. We share your Personal Data with our company affiliates, meaning an entity that controls, is controlled by, or is under common control with Copy.ai, for our administrative purposes including activities such as IT management, for them to provide services to you, or to support and supplement the Services we provide.

• Advertising Partners. We share your Personal Data with third-party advertising partners. These third-party advertising partners may set technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”

B. Sharing with third parties to protect usor Others

We will disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, we will disclose or use users' Personal Data to defend or enforce our legal rights and in accordance with any applicable law.

C. Disclosure in the Event of Merger, Sale, or Other Structural Change

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider(together, a “Structural Change”), Personal Data relating to you will be sold or transferred as part of the Structural Change, provided that the receiving entity will comply with this policy.

5. Your Privacy Choices And Rights

• Email Communications. At any time you can opt-out of our mailing list by clicking the unsubscribe link found at the bottom of the email. Note that you will continue to receive transaction-related emails regarding Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g.,communications regarding our Services or updates to our Terms of Service or this Privacy Policy).

• “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that our Services and website do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

• Cookies and Interest-Based Advertising. Cookies are small text files that can be used by websites to make a user's experience more efficient. Our website uses cookies.We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. Our site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.  

We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Your consent applies to the following domains: www.copy.ai.

You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, ourServices may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.  

Please note you must separately opt out ineach browser and on each device.

6. Security of Personal Data

We take steps to ensure that Personal Data is treated securely and in accordance with this Privacy Policy. We have put in place appropriate physical, technical and organizational controls to safeguard and secure Personal Data related to you from loss, misuse, unauthorized access or disclosure, alternation or destruction. These measures provide industry standard security.

However, no system is 100% secure, and we cannot guarantee or warrant that the Services or our website will be immune from cyber-attacks, malicious activities, malfunctions, honest mistakes or other types of abuse and misuse. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

7. Cross-Border Data Transfers

We are a global company with headquarters in the US. We therefore transfer Personal Data outside of the country it was collected in or outside of the European Economic Area ("EEA")to, among others, the USA, to Brazil, Costa Rica, Philippines, or Canada. All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard Personal Data relating to you consistent with the requirements of applicable laws.  If our use of the Personal Data is governed by laws restricting the transfer of personal information to other countries that do not provide an adequate level of protection to the Personal Data, we will use appropriate safeguards, in particular, by way of entering into appropriate contractual agreements with the relevant recipients, or by adhering to equivalent data transfer regulations to protect the security and confidentiality of such personal information.

When we transfer Personal Data from outside of the US, we make use of the EU-U.S. Data Privacy Framework to receive personal data transfers from the European Union/European Economic Area to the U.S. (see “EU-U.S. Data Privacy Framework Notice” section below), and the standard contractual data protection clauses, which have been approved by the European Commission, to safeguard the transfer of information we collect from the European Economic Area, the United Kingdom (the "UK"), and Switzerland.

8. Data Privacy Framework Notice

Copy.ai complies with the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and relies on the European Commission’s adequacy decision for the EU-U.S. DPF to receive personal data transfers from the European Economic Area. Copy.ai adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Copy.ai. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (together with the EU-U.S. DPF Principles, the “DPF Principles”). If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Under the DPF Principles we are responsible for the processing of personal data we receive and, subsequently, for the personal data that we then transfer to a third-party service provider, if the personal data is processed in a manner inconsistent with the Data Privacy Framework.

If you have any questions, concerns, or complaints about our compliance with the DPF Principles, we encourage you to contact us under the contact details set forth in the “Contact Us” section below. In this section you can also find information regarding our EU representative that can respond to your inquiries or complaints.

If you have an unresolved complaint regarding our handling of personal data we received in reliance on the Data Privacy Framework, please contact our U.S.-based third-party dispute resolution provider (free of charge), JAMS, at https://www.jamsadr.com/dpf-dispute-resolution.

Finally, if you have a complaint that we have violated the DPF Principles that has not been resolved by other means, you may have the ability to invoke binding arbitration as outlined more fully on the  Data Privacy Framework website.

Copy.ai is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

9. Aggregated and Analytics Information

We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and they use their own cookies to provide their service (you can find further information about cookies in Section 5 above.

We use standard analytics tools like Google Analytics to learn about how you and other users use our Website and Services, how we should improve your user experience and which improvements we should prioritize. We will use additional or other analytics tools, from time to time, in support of our Services-related activities and operations. The privacy practices of these tools are subject to their own privacy policies.

In order to find out how Google uses data when you use their services you can visit: http://www.google.com/policies/privacy/partners/.

We use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.

10. Specific provision for EEA, UK and Swiss residents

Under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), we are considered a data controller with respect to the Services we provide to you, or with respect to the information you provide us as a job candidate. If you are a resident of a territory in the European Economic Area (“EEA”), the United Kingdom orSwitzerland, we base our processing of Personal Data as a data controller on the following lawful grounds:

  • Performance of a contract with you when we provide and maintain our Services. When we process your account information, Content, and technical information solely to provide our Services to you, this information is necessary to be able to provide our Services. If you do not provide this information, we may not be able to provide our Services to you. 
  • Our legitimate interests in protecting our Services from abuse, fraud, or security risks, or in developing,     improving, or promoting our Services. This may include the processing of account information, Content, and Technical Information.
  • Your consent when we ask for your consent to process your Personal Data for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
  • Compliance with our legal obligations when we use your Personal Data to comply with applicable law or when we protect our or our affiliates’, users’, or third parties’ rights, safety, and property.

At any time, you can contact our privacy team at: legal@copy.ai and request to exercise your rights in accordance with the provisions provided bylaw:

  • You are entitled to access the Personal Data that we keep about you together with information about how and on what basis the Personal Data is being processed and to rectify when such information is inaccurate. If you find that the Personal Data related to you is not accurate, complete or updated, then please provide us the necessary information to correct it.
  • You can contact us if you want to withdraw your consent to the processing of Personal Data related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
  • You are entitled to request to delete or restrict access to Personal Data related to you in limited circumstances as described under the GDPR, subject to certain exceptions. If we need to delete Personal Data related to you following your request, it can take time until we completely delete residual copies of Personal Data related to you from our active servers, from our backup systems, and from third-parties (as     described in section 4).

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions under applicable law, you are entitled to request to be informed that third parties that hold Personal Data related to you, in accordance with this privacy policy, will act accordingly.

  • You are entitled to request the transfer of Personal Data related to you in accordance with your right to data     portability.
  • You are entitled to object to the processing of Personal Data related to you, for example in relation to     direct marketing.
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
  • You have the right to obtain a copy of or access to safeguards under which Personal Data related to you is     transferred outside of the EEA.
  • You have a right to lodge a complaint with a data protection supervisory authority.

Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request. We will look into your inquiry and make good-faith efforts to respond promptly.

Where we process PersonalData as part of the Services, as a data processor of our users, we are committed to assist our data controllers to fulfill the above mentioned rights under the GDPR.

If you have any concerns about the way we process Personal Data related to you, you are welcome to contact our privacy team at: legal@copy.ai or write to us at: Copy.AI, Inc., 1661 International Drive, Memphis, TN 38120, USA.

11. U.S. State Law Disclosures

Several U.S. states have enacted privacy laws to grant new privacy rights to their residents.

To the extent provided for by local law and subject to applicable exceptions, individuals may have privacy rights in relation to their Personal Data including the following:

·      Access their information 

·      Correct their inaccurate information

·      Opt out if a business “sells” their information, uses or shares it for certain advertising purposes, or profiles them to make decisions with legal or similarly significant effects

·      Be notified about a business’s data practices

·      Nondiscrimination for exercising their privacy rights 

·      Delete their personal information 

The following table provides additional information about the categories of Personal Data we collect and how we disclose that information. You can read more about the categories of Personal Data we collect in “Personal Data we collect” above, how we use Personal Data in “The purposes of use of the Personal Data” above, and how we retain Personal Data in “Data Retention and Deletion” below.

We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising (as those terms are defined under applicable local law). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about a consumer.

Exercising Your Rights. To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request to:

CopyAI, Inc.
1661 International Drive
Memphis, TN 38120, USA

legal@copy.ai

571-758-3823

Verification. In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted to legal@copy.ai.

Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request to legal@copy.ai.

Additional Privacy Rights for California Residents

California Shine the Light. California Civil Code Section 1798.83 (the “Shine the Light” law) permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Data (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Data disclosed to those parties.

12. Children’s Information

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Data from children. If you learn that your child has provided us with Personal Data without your consent, you may contact us as set forth below.  If we learn that we have collected a child’s Personal Data in violation of applicable law, we will promptly take steps to delete such information.

13. Data Retention And Deletion

We retain different types of Personal Data for different periods, depending on the purposes for processing such information, our legitimate business purposes as well as pursuant to legal requirements under the applicable laws.  

We will maintain your contact details, to help us stay in contact with you. At any time before or after the termination of the Services, you can contact our privacy team at: legal@copy.ai, and request to delete your contact details.

Note that we may retain your details without using them unless necessary and for the necessary period of time, for legal requirements and proceedings, and that we will not retain the Personal Data related to you for any longer than reasonably necessary for purposes described in this privacy policy.

We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable Personal Data, when we no longer need to process the information.

In any case, as long as you use the Services, we will keep information about you, unless applicable law requires us to delete it.

14. Changes to This Privacy Policy

From time to time, we will need to update this privacy policy. If the updates have minor, if any, consequences, they will take effect 7 days after we post a notice on the Services’ platform and/or our website, or after we send you the notice through email or through the Services. Substantial changes will be effective 30 days after we initially posted our notice. Changes to this privacy policy are effective as of the stated “last updated” date.

Continuing to use the Services or our website after the new privacy policy takes effect means that you agree to the new privacy policy. Note that if we need to adapt the privacy policy to legal requirements, the new privacy policy will become effective immediately or as required.

15. Contact Us

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:

CopyAI, Inc.
‍Tennessee, Memphis - Colonnade
1661 International Dr
Memphis, TN 38120, USA

legal@copy.ai

571-758-3823

If you are an EEA resident and have any concerns about the way we process Personal Data related to you, you are welcome to contact our representative in the EU at: contact@gdprlocal.com. We will look into your inquiry and make good-faith efforts to respond promptly.