Privacy Policy

This Privacy Policy explains how IceCore.ai (“IceCore“, “we“, “us“) collects, uses, discloses, and protects information about you when you use our services, websites, and integrations (the “Service“). This policy is designed to meet requirements of the EU/UK GDPR and US state privacy laws (including California CCPA/CPRA) where applicable.

1. Who We Are and How to Contact Us

IceCore.ai is the controller of your personal data when we determine the purposes and means of processing. If you have questions or wish to exercise your rights, contact us at privacy@icecore.ai.

2. Information We Collect

We collect the following categories of information:

• Account and profile: name, email, company, role, workspace details.
• Service content: conversations and messages you ingest or connect via integrations.
• Usage and device: log data, IP address, browser, device identifiers, pages viewed.
• Integrations data: data we receive from tools you connect (e.g., helpdesk platforms) per your configuration.
• Cookies and similar technologies: used for authentication, analytics, and preferences (see “Cookies” below).
• Support and communications: feedback, requests, and email or in-product messages.

3. Purposes and Legal Bases (EU/UK GDPR)

We process personal data for the following purposes and legal bases:

• Provide and maintain the Service (perform a contract or take steps at your request).
• Secure and protect the Service (legitimate interests; compliance with legal obligations).
• Improve and develop features (legitimate interests; we balance against your interests and rights).
• Communicate with you (legitimate interests for product updates; consent where required for marketing).
• Analytics and research (legitimate interests, using aggregated or de-identified data where possible).
• Comply with law (legal obligations).

Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, you have the right to object.

4. Sharing of Information

We share information with:

• Service providers who assist with hosting, storage, analytics, security, email, and support.
• Integrated platforms at your direction when you connect third-party tools.
• Legal and compliance recipients when required by law or to protect rights, safety, and security.
• Business transfers in connection with a merger, acquisition, or asset sale.

We do not sell personal data.

5. International Transfers

If we transfer personal data outside your country (including from the EEA/UK to other countries), we rely on appropriate safeguards such as Standard Contractual Clauses and additional measures where necessary.

6. Data Retention

We retain personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data category and your configuration.

7. Security

We implement technical and organizational measures to protect information. Learn more in our Security Policy.

8. Your Rights (EU/UK)

Subject to conditions and exceptions, you have rights to access, rectify, erase, restrict processing, data portability, and object to processing. You may also withdraw consent at any time. You have the right to lodge a complaint with your local supervisory authority.

9. Your Rights (US State Laws incl. CCPA/CPRA)

Depending on your state, you may have rights to know/access, delete, correct, and obtain a portable copy of your information; to opt out of sale,sharing, or targeted advertising; and to limit the use/disclosure of sensitive personal information. We do not discriminate against you for exercising these rights.

To exercise rights, email privacy@icecore.ai. If we deny a request, you may appeal by replying to our decision with “Appeal” in the subject line. You can opt out of marketing emails via the unsubscribe link in our emails.

10. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, analytics, and security. You can control cookies through your browser settings. Some features may not function properly without certain cookies.

11. Children’s Privacy

The Service is not directed to children and we do not knowingly collect personal data from children. If you believe a child has provided us information, contact us to delete it.

12. Automated Processing

We may use automated processing to analyze conversation content and generate insights. We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by updating the date above or via in-product notices.

14. Contact

Questions or requests? Contact us at privacy@icecore.ai.

15. AI Model Training

We do not use your personal information to train generalized AI models. We may use aggregated or de-identified data to improve features and performance.

16. Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. We currently do not respond to DNT signals. You can manage cookies and similar technologies via your browser settings.

17. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy policies of those third parties.

18. Service Providers and AI Vendors

We use service providers to host, deliver, and support the Service (e.g., Vercel for hosting/CDN, Postmark for email, Pusher for realtime, Supabase for authentication and database, MongoDB Atlas for data storage). For AI features, we may send necessary inputs (after applying safeguards like PII redaction where possible) to AI APIs to generate outputs for you. We do not authorize providers to use your data to train generalized models.