Privacy Policy

Effective Date: October 9, 2025 Last Updated: October 9, 2025

1. Introduction

Sigma Business Intelligence (“we”, “us”, “our”, “Company”, “Sigma”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

Visit our website
Use our AI automation services
Interact with our intelligent agents (voice AI, WhatsApp bots, chat systems)
Engage with our business intelligence and data engineering solutions
Book a free 30-minute AI diagnostic consultation

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide, including:

Contact Information:

Name and title
Email address
Phone number (mobile and business)
Company name and address
WhatsApp number (if you contact us via WhatsApp)

Business Information:

Industry and company size
Business requirements and objectives
Project specifications
Financial and operational data (for consulting services)
Current technology stack and systems

Technical Information:

IP address and location data
Browser type and version
Device information
Website usage patterns
Dashboard and platform interactions
AI agent conversation logs

2.2 Automatically Collected Information

Cookies and Tracking: Website analytics, user preferences, session data
Server Logs: Access times, pages viewed, referring sites
Platform Usage: Dashboard interactions, feature utilization, AI agent usage
n8n Workflow Data: Automation execution logs, API call records

2.3 AI System Data

When you interact with our AI systems, we collect:

Voice AI: Call recordings, transcripts, voice samples
WhatsApp Bots: Message content, conversation history, media files
Chat Agents: Chat transcripts, user inputs, session data
Free Diagnostic: Notes from consultation, business assessment data

2.4 Client Data

When providing services, we may process:

Business data and analytics
Financial information (for BI services)
Operational metrics and KPIs
Employee and customer data (anonymized when possible)
CRM data, QuickBooks data, and other integrated systems
API credentials and access tokens (encrypted)

3. How We Use Your Information

3.1 Service Delivery

Provide AI automation engineering and business intelligence consulting
Develop and maintain intelligent agents, workflows, and dashboards
Deliver operational intelligence insights
Provide customer support and technical assistance
Conduct free 30-minute AI diagnostic consultations
Train and optimize AI models for your specific use cases

3.2 AI System Operations

Voice AI: Process calls, generate transcripts, provide voice responses
WhatsApp Bots: Respond to messages, qualify leads, provide support
Automation Workflows: Execute n8n workflows, API integrations, data processing
BI Dashboards: Display real-time data, generate reports, send alerts

3.3 Business Operations

Communicate about services and projects
Process payments and manage contracts
Improve our services and develop new solutions
Conduct market research and analysis
Send service updates and maintenance notifications

3.4 Legal and Compliance

Comply with legal obligations (GDPR, CCPA, TCPA)
Protect against fraud and security threats
Enforce our terms and agreements
Respond to legal requests and investigations

4.1 We Do Not Sell Personal Information

We never sell, rent, or trade personal information to third parties for marketing purposes.

4.2 Third-Party AI Providers

Your data may be processed by:

OpenAI (GPT models for chat agents)
Anthropic (Claude for advanced reasoning)
Google (Gemini for multimodal AI)
ElevenLabs (Voice synthesis)
Retell AI (Voice conversation infrastructure)
Twilio (SMS and voice communications)

All AI providers have enterprise data protection agreements ensuring:

Your data is NOT used to train public models
Data is encrypted in transit and at rest
GDPR and CCPA compliance
SOC 2 Type II certification

4.3 Service Providers

We share information with:

Cloud hosting: AWS, Azure, Google Cloud (encrypted storage)
Automation platforms: n8n cloud (workflow execution)
Analytics tools: Google Analytics, PostHog
Payment processors: Stripe, PayPal
Communication: Twilio, SendGrid, WhatsApp Business API
Professional services: Legal, accounting (under confidentiality agreements)

4.4 Legal Requirements

We may share information to:

Comply with court orders or legal processes
Protect our rights and property
Investigate fraud or security issues
Respond to government requests (with notice to you when permitted)

4.5 Business Transfers

In case of merger, acquisition, or asset sale, your information may be transferred (with privacy protections and notice).

4.6 Data Processing Agreements

All third-party processors sign data processing agreements (DPAs) ensuring appropriate protection of your information.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

Encryption: AES-256 encryption at rest, TLS 1.3 in transit
Authentication: Multi-factor authentication (MFA) for admin access
API Security: OAuth 2.0, JWT tokens, rate limiting
Network Security: Firewalls, DDoS protection, VPN access
Security Audits: Regular penetration testing and vulnerability scans
SOC 2 Compliance: Cloud infrastructure with SOC 2 Type II certification

Administrative Safeguards:

Staff training on data protection and AI ethics
Access controls and principle of least privilege
Regular security policy updates
Incident response procedures
Vendor security assessments

Physical Safeguards:

Secure data centers with restricted access (AWS, Azure)
Environmental controls and monitoring
Backup and disaster recovery procedures
Redundant infrastructure across multiple regions

5.2 AI-Specific Security

Prompt Injection Protection: Input validation to prevent malicious prompts
Output Filtering: Content moderation to prevent harmful outputs
Rate Limiting: Prevent abuse and excessive API usage
Conversation Isolation: Each session is isolated to prevent data leakage
Voice AI Security: Encrypted call recordings, secure transcription

5.3 Data Breach Response

In case of a security incident:

We will investigate and contain the breach immediately
Affected individuals will be notified within 72 hours (GDPR requirement)
Regulatory authorities will be notified as required
We will provide credit monitoring if sensitive data is involved
Post-incident review and security improvements

6. Data Retention

6.1 Retention Periods

Client project data: 7 years post-project completion (for reference and compliance)
Contact information: Retained while business relationship exists + 3 years
Website analytics: 2 years
Financial records: 7 years (legal requirement)
AI conversation logs: 90 days (unless client requests longer retention)
Voice recordings: 30 days (unless required for quality assurance)
WhatsApp messages: 90 days
Free diagnostic notes: 1 year (for follow-up purposes)

6.2 Secure Deletion

When retention periods expire, data is securely deleted using:

Cryptographic erasure (delete encryption keys)
Multi-pass overwriting for physical storage
Third-party data deletion verification

7. Your Privacy Rights

7.1 General Rights

You have the right to:

Access: Request a copy of your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal information (“right to be forgotten”)
Portability: Receive your data in machine-readable format (JSON, CSV)
Objection: Object to certain processing activities
Restriction: Request limited processing of your data

Under GDPR, you additionally have:

Right to restrict processing
Right to data portability
Right not to be subject to automated decision-making
Right to lodge a complaint with supervisory authorities
Right to withdraw consent at any time

7.3 CCPA Rights (California Residents)

Under CCPA, you have:

Right to know what personal information is collected, used, and shared
Right to delete personal information
Right to opt-out of sale (we don’t sell data)
Right to non-discrimination for exercising privacy rights
Right to correct inaccurate personal information

7.4 AI-Specific Rights

You have the right to:

Opt-out of AI processing: Request human-only interactions
Access AI conversations: Request transcripts of your AI interactions
Correct AI data: Update information used by AI systems
Delete AI records: Request deletion of conversation logs and voice recordings

7.5 Exercising Your Rights

To exercise your rights:

Email: privacy@sigmabusinessint.com
Phone: +1 (863) 344-3784
WhatsApp: +1 (863) 344-3784
Written request: Sigma Business Intelligence, Privacy Team, Florida, USA

We will respond within:

30 days (general requests)
45 days (complex requests with 15-day extension notice)
72 hours (data breach notifications)

8. International Data Transfers

8.1 Cross-Border Transfers

We operate in multiple jurisdictions (US, EU). Data may be transferred between:

Our offices in different countries
Cloud providers with global infrastructure (AWS, Azure, Google Cloud)
AI providers (OpenAI in US, Anthropic in US, Google global)
Service providers in various locations

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

EU-US: Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework
Adequacy decisions: UK, Canada, Switzerland
Encryption: All data encrypted in transit and at rest
DPAs: Data Processing Agreements with all processors
AI Provider Commitments: Enterprise agreements with data residency options

9. Cookies and Tracking

We use:

Essential cookies: Required for website functionality (session management)
Analytics cookies: Google Analytics, PostHog (anonymized IP)
Preference cookies: Remember your settings (language, theme)
Marketing cookies: For relevant advertising (with consent, opt-in only)

You can control cookies through:

Browser settings: Block or delete cookies
Our cookie banner: Accept/reject categories
Opt-out tools: Google Analytics Opt-out, NAI opt-out

9.3 Do Not Track

We respect Do Not Track (DNT) signals and will not track users who enable DNT.

10. Children’s Privacy

We do not knowingly collect information from children under 16. Our services are designed for businesses and professionals. If we discover we have collected data from a child under 16, we will delete it immediately.

11. Third-Party Links

Our website may contain links to third-party sites (AI provider documentation, integration partners). We are not responsible for their privacy practices. Please review their privacy policies.

12. AI and Automated Processing

12.1 AI Usage

We use artificial intelligence and machine learning for:

Intelligent Agents: Voice AI, WhatsApp bots, chat agents
Process Automation: n8n workflows, document processing
Data Analysis: BI dashboards, predictive analytics
Customer Service: AI-powered support and diagnostics

12.2 AI Models and Providers

We use:

Claude (Anthropic): Advanced reasoning, complex tasks
GPT (OpenAI): Natural language processing, chat
Gemini (Google): Multimodal AI, vision + language
ElevenLabs: Voice synthesis
Retell AI: Voice conversation infrastructure

12.3 Automated Decision-Making

Low-impact decisions: May be fully automated (e.g., routing support requests)
Significant decisions: Always involve human review (e.g., business recommendations)
Your rights: Request human intervention, explanation of logic, contest decisions

12.4 AI Transparency

We are transparent about AI usage:

AI interactions are disclosed to users
AI-generated content is labeled when customer-facing
You can request human-only interactions at any time

13. Data Controller and Processor Roles

13.1 When We Are Data Controller

For our own business operations (marketing, sales, website analytics), Sigma acts as data controller.

13.2 When We Are Data Processor

For client consulting projects and AI systems deployed for clients, we typically act as data processor under client instructions.

13.3 Sub-Processors

When acting as data processor, our sub-processors include:

Cloud providers (AWS, Azure, Google Cloud)
AI providers (OpenAI, Anthropic, Google)
Communication providers (Twilio, SendGrid)

Full sub-processor list available upon request.

14. Privacy by Design

We implement privacy by design principles:

Proactive measures: Privacy built into systems from the start
Default settings: Highest privacy settings as default
Data minimization: Collect only necessary information
Transparency: Clear information about processing
User control: Tools to manage privacy preferences
End-to-end security: Encryption, access controls, monitoring

15. Contact Our Data Protection Team

Data Protection Team: Sigma Business Intelligence Email: dpo@sigmabusinessint.com Privacy Email: privacy@sigmabusinessint.com Phone: +1 (863) 344-3784 WhatsApp: +1 (863) 344-3784

EU Representative: Available upon request for EU-related inquiries

16. Regulatory Compliance

We comply with:

GDPR (General Data Protection Regulation - EU)
CCPA (California Consumer Privacy Act)
CPRA (California Privacy Rights Act)
PIPEDA (Canada)
LGPD (Brazil)
TCPA (Telephone Consumer Protection Act - US)
HIPAA (for healthcare clients)
SOX (for financial reporting)
Industry-specific regulations as applicable

17. Updates to This Policy

17.1 Policy Changes

We may update this Privacy Policy to reflect:

Changes in our services (new AI capabilities)
Legal or regulatory requirements
Industry best practices
User feedback and requests

17.2 Notification

We will notify you of material changes:

Email notification to registered users
Prominent notice on our website (30 days advance)
In-app notifications for platform users
Version history available upon request

17.3 Continued Use

Continued use of our services after policy updates constitutes acceptance of the new terms. You may request data deletion if you disagree with changes.

18. Supervisory Authorities

You may contact relevant supervisory authorities:

EU/Portugal: Comissão Nacional de Proteção de Dados (CNPD) Website: cnpd.pt

California: California Attorney General Website: oag.ca.gov

Other jurisdictions: Contact your local data protection authority

19. Complaints and Disputes

If you have privacy concerns:

Contact us directly first (privacy@sigmabusinessint.com)
Contact our Data Protection Team
File a complaint with supervisory authorities (CNPD, Attorney General)
Seek legal remedies if necessary

We commit to resolving complaints within 30 days.

20.1 SMS Communications

By providing your phone number, you consent to receive:

Transactional SMS (appointment reminders, system alerts)
Service updates and notifications
Support messages

You can opt-out by replying STOP to any SMS. Message and data rates apply.

20.2 Voice Communications

By providing your phone number, you consent to:

Voice calls for free diagnostics and consultations
AI-powered voice agents (disclosed during call)
Call recordings for quality assurance

You can request to be removed from call lists at any time.

See our separate SMS Consent Policy for full details.

21. Acknowledgment

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing described herein.