Privacy Policy

Effective Date: January 1, 2026  |  Last Updated: February 2026

1. Introduction

Digital Bar AI, Inc. ("DigitalBar," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our website at digitalbar.ai (the "Site") and our AI-powered customer intelligence platform, including voice AI agents, email marketing automation, contact management, and related services (collectively, the "Services"). By using the Services, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Account & Profile Data: Name, email address, phone number, job title, company name, and password when you register for an account.
  • Billing Information: Payment card details, billing address, and transaction history processed through our third-party payment processor (e.g., Stripe). We do not store full credit card numbers on our servers.
  • Business Data: Contact lists, lead information, call scripts, email templates, CRM data, and any other content you upload or create within the platform.
  • Call Recordings & Transcripts: Audio recordings and AI-generated transcripts of calls made through our voice AI agents, collected with appropriate consent.
  • Communications: Messages, feedback, and support requests you send to us.

2.2 Information Collected Automatically

  • Device & Browser Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Usage Data: Pages visited, features used, click patterns, session duration, referring URLs, and timestamps.
  • Cookies & Similar Technologies: We use cookies, web beacons, and local storage to maintain sessions, remember preferences, and analyze usage. See Section 9 for details.
  • Log Data: Server logs that record requests made to our systems, including API calls, error reports, and performance metrics.

2.3 Information from Third Parties

  • Integrations: When you connect third-party services (Salesforce, HubSpot, Google Workspace, etc.), we receive data necessary to provide the integration.
  • Public Data Sources: Business information from publicly available directories for our prospecting and research features.
  • Authentication Providers: If you sign in via a third-party provider (e.g., Google SSO), we receive your name, email, and profile picture from that provider.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing & Improving Services: To operate, maintain, personalize, and enhance the platform, including AI model training and improvement using aggregated, de-identified data.
  • Account Management: To create and manage your account, process transactions, and provide customer support.
  • Communications: To send transactional emails (e.g., billing receipts, security alerts), product updates, and, with your consent, marketing communications.
  • Security & Fraud Prevention: To detect, investigate, and prevent unauthorized access, fraud, and other malicious activity.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Analytics & Research: To understand usage trends, measure feature effectiveness, and conduct internal research using aggregated and anonymized data.

4. No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties. We do not monetize your data. Our revenue comes exclusively from platform subscriptions and service fees. This commitment applies to all categories of personal information we collect, including information covered under the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), and similar state privacy laws.

5. How We Share Your Information

We may share your information only in the following limited circumstances:

  • Service Providers: With trusted vendors who assist us in operating the platform (hosting, payment processing, email delivery, analytics) under strict data protection agreements.
  • Third-Party Integrations: With services you choose to connect (CRMs, email providers, telephony providers). Only the minimum data necessary for the integration is shared.
  • Within Your Organization: With other members of your tenant/organization as configured by your administrator.
  • Legal Requirements: When required by law, subpoena, court order, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With Your Consent: When you explicitly authorize the sharing.

6. Data Security

We employ industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA) support, and principle of least privilege.
  • Multi-Tenant Isolation: Strict data isolation ensures your data is logically separated from other customers at the database level.
  • Infrastructure: Data is hosted on SOC 2 Type II compliant infrastructure with geographic redundancy.
  • Monitoring: Continuous security monitoring, intrusion detection, and automated vulnerability scanning.
  • Incident Response: We maintain a documented incident response plan and will notify affected users of a data breach within 72 hours as required by applicable law.
  • Employee Access: Employee access to customer data is logged, audited, and limited to support and operational needs.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as needed to provide the Services.
  • After Termination: Upon account termination, we retain your data for 30 days to allow for data export. After this grace period, your data is permanently and irreversibly deleted from our systems, including backups, within 90 days.
  • Call Recordings: Call recordings are retained according to your organization's configured retention policy, with a default of 12 months.
  • Legal Holds: We may retain data longer if required by law or to resolve disputes.
  • Aggregated Data: De-identified, aggregated data used for analytics may be retained indefinitely as it cannot be linked back to you.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a structured, machine-readable format (CSV, JSON).
  • Restriction: Request that we limit the processing of your data under certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, please contact us at privacy@digitalbar.ai. We will respond to verified requests within 30 days (or sooner as required by applicable law).

9. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Functional Cookies: Remember your preferences and settings (e.g., language, theme).
  • Analytics Cookies: Help us understand how users interact with the platform to improve functionality and performance.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings.

10. AI & Automated Decision-Making

Our platform uses artificial intelligence for call transcription, sentiment analysis, lead scoring, and email personalization. These AI features process your data to deliver platform functionality. We do not use AI to make decisions that produce legal or similarly significant effects on individuals without human oversight. You may request human review of any AI-generated analysis by contacting our support team.

11. International Data Transfers

Our services are primarily hosted in the United States. If you access the Services from outside the United States, your data may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) as approved by applicable data protection authorities.

12. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@digitalbar.ai.

13. State-Specific Disclosures (U.S.)

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have additional rights including:

  • The right to know what personal information we collect, use, and disclose.
  • The right to opt out of the "sale" or "sharing" of personal information (note: we do not sell or share personal information for cross-context behavioral advertising).
  • The right to limit the use of sensitive personal information.
  • The right to appeal a decision regarding your privacy request.

To exercise these rights, email us at privacy@digitalbar.ai or use the contact methods listed in Section 15.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice on the platform at least 30 days before the changes take effect. Your continued use of the Services after the effective date of any updated policy constitutes your acceptance of the revised terms. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

© 2026 Digital Bar AI, Inc. All rights reserved.