Cost Saver AICost Saver AI

Privacy Policy

Last updated: January 29, 2026

1. Introduction

Cost Saver AI ("we," "our," "us," or "Company") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you visit our website, use our services, or interact with our AI automation solutions.

This policy is designed to comply with:

  • GDPR (General Data Protection Regulation) - Articles 13 & 14 (EU/EEA residents)
  • CCPA (California Consumer Privacy Act) - Sections 1798.100-1798.199 (California residents)
  • PIPEDA (Personal Information Protection and Electronic Documents Act) - Schedule 1 principles (Canadian residents)
  • LGPD (Lei Geral de Proteção de Dados) - Articles 6-22 (Brazilian residents)

Company Information:
Cost Saver AI
Email: costsaverai@proton.me
Data Protection Officer: Chamal Abeytuga (costsaverai@proton.me)

2. Information We Collect

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, mailing address
  • Business Information: Company name, job title, business requirements, industry sector
  • Service Information: Details about your automation needs, workflow descriptions, integration requirements
  • Communication Records: Messages, inquiries, consultation notes, feedback
  • Account Information: Username, password (hashed), account preferences, service history
  • Payment Information: Billing address, payment method details (processed by third-party payment processors)

2.2 Information Collected Automatically

  • Device Information: IP address, browser type and version, device type, operating system, screen resolution
  • Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, search queries
  • Technical Data: Log files, error reports, performance metrics, session identifiers
  • Location Data: General geographic location (country/region level) derived from IP address
  • Cookies and Tracking Technologies: See our Cookie Policy for details

2.3 Information from Third Parties

  • Business Partners: Referral information, co-marketing data
  • Public Sources: Publicly available business information, social media profiles (when relevant to service delivery)
  • Service Providers: Analytics data, marketing attribution data

3. Legal Basis for Processing Personal Information

Under GDPR (Article 6), we process your personal information based on the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities (e.g., marketing communications, non-essential cookies)
  • Contract Performance: To fulfill our contractual obligations and provide requested services
  • Legal Obligation: To comply with applicable laws, regulations, or legal processes
  • Legitimate Interests: For our legitimate business interests, such as improving services, security, fraud prevention, and business analytics (we balance these against your rights and interests)
  • Vital Interests: To protect your or another person's vital interests (rare circumstances)

You have the right to object to processing based on legitimate interests. See Section 11 for details on your rights.

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Delivery

  • Design, develop, and deploy custom AI automation solutions
  • Provide technical support and customer service
  • Process transactions and manage accounts
  • Communicate about service updates, changes, or issues
  • Customize services to meet your specific business needs

4.2 AI and Machine Learning Processing

  • Train and improve AI models using anonymized and aggregated data
  • Process your business data through AI agents and automation workflows
  • Generate insights, recommendations, and automated responses
  • Enable automated decision-making in your workflows (see Section 8 for details)
  • Improve AI accuracy and performance through machine learning

Note: We do not use your personal information to train third-party AI models without your explicit consent. See Section 7 for details on third-party AI tools.

4.3 Business Operations

  • Analyze website usage and improve user experience
  • Conduct business analytics and reporting
  • Prevent fraud, abuse, and security threats
  • Enforce terms of service and legal agreements
  • Manage business relationships and partnerships

4.4 Marketing and Communications

  • Send marketing communications (with your consent, where required)
  • Provide newsletters, updates, and promotional materials
  • Conduct surveys and gather feedback
  • Personalize marketing content and recommendations

You can opt-out of marketing communications at any time using the unsubscribe link in emails or by contacting us.

4.5 Legal Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Respond to government requests and court orders
  • Protect our rights, property, and safety, as well as our users and others
  • Investigate potential violations of our terms of service

5. AI and Machine Learning Data Processing

As an AI automation service provider, we process data through artificial intelligence and machine learning systems. This section provides transparency about our AI/ML practices.

5.1 Types of AI Processing

  • Natural Language Processing (NLP): Processing text, emails, documents, and communications
  • Predictive Analytics: Generating forecasts, recommendations, and insights from your data
  • Automated Decision-Making: Making decisions or taking actions based on predefined rules and AI models (see Section 8)
  • Pattern Recognition: Identifying patterns, anomalies, and trends in business data
  • Workflow Automation: Automating business processes and workflows using AI agents

5.2 Data Used for AI Training

We may use the following types of data to train and improve our AI models:

  • Anonymized Data: Data stripped of personally identifiable information
  • Aggregated Data: Statistical summaries that cannot identify individuals
  • Public Data: Publicly available information used for model training
  • Your Business Data (with consent): Only when you explicitly consent to use your data for model improvement

We do NOT use your personal information or business data to train third-party AI models without your explicit written consent.

5.3 AI Model Training and Retention

When we use your data for AI model training (with your consent):

  • Data is processed in secure, isolated environments
  • Personal identifiers are removed or pseudonymized before training
  • Trained models may retain learned patterns but not raw personal data
  • Training data is retained for [TRAINING_DATA_RETENTION_PERIOD] or as required by law
  • You can request deletion of your data from training datasets (see Section 11)

5.4 AI Processing Transparency

You have the right to:

  • Know when AI is processing your data
  • Understand the logic behind automated decisions (see Section 8)
  • Request human review of automated decisions
  • Opt-out of certain AI processing activities (where technically feasible)
  • Receive information about AI models used in your services

6. Third-Party AI Tools and Services

We integrate with third-party AI service providers to deliver our automation solutions. This section discloses how we use these services and how your data is handled.

6.1 Third-Party AI Providers

We may use the following third-party AI services:

  • OpenAI API: For natural language processing, text generation, and language understanding
  • Anthropic (Claude API): For advanced language models and AI reasoning
  • [OTHER_AI_PROVIDER_1]: [DESCRIPTION]
  • [OTHER_AI_PROVIDER_2]: [DESCRIPTION]

6.2 Data Sharing with AI Providers

When we use third-party AI services:

  • We share only the data necessary to provide the requested service
  • Data is transmitted securely using encryption (TLS/SSL)
  • We use API-based integrations that process data in real-time
  • Third-party providers are contractually obligated to protect your data
  • We do not allow third-party providers to use your data for their own model training without your explicit consent

6.3 Third-Party AI Provider Policies

Each provider has its own privacy policy and data processing terms:

6.4 Data Processing Agreements

We have Data Processing Agreements (DPAs) or similar contracts with our AI service providers that:

  • Limit data use to service delivery purposes
  • Prohibit use of your data for provider's own model training (unless you consent)
  • Require appropriate security measures
  • Ensure compliance with applicable privacy laws
  • Provide for data deletion upon request

6.5 Opting Out of Third-Party AI Processing

You can request to limit or opt-out of specific third-party AI processing by:

  • Contacting us at costsaverai@proton.me
  • Specifying which AI services you want to opt-out of
  • Understanding that opting out may limit certain service features

7. Data Retention for AI Training Models

This section explains how long we retain data used for AI model training and development.

7.1 General Data Retention

We retain your personal information for the following periods:

  • Active Service Data: For the duration of our service relationship plus [ACTIVE_DATA_RETENTION_YEARS] years
  • Marketing Data: Until you opt-out or [MARKETING_DATA_RETENTION_YEARS] years of inactivity
  • Legal/Compliance Data: As required by applicable law (typically [LEGAL_RETENTION_YEARS] years)
  • Analytics Data: [ANALYTICS_RETENTION_MONTHS] months in aggregated, anonymized form

7.2 AI Training Data Retention

When your data is used for AI model training (with your consent):

  • Raw Training Data: Retained for [TRAINING_DATA_RETENTION_YEARS] years or until you request deletion
  • Processed/Anonymized Training Data: May be retained longer as it cannot identify you
  • Trained Models: Models may retain learned patterns indefinitely, but we do not retain your raw personal data in models
  • Model Artifacts: Retained for [MODEL_ARTIFACT_RETENTION_YEARS] years for service continuity

7.3 Deletion of Training Data

You can request deletion of your data from training datasets:

  • Contact us at costsaverai@proton.me
  • We will delete your data from active training datasets within [DELETION_TIMEFRAME_DAYS] business days
  • Note: Data already incorporated into trained models may not be fully removable, but we will stop using it for future training
  • Anonymized/aggregated data that cannot identify you may be retained

7.4 Data Minimization

We follow data minimization principles:

  • We only collect and retain data necessary for service delivery
  • We regularly review and purge unnecessary data
  • We anonymize data when possible to reduce retention risks
  • We delete data when retention periods expire or upon request

8. Automated Decision-Making and Profiling

Our AI automation services may involve automated decision-making. This section explains your rights and our practices.

8.1 Types of Automated Decisions

Our services may make automated decisions in the following contexts:

  • Workflow Automation: Automatically routing tasks, assigning priorities, triggering actions
  • Content Processing: Categorizing emails, documents, or communications
  • Recommendations: Suggesting actions, optimizations, or next steps
  • Quality Control: Flagging errors, anomalies, or issues for review
  • Resource Allocation: Optimizing resource usage, scheduling, or capacity planning

8.2 Logic and Significance (GDPR Article 22)

Decision Logic: Our automated decisions are based on:

  • Predefined business rules and workflows you configure
  • Machine learning models trained on historical patterns
  • Real-time data analysis and pattern recognition
  • Risk assessment algorithms (for fraud detection, if applicable)

Significance and Consequences:

  • Automated decisions may affect workflow efficiency, resource allocation, and business operations
  • Decisions are typically reversible and can be overridden by human review
  • We provide transparency about decision criteria and allow you to customize rules
  • You can request human review of any automated decision

8.3 Your Rights Regarding Automated Decisions

Under GDPR Article 22, you have the right to:

  • Not be subject to automated decision-making that produces legal effects or similarly significantly affects you (unless exceptions apply)
  • Obtain human intervention to review and challenge automated decisions
  • Express your point of view and contest automated decisions
  • Understand the logic behind automated decisions
  • Opt-out of certain automated decision-making processes (where technically feasible)

8.4 Exercising Your Rights

To exercise your rights regarding automated decisions:

  • Contact us at costsaverai@proton.me
  • Request information about specific automated decisions affecting you
  • Request human review of automated decisions
  • Request modification or disabling of automated decision-making features
  • We will respond within [RESPONSE_TIMEFRAME_DAYS] business days

9. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

9.1 Service Providers

We share data with trusted service providers who assist in:

  • Cloud hosting and infrastructure ([CLOUD_PROVIDER])
  • AI/ML processing (OpenAI, Anthropic, etc. - see Section 6)
  • Payment processing ([PAYMENT_PROCESSOR])
  • Email and communication services ([EMAIL_PROVIDER])
  • Analytics and monitoring ([ANALYTICS_PROVIDER])
  • Customer support tools ([SUPPORT_TOOL])

All service providers are contractually bound to protect your data and use it only for specified purposes.

9.2 Legal Requirements

We may disclose information when required by:

  • Laws, regulations, or legal processes
  • Government requests or court orders
  • To protect our rights, property, or safety
  • To investigate fraud or security issues

9.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

9.4 With Your Consent

We may share information with third parties when you provide explicit consent for specific sharing arrangements.

10. Do Not Sell My Personal Information (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

10.1 Sale of Personal Information

We do not sell personal information in the traditional sense. However, under CCPA's broad definition, sharing information with third-party analytics or advertising partners may be considered a "sale." We share limited information with:

  • Analytics providers (Google Analytics) - only with your consent via cookie preferences
  • Marketing partners - only with your explicit consent

10.2 Your Right to Opt-Out

California residents can opt-out of the "sale" of personal information by:

  • Clicking the "Do Not Sell My Personal Information" link in our cookie banner
  • Adjusting cookie preferences to reject Marketing and Analytics cookies
  • Emailing us at costsaverai@proton.me with subject "CCPA Opt-Out Request"

10.3 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will receive the same quality of service regardless of your privacy choices.

10.4 Authorized Agents

You may designate an authorized agent to make CCPA requests on your behalf. The agent must provide proof of authorization.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.

11.1 EU-US Data Privacy Framework

For transfers from the European Union/European Economic Area (EU/EEA) to the United States, we rely on:

  • EU-US Data Privacy Framework: Our US-based service providers participate in the EU-US Data Privacy Framework, which provides adequate protection for EU personal data
  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers to non-Framework participants
  • Binding Corporate Rules: Where applicable, we rely on approved binding corporate rules
  • Other Adequacy Mechanisms: We use other legally recognized transfer mechanisms as appropriate

11.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

  • Encryption in transit and at rest
  • Contractual obligations requiring data protection
  • Regular security assessments of service providers
  • Compliance with applicable data protection laws

11.3 Your Rights Regarding Transfers

You have the right to:

  • Know where your data is processed
  • Request information about transfer safeguards
  • Object to certain transfers (where legally permitted)
  • Request data be processed in a specific location (subject to technical feasibility)

12. Your Privacy Rights

Depending on your location, you have various rights regarding your personal information:

12.1 GDPR Rights (EU/EEA Residents)

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate or incomplete data
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Limit how we use your data
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Article 7): Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

12.2 CCPA Rights (California Residents)

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Opt-Out: Opt-out of the "sale" of personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising rights
  • Right to Correct: Request correction of inaccurate personal information

12.3 PIPEDA Rights (Canadian Residents)

  • Right to Access: Request access to your personal information
  • Right to Correction: Request correction of inaccurate information
  • Right to Withdraw Consent: Withdraw consent for collection, use, or disclosure
  • Right to File a Complaint: File a complaint with the Privacy Commissioner of Canada

12.4 LGPD Rights (Brazilian Residents)

  • Right to Confirmation and Access: Confirm existence of processing and access data
  • Right to Correction: Request correction of incomplete or inaccurate data
  • Right to Anonymization/Deletion: Request anonymization or deletion of unnecessary data
  • Right to Data Portability: Request data portability to another service provider
  • Right to Deletion: Request deletion of personal data processed with consent
  • Right to Information: Obtain information about data sharing
  • Right to Revoke Consent: Revoke consent at any time

12.5 Exercising Your Rights

To exercise any of these rights:

  • Email: costsaverai@proton.me
  • Subject Line: "Privacy Rights Request - [Your Request Type]"
  • Include: Your name, email, and specific request details
  • Verification: We may request identity verification to protect your privacy
  • Response Time: We will respond within [RESPONSE_TIMEFRAME_DAYS] business days (or as required by applicable law)

13. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Procedures for detecting, reporting, and responding to data breaches
  • Employee Training: Regular privacy and security training for staff
  • Backup and Recovery: Secure backup systems and disaster recovery plans

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

15. Children's Privacy

Our services are not directed to individuals under the age of [MINIMUM_AGE] (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending email notifications for material changes (where required by law)
  • Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

17. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

Cost Saver AI

Email: costsaverai@proton.me

Data Protection Officer: Chamal Abeytuga
DPO Email: costsaverai@proton.me

17.1 Supervisory Authority Contacts

You may also contact your local data protection authority:

← Back to Home