Last updated: 06 September 2024
In the course of serving our customers, Symbient may collect certain nonpublic personal information relating to you and your business. We recognize this information is sensitive and that its privacy should be protected and maintained. In this Privacy Policy, we explain what information we collect about you and why, the limited way we may share that information with affiliates and non-affiliated companies, and how we protect and maintain the privacy and security of that information.
This "Privacy Policy" describes the practices of Lucus Labs, LLC, the owning company of the product Symbient ("Lucus Labs", "Symbient", "Symbient", "LuLa", "we", "our" or "us"), and the use of Personal Data. Personal Data means any information that relates to an identifiable individual and/or business. Lucus Labs cares about the security and privacy of the Personal Data that is entrusted to us. We may collect and use Personal Data when we do business with you or when you do business with those who use our services. Some of our services may be accessed directly by you, including through our websites that reference this policy (collectively "Sites"). Many of our services are provided to others in connection with their own business and activities, and you may engage with Symbient services as part of another's service, such as when you interact with Symbient-powered AI, including our embeddable LuLa Bot (chatbot) from another website or product (collectively, we refer to Sites and direct and indirect services as "Services"). This policy applies to Symbient's own Services. Websites, products, and services of third parties and some affiliates of Symbient are subject to their own separate privacy policies.
This Privacy Policy includes important information about your Personal Data and we encourage you to read it carefully. All materials have been prepared for general information purposes only. The information presented is not legal advice, is not to be acted on as such, may not be current, and is subject to change without notice.
-
Overview
Symbient obtains Personal Data about you from various sources. "You" may be a visitor to one of our Sites ("Visitor"), a user of one or more of our Services ("User" or "Symbient User"), or a direct or indirect customer of a User ("Customer"). If you are a Customer, your agreement with the relevant Symbient User should explain how the Symbient User shares your Personal Data with Symbient. If you have questions about this sharing, then you should direct those questions to the Symbient User.
-
Personal Data We Collect
-
Personal Data we collect about you
Personal Data is any information that relates to an identified or identifiable individual or business, and can include information about how you engage with our Services (e.g. device information, IP Address, etc). In most cases, the Personal Data you provide directly to us through our Services will be apparent from the context in which you provide the data. For example,
- When you register for a Symbient account on our Site we collect your full name, email address, and account log-in credentials.
- When you fill-in our online form to contact our support team, we ask for your name and contact information.
- When you authorize us to store information about you in connection with Symbient, we collect your name and contact information.
- When you respond to Symbient emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call us, as well as any other information you may provide during the call. If you are a Symbient User or Customer, when you contact us, we may collect additional information in order to verify your identity and for referencing your user account.
- When you engage with our Symbient AI and provide Personal Data such as your name, email address, or other Personal Data. Depending on the Symbient AI service you engage with, where you engage it from (such as from another website), and the scope of your interaction with the AI, certain other Personal Data may be recorded. Please be cognizant of any Personal Data you share with our AI.
You may also choose to submit information to us via other methods, including: (i) in response to marketing or other communications, (ii) through
participation in an offer, program or promotion, (iii) through social media or online forums, (iv) in connection with an actual or potential business
relationship with us, or (v) by giving us your business card or contact details in connection with trade shows or other events.
-
Information that we collect automatically on our Sites and through marketing of our products
Symbient controlled Sites utilize cookies and other technologies. These technologies may record information about you, including:
- Browser and device data, such as IP address, device type, operating system name and version, Internet browser type, screen resolution, device manufacturer and model, locale and language, plug-ins, add-ons and the language version of the Sites you are visiting.
- Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
- Online activities. We may collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online services.
- We may collect information when you engage with our marketing messages and when you click on links included in ads for our products. We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.
-
Personal Data we collect about you
-
How We Use Personal Data
-
Our Services
We rely upon a number of legal grounds to enable our use of your Personal Data. We use Personal Data to facilitate the business relationships we have with our Partners and Users, to pursue our legitimate business interests, and to comply with our financial regulatory and other legal obligations. -
Encryption
- Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. All PII data (and several other non-PII data) are encrypted using AES-256 encryption.
- All data traveling across our network (in-flight) is required to be submitted over TLS and, as such, is also further encrypted.
-
Legitimate business interests
Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. When we do so, we balance our legitimate interests against the interests and rights of the individuals whose Personal Data we process. The following list sets out the business purposes we have identified as legitimate:
- Determine eligibility for and offer new Lucus Labs products and services
- Respond to inquiries, send Service notices and provide customer support
- Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services
- Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets
- Analyze and advertise our Services
- Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business
- Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business
- Enable network and information security throughout Symbient and our Services
- Share Personal Data among our affiliates for administrative purposes
-
Marketing and events-related communications
We may send you email marketing communications about Lucus Labs products and services, including but not limited to Symbient, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with applicable law, including any consent requirements. For example, when you submit your contact information to us or when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.
-
Our Services
-
How We Disclose Personal Data
Lucus Labs, owner of Symbient, does not sell or rent Personal Data to marketers or unaffiliated third parties. We only share your Personal Data with trusted entities as outlined below.
-
Lucus Labs and Symbient
We may share Personal Data with other Lucus Labs and Symbient affiliated entities in order to provide our Services and for our own administrative purposes. -
Service providers
We may share Personal Data with certain service providers subject to contract terms that limit their use of Personal Data. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, marketing services, information technology and related infrastructure, customer service, email delivery, debit & credit card payment processing, and auditing services. These service providers may need to access certain Personal Data to perform or provide their services to us and/or on our behalf. We authorize such service providers to use or disclose the Personal Data only to perform services on our behalf or to comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the United States of America and follow all U.S. laws, rules, and regulations. -
Business partners
We may share certain Personal Data with third party business partners in connection with our Services to our Users. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide payment processing services, and the professional services firms that we partner with. As of the date listed above, Symbient utilizes Opta Pay for processing all debit & credit card payments for usage of the Symbient Services. Opta Pay is a product of, and is owned and operated by Lucus Labs. Please refer to the Opta Pay Privacy Policy regarding any Personal Data collected by or shared with Opta Pay. -
Our Users and third parties authorized by our Users
We may share certain Personal Data with Users to maintain a User account and provide the Services and third party services they require from us. We may share data with parties directly authorized by a User to receive Personal Data. This includes sharing Personal Data of Customers with Users to assess the fraud risk associated with attempted misuse or abuse by Customers, or when a User authorizes a third party to access the User's Symbient account. The use of Personal Data by an authorized third party is subject to the third party's privacy policy. -
Corporate transactions
In the event we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data subject to the terms of this Privacy Policy. -
Compliance and harm prevention
We may share Personal Data as we believe necessary: (i) to comply with applicable law, or rules imposed by any of our affiliated partners; (ii) to enforce our contractual rights; (iii) to protect the Services, rights, privacy, safety and property of Lucus Labs, Symbient, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
-
Lucus Labs and Symbient
-
Your Rights and Choices
You may have choices regarding our collection, use and disclosure of your Personal Data.
-
How you can see or change your Personal Data
If you would like to review, correct, or update Personal Data you have previously disclosed to us, you may do so by signing in to your Symbient account or by contacting us. -
Your data protection rights
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Symbient processes Personal Data relating to you, and if so, to request a copy of that Personal Data.
- The right to request that Symbient rectifies or updates your Personal Data that is inaccurate, incomplete or outdated.
- The right to request that Symbient erase your Personal Data in certain circumstances provided by law.
- The right to request that Symbient restrict the use of your Personal Data in certain circumstances, such as while Symbient considers another request you have submitted.
- The right to request we export your Personal Data that we hold to another company, where technically feasible.
- Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time.
- In some cases, you may also have the right to object to the processing of your Personal Data.
-
Process for exercising data protection rights
To exercise your data protection rights, we will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a Customer of a Symbient User, please direct your requests directly to the User. For example, if you have interacted with a Symbient powered chatbot, such as LuLa, from a Symbient Users website and you have a request that is related to the information you provided as part of the interaction, then you should address your request directly to the Symbient User.
-
How you can see or change your Personal Data
-
Security and Retention
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing and storage of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Privacy Policy against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessed by a limited number of Lucus Labs personnel whose job role requires access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe your interaction or information with us is no longer secure (e.g., you feel the security of your account has been compromised), please contact us immediately.
We retain your Personal Data as long as we are providing the Services to you or our Users (as applicable). Even after we stop providing Services directly or indirectly to you, and even if you close your Symbient account or engage in interactions with another Symbient User, we keep your Personal Data in order to comply with our legal and regulatory obligations. We may also keep it to assist with our fraud monitoring, detection and prevention activities. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
-
Use by Minors
Symbient does not solicit data from children and does not market to children, where "children" being anyone under the age of eighteen (18).
-
Payment Methods
Certain functionality provided by Symbient Services require prepayments paid by debit or credit card. Symbient utilizes Opta Pay, another property of Lucus Labs, for processing debit and credit card payments. Your payment methods and other payment related information is never stored on Symbient's servers. Please see Opta Pay's Privacy Policy for more information.
-
Updates To this Privacy Policy and Notifications
We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices, or relevant laws. The "Last updated" legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services.
We may provide you with disclosures and alerts regarding this Privacy Policy or Personal Data collected by posting those disclosures on our website and, if you are a Symbient User, by contacting you through the email address we have on file for you.
If applicable law requires that we obtain your consent or provide notice in a specified manner prior to making any changes to this Privacy Policy applicable to you, we will provide such required notice and will obtain your required consent.
-
Links To Other Online Services
The Services may provide the ability to connect to other online services. These online services may operate independently from us and/or may have their own privacy notices or policies, which we strongly suggest you review. If any online service linked to our Services is not owned or controlled by us, or does not claim to be covered by this Privacy Policy, we are not responsible for it and/or it is not covered by this Privacy Policy. Your use of other sites is subject to that site's own rules of use and privacy statement, and you should review them before browsing those sites.
-
Controllers and Jurisdiction-specific Provisions
Depending on the activity, Symbient acts as a Data Controller and Data Processor.
The "Data Controller" is the entity which determines the purposes and means of the data processing taking place. The "Data Processor" is an entity acting on behalf and under the instructions of a controller in processing personal data.
Symbient is a Data Controller when it determines the purposes and means of the processing taking place. These data processing activities include (i) providing the Symbient products and services, (ii) monitoring, preventing and detecting fraudulent or other mischievous activity on the Symbient platform, (iii) complying with legal or regulatory obligations applicable to the industry to which Symbient is subject, and (iv) analyzing, developing and improving Lucus Labs' products and services.
Symbient is a Data Processor where it is facilitating user interactions on behalf of and at the direction of a Symbient User. Symbient Users direct us to provide AI-related services, such as providing chatbots that engage and interact with their customers, and where certain Personal Data may be shared by the customer with Symbient and Symbient's Users.
As a platform provider, we need to ensure consistency across our platform, and that includes consistency with respect to the commitments that we give about how we operate our platform. We contract with all of our Users on this basis.
United States - California
If you are a consumer located in California, we process your Personal Data in accordance with the California Consumer Privacy Act (CCPA). This section provides additional details about the personal information we collect and use for purposes of CCPA.
-
How We Collect, Use, and Disclose your Personal Information
The 'Personal Data We Collect' section describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the 'How We Use Personal Data' section. We share this information as described in the 'How We Disclose Personal Data' section. Further, Symbient uses cookies, including tracking cookies, as described in our Cookie Policy. -
Your CCPA Rights and Choices
As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:
-
Exercising the right to know: You may request the following information about the personal information we have collected about you:
- The categories and specific pieces of personal information we have collected about you;
- the categories of sources from which we collected the personal information;
- the business or commercial purpose for which we collected the personal information;
- the categories of third parties with whom we shared the personal information;
- the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
- Exercising the right to delete: You may request that we delete any personal information we have collected from you, subject to certain limitations under applicable law.
- Non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.
-
Exercising the right to know: You may request the following information about the personal information we have collected about you:
To submit a request to exercise any of the rights described above, please contact us.
When exercising your rights, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may also be required. If you are a customer of a Symbient User, please direct your requests directly to the Symbient User with whom you shared your personal information.
-
How We Collect, Use, and Disclose your Personal Information
-
Contact Us
Have a question for us?
If you have questions about this Privacy Policy, please contact us.
Data Retention Policy
Purpose and Scope
At Symbient AI, developed by Lucus Labs, we take the security and privacy of our user’s data seriously. We understand that our users entrust us with sensitive information and it is our top priority to ensure that this data is protected and managed responsibly. This Data Retention Policy outlines our commitment to safeguarding user data through robust retention and disposal practices. Our policy ensures that data collected through our AI services, websites, and related business activities is retained only as long as necessary to fulfill its intended purposes and comply with legal requirements. This policy applies to all data collected, providing clear guidelines on the types of data we collect, retention periods, user rights, data security measures, and our procedures for policy review and updates.
Overview
Symbient obtains Personal Data about you from various sources. "You" may be a visitor to one of our Sites ("Visitor"), a user of one or more of our Services ("User" or "Symbient User"), or a direct or indirect customer of a User ("Customer"). If you are a Customer, your agreement with the relevant Symbient User should explain how the Symbient User shares your Personal Data with Symbient. If you have questions about this sharing, then you should direct those questions to the Symbient User.
Personal Data We Collect
Personal Data we collect about you
Personal Data is any information that relates to an identified or identifiable individual or business, and can include information about how you engage with our Services (e.g. device information, IP Address, etc). In most cases, the Personal Data you provide directly to us through our Services will be apparent from the context in which you provide the data. For example:
- When you register for a Symbient account on our Site we collect your full name, email address, and account log-in credentials.
- When you fill-in our online form to contact our support team, we ask for your name and contact information.
- When you authorize us to store information about you in connection with Symbient, we collect your name and contact information.
- When you respond to Symbient emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call us, as well as any other information you may provide during the call. If you are a Symbient User or Customer, when you contact us, we may collect additional information in order to verify your identity and for referencing your user account.
- When you engage with our Symbient AI and provide Personal Data such as your name, email address, or other Personal Data. Depending on the Symbient AI service you engage with, where you engage it from (such as from another website), and the scope of your interaction with the AI, certain other Personal Data may be recorded. Please be cognizant of any Personal Data you share with our AI.
You may also choose to submit information to us via other methods, including: (i) in response to marketing or other communications, (ii) through participation in an offer, program or promotion, (iii) through social media or online forums, (iv) in connection with an actual or potential business relationship with us, or (v) by giving us your business card or contact details in connection with trade shows or other events.
Information that we collect automatically on our Sites and through marketing of our products
Symbient controlled Sites utilize cookies and other technologies. These technologies may record information about you, including:
- Browser and device data, such as IP address, device type, operating system name and version, Internet browser type, screen resolution, device manufacturer and model, locale and language, plug-ins, add-ons and the language version of the Sites you are visiting.
- Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
- Online activities. We may collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online services.
- We may collect information when you engage with our marketing messages and when you click on links included in ads for our products. We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.
To learn more about the cookies that may be served through our Sites and how you can control our use of cookies and third-party analytics, please see our Cookie Policy.
1. Types of Data Collected
Symbient AI, developed by Lucus Labs, collects various types of data to provide, maintain, and enhance our services. The types of data collected are categorized as follows:
1.1 Personal Data
Personal Data refers to any information that can be used to identify an individual or business. This includes, but is not limited to:
- Full name: Used for identification and personalization of services, ensuring that communications and services are correctly directed to the right individual.
- Email address: Used for communication, account verification, and service-related notifications. This ensures users receive important updates and can recover their accounts if needed.
- Contact information: Includes phone numbers and addresses, used for customer support and service-related communications. This helps us provide timely assistance and resolve issues effectively.
- Other identifiable information: Any additional information that identifies an individual or business, such as user IDs and account credentials. This is necessary for secure access to services and to maintain the integrity of user accounts.
1.2 Payment Method Information
Payment Method Information pertains to the details collected to facilitate financial transactions, including:
- Payment Details: Information related to payment methods (e.g., credit card information) collected during membership payments.
- Storage Practices: Payment method information is not stored on Symbient AI servers. Instead, it is securely stored on our PCI Compliant payment processor's servers (e.g., Opta Pay), ensuring compliance with PCI DSS requirements and securing cardholder data through AES-256 encryption.
1.3 Usage Data
Usage Data includes information about how users interact with our services, which helps us improve user experience and service functionality:
- Interaction Data: Details about user interactions with our services, including time spent on sites, pages visited, and links clicked.
- Engagement Data: Logs of interactions with marketing messages and campaigns.
- API Interaction Logs: Records of API calls and responses, which are used to monitor and improve service performance.
1.4 User-Entered Data
User-entered data refers to information users provide directly through our services, which includes:
- Sensitive Information: Email server passwords and other sensitive information provided by users. User credentials for email servers are only collected when a user adds an Email Operator (trigger or action) to one of their Automations. This data is used solely for the purpose of enabling and managing user-defined automations.
- Audio Files: Uploaded audio files and corresponding transcripts.
- Custom Configurations: Custom settings and configurations for bots and AI services.
- User-Generated Content: Feedback, queries, task details, configuration data for automations, and other content provided by users.
- Activity Data: Instructions and configurations provided for activities such as running specific tasks or automated actions within the platform.
2. Retention Periods
Symbient AI, developed by Lucus Labs, retains data for specific periods based on its type and purpose. These retention periods are designed to comply with legal requirements and to meet business needs. The specifics for different types of data are as follows:
2.1 Personal Data
- Account Duration: Personal data is retained for as long as the user maintains an account with us.
- Deletion Requests: Personal data is deleted upon request or account closure, except where retention is required by law or for other purposes necessary for the ongoing business purposes of Symbient AI.
2.2 Payment Method Information
- Transaction Duration: Payment method information is retained only as long as necessary to complete the transaction.
- Secure Storage: This information is not stored on Symbient AI servers but securely on our PCI-compliant payment processor's servers.
2.3 Usage Data
- Service Improvement: Retained for 12 months for the purpose of improving services, performing aggregate analysis, and ensuring the functionality of our AI services.
2.4 User-Entered Data
- Account Duration: Retained for the duration of the user's account.
- Deletion Requests: Deleted upon account closure or user request, except where retention is required by law or for other purposes necessary for the ongoing business purposes of Symbient AI.
2.5 Specific Data Retention
- Legal Compliance: Certain data must be retained to comply with applicable laws and regulations, such as GDPR or CCPA requirements.
- Business Continuity: Data may be retained for business continuity purposes, such as ensuring the smooth operation of scheduled payments.
- Audit Purposes: Data may be retained for historical audit purposes, involving keeping records to facilitate internal or external audits and ensure compliance with financial and operational policies.
3. User Rights
Symbient AI, developed by Lucus Labs, is committed to upholding the rights of our users concerning their personal data. Users have the following rights:
3.1 Access and Correction
- Right to Access: Users have the right to access their personal data held by us.
- Correction Requests: Users have the right to request corrections to any inaccuracies in their personal data.
- Processing Time: Requests for access or correction are processed within 30 days.
3.2 Deletion Requests
- Right to Deletion: Users can request the deletion of their personal data at any time.
- Processing Time: Deletion requests are processed within 30 days, except where retention is required by law.
3.3 Objections
- Right to Object: Users can object to the processing of their data under certain conditions.
- Evaluation: Objection requests are evaluated and processed in accordance with legal requirements.
4. Policy Review and Updates
This policy is reviewed annually and updated as necessary to ensure compliance with legal requirements and industry best practices. Any updates regarding changes to this policy will be emailed to existing users.
5. Contact Information
For any questions or concerns regarding this Data Retention Policy, please contact support@symbient.ai.