Last Updated: May 24, 2018
About Us/Who is Octane?
Octane AI is a start-up founded in 2016 with a SaaS platform that allows our customers (businesses) to use Facebook Messenger marketing to automatically send messages to their end users (individuals) on Messenger.
Our customers can use Octane AI to power Messenger marketing campaigns for abandoned carts, receipts, shipping notification, and custom campaigns.
Octane AI can also help with customer support by automatically answering questions sent in by individuals.
What information do we collect and how do we use it?
For businesses browsing the Octane AI Site and Octane AI Customers
When you visit the Service, we and our third-party service providers, receive and record information on our server logs from your browser, including your IP address, and from cookies and similar technology. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Service may not work properly.
When customers sign up for Octane AI we collect information to better serve them such as their name, email, business, website and Facebook pages. We also collect information about their clicks and activity with the product to provide them with improved product features and personalized helpful messages.
When we collect the personal information described above, Octane AI is a data controller.
In that case, we process your data for purposes of information on our products, improving our products and for marketing purposes. We do so based on the consent you have expressly and freely given to us and that you can withdraw easily at any time by clicking on the “unsubscribe” link at the bottom of our newsletter or alternatively by contacting us by email at [email protected].
When you as a business add the Octane AI Shopify app to your store, we are sending information and updates on our products to you by using the email address provided by Shopify when you install our app. We do so based on the consent you have expressly and freely given to our partner to share your email with apps you install and receive product information from them. You can always withdraw your consent easily at any time by clicking on the "unsubscribe" link at the bottom of our newsletter or alternatively by contacting us by email at [email protected].
We also collect information from public sources and social networks in compliance with the data protection rules herein described.
For end-users of Octane AI Customers
Any end-user using a bot provides public information to that bot which includes Name, Gender and their profile photo. Any other information gathered directly from the bot must be explicitly asked of them either by requiring them to write text or click a button in the bot. We do get relevant information from third parties such as Shopify (see Third Party section below). Octane AI customers can choose to collect information about the end-users using their bots by asking them questions within the bot. This may include information such as email, address or other personally identifiable information. The end-user can choose to answer or not.
In regards to this data, Octane AI is the data processor and our customers are the data controller. If you wish your information to be removed from a bot you are using, please contact the company directly. We are also adding a feature to all our bots that allows a user to self-serve remove the data the bot has collected about them. This will remove all information in our systems, but does not guarantee that the Octane AI customer did not export this information from our platform.
How Long Do We Keep your Data?
In the case where we are the data controller, Octane AI will only keep and store your data for as long as it is necessary for us to fulfil the purposes for which they were collected. For more information, you can contact us by email at [email protected].
In the case where we are the data processor, we will only keep and store data for as long as it is necessary to fulfil the purposes of our customers, in accordance with what our customer decides as data controller.
Automated decisions with user data
We do not use user data to make automated decisions that could cause legal harm to the user.
How do we ensure the security of your data?
We have implemented the following technical security measures to protect your personal data:
- TLS encryption used for all data travelling across the Internet.
- All servers firewalled; users connect to our servers only through a reverse proxy, not directly.
- Modern programming techniques which eliminate the possibility of many classes of bug, including XSS, XSRF, and SQL injection.
- Minimization of team access to production infrastructure.
- Policy requiring two-factor authentication for all team members’ accounts connected to production infrastructure or codebase.
We also have appropriate organisational safeguards and security measures in place to protect your data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We require any third party with which we enter into a contract, and that can process your personal data on our behalf, to have security measures in place to protect your data and to treat such data in accordance with the law.
In the unfortunate event of a personal data breach, we have implemented measures to be able to have appropriate reactions and we will notify you and any competent authority when we are legally required to do so.
What third parties do we use and what do they have access to?
Here is a list of the third parties we use and how Octane AI uses them
- Facebook Messenger. Our company uses the Facebook Messenger API to build Facebook Messenger experiences. Facebook has access to all information that comes through the bot. Here is their statement on Facebook Messenger and GDPR.
- Hubspot. We use hubspot to send marketing emails and to track marketing leads. Here is their statement on GDPR compliance.
- Mixpanel. We use Mixpanel to track clicks and behavior of our customers within the Octane AI admin platform. Here is their statement on GDPR compliance
- Google Analytics. We use Google Analtyics to track clicks and behavior on our marketing pages and within the Octane AI admin platform. Here is their statement on GDPR compliance
- We use Amazon AWS for hosting. Here is their information on GDPR compliance.
- Intercom. We use Intercom for customer support and to send targeting customer messages. It track certain behavior within the Octane AI admin platform, response to the customer support team and certain personal information such as an email address needed to give customer support. Here is their statement on GDPR
- Shopify. We offer an integration with Shopify for our customers. Here is their information about GDPR.
- Dashbot. We offer an optional integration with Dashbot for our customers. Here is their information on GDPR.
- Yext. We offer an optional integration with Yext for our customers. Here is their data policy agreement.
- Klaviyo. We offer an optional integration with Klaviyo for our customers. Here is their information on GDPR.
How can you control your data?
For Octane AI Customers and businesses browsing our website
You can email Octane AI at [email protected] and we will be happy to provide you with information about your data, remove your data or help in any way related to your privacy questions.
For end-users of Octane AI Customers
Octane AI is a data processor, not a data controller. We are building a feature that would allow an end-user to remove their bot data directly from the bot but users should still contact the data controller (i.e. the company they are talking to in the bot) to be sure their data is removed since data can be exported from our system.
What are your rights and how to exercise them?
In accordance with the European Genera Data Protection Regulation (GDPR), each user has a right to access, rectify and erase personal data and object to the processing or to automated decision making, by writing at [email protected]. Users can also, using the same email address, ask for their data to be transferred to them or to another controller or request restriction of the processing of their personal data.
In accordance with the GDPR you also have the right to lodge a complaint to us by writing at [email protected] or to a data protection authority.
- Right of access
By exercising this right, you can ask us if your data are being processed and ask information about what kind of processing operations are implemented.
You can also request an access to your processed data and ask for a copy of them too.
- Right to rectification
By exercising this right, you can ask us to rectify, change, update any of your personal data that are being processed by us.
- Right to erasure
By exercising this right, you can ask us to erase your personal data when the processing is no longer necessary. However, in some cases, we will not be able to comply with your request if there is legal obligation we have to comply with. In such cases, we will notify theses legal reasons to you.
- Right to data portability
With this right, you have the possibility to obtain your data and also request the transmission of these data to another controller. You can request the transfer of your data only if the processing operations we are carrying out are automated and if you gave us your consent for such processing or if it is needed for the execution of a contract.
- Right to objection
You have the right to object to the processing operations for where we believe we have a legitimate interest to process your data.
You also have the right to object to your processing operations for direct marketing purposes at any time.
- Right to restriction of the processing
By exercise this right, you can ask us to interrupt the processing of your data in special cases such as when you want to rectify your data or when you object to the processing operations carried out based on our legitimate interest.
International Data Transfer
The personal data we collect from you are being transferred to the United States and may be processed globally. When transferring your personal data outside of the European Economic Area ("EEA"), we will ensure a similar degree of protection if afforded to it by ensuring appropriate safeguards, as required by law, are in place. When transferring your data to the United States, we ensure that the entities to where the data are being transferred have joined the "EU/US Privacy Shield Framework" approved by the European Commission.