Privacy Policy

1. This Privacy Policy (hereinafter "Policy") defines the policies and procedures regarding how "Chimege Systems" LLC (hereinafter "Service Provider", "We/Us") collects, processes, protects, and shares the personal data of the business entity or organization using the IVA Platform (hereinafter "Platform") (hereinafter "User", "You") and the personal data of the User's customers, the End Users.
2. This Policy applies to all services and functions of the Platform, and related websites (iva.mn and others).
3. By registering for, accessing, or using the Platform, the User is deemed to have read and accepted this Privacy Policy. The Privacy Policy is an integral part of the Terms of Service.

1. "Chimege Systems" LLC owns and operates the IVA Platform. Our contact information is provided at the end of this Policy.
2. Roles and Responsibilities:
• Service Provider (Data Processor): We process End User data and User employee data passing through the Platform according to the User's instructions, adhering to this Policy and applicable laws.
• User (Data Controller/Owner): You are responsible for ensuring you have the necessary legal basis (such as consent) to collect, input, and process your End Users' personal data on the Platform.

We may collect and process the following types of information for the purpose of providing and improving the Platform services:

1. User Registration Information:
• Organization name, address.
• Responsible employee's name, position, email address, phone number.
• Login credentials (username, encrypted password).
• Billing information (invoices, transaction history).
2. User Configuration Information:
• Connected channel configurations (e.g., Facebook page ID, website domain).
• Knowledge Base (Information, questions/answers, and other documents entered by the User for the Virtual Agent).
3. End User Information (Processed on behalf of the User):
• End User's name, contact information (phone, email, messenger ID), customer number.
• Content of inquiries, requests, feedback, and complaints sent via the Platform by the End User, both text and voice (if the User uses voice services).
• Communication metadata: Time, channel, duration of conversation, resolution status, sentiment analysis (automatically generated).
4. System Usage Information (Collected Automatically):
• User's interaction with the Platform (log files, IP address, browser type).
• Channels used, activity history on the Platform.
• Cookies.

We use the information collected for the following purposes:

1. To Provide Services:
• To operate the core functions of the Platform (receiving, processing, and responding to End User requests).
• To manage User accounts and authenticate logins.
• To provide technical support and resolve issues.
• For billing and invoicing.
2. To Improve Services:
• To enhance usability and improve the Platform.
• To improve the quality and accuracy of Virtual Agent responses (by using aggregated, de-identified End User data).
• To develop and test new features and services.
3. For Communication:
• To send notifications to Users about service updates, maintenance, and security.
• To respond to User inquiries and requests.
4. To Comply with Legal Obligations:
• To comply with legal requirements and court orders.
• To prevent fraud and ensure Platform security.

We implement the following technical and organizational measures to ensure the security of User and End User data:

1. Encryption: We use advanced encryption methods for data transmission (e.g., SSL/TLS) and storage (e.g., AES-256).
2. Access Control: We adhere to internal policies and procedures to ensure that only authorized personnel can access data based on their specific roles. We use password policies and multi-factor authentication (MFA).
3. Infrastructure Security: We utilize infrastructure security measures such as firewalls and intrusion detection systems in our data centers.
4. Employee Training: We provide regular training on data security and privacy to our employees and require confidentiality agreements.
5. Regular Monitoring and Testing: We conduct regular monitoring and testing to detect security vulnerabilities and mitigate risks.

We do not sell, rent, or disclose User or End User personal data to third parties without their consent. However, information may be shared in the following cases:

1. With User Consent: When we have your explicit consent (e.g., when integrating with third-party services).
2. For Legal Requirements: If required by law, court order, or governmental request. We review the legality of such requests and share only necessary information after informing the User.
3. Business Transfers: Information may be transferred during major business transitions like mergers, acquisitions, or reorganizations. In such cases, we will notify you in advance and inform you if your data becomes subject to a different privacy policy.

We retain User and End User data only for the period specified in the Terms of Service, or as required by law.

• User Registration and Configuration Information: During the time the User uses the Platform and for a specific period after contract termination (30 days, for legal requirements, dispute resolution).
• Communication Data: For the period specified by the User's request or Platform settings, or until deleted by the User. The Service Provider reserves the right to delete Communication Data after a specific period following contract termination (30 days).

Under the Law on Personal Data Protection and other applicable laws, you have the following rights:

1. Right to Access: To access your personal data that we process.
2. Right to Rectification: To request correction of inaccurate or incomplete data.
3. Right to Erasure: To request deletion of your data under certain conditions.
4. Right to Data Portability: The User has the right to retrieve their own data from the Platform.

To exercise these rights, please contact us using the details in Section 10. We will receive and address your request. Please note that End Users should contact the User (the organization providing the service) to exercise their rights.

We reserve the right to update and improve this Privacy Policy from time to time. In case of significant changes, we will publish them on the Platform website and/or notify Users via email in advance. We recommend checking the "Effective Date" of the updated policy. Your continued use of the Platform after the updated policy becomes effective constitutes acceptance of those changes.