Knowiz
Legal

Privacy policy

How Knowiz collects, uses, and protects your data.

Knowiz Privacy Policy

Your privacy matters to us. It is Knowiz’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you — including across our website at https://www.knowiz.ai/ and the Knowiz Service.

Knowiz is a product of Allyce AI Ltd., a private limited company incorporated in Ireland. In this Policy, “Knowiz”, “we”, “us”, and “our” refer to Allyce AI Ltd. operating the Knowiz brand.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, email, and business details), your devices, payment details, and information about how you use our Service — including content you upload to Knowiz and conversations that pass through the AI agents you build with it.

If our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information. This Privacy Policy does not apply to any of your activities after you leave our site.

Effective: June 4, 2026. Last updated: June 4, 2026.

Information We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.

Log Data

When you visit our website or use the Knowiz Service, our servers may automatically log the standard data provided by your web browser. This may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site or Service, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Personal Information

We may ask for or otherwise process personal information — for example, when you sign up, use the Service, submit content to us, or contact us — which may include one or more of the following:

  • Name
  • Email address
  • Phone number (if voluntarily provided)
  • Business name and role
  • Billing information (processed via our payment processor; we do not store full payment card details)
  • Account credentials and authentication metadata
  • Content you upload to Knowiz as part of your knowledge base — including websites, documents, FAQs, and team-knowledge sources
  • Conversation content — messages sent by you, your team, or end users to AI agents you operate via Knowiz
  • Lead and issue data captured by your agents from end users (such as name, email, phone, and stated interest)
  • Metadata produced by AI processing of conversations — including summaries, sentiment scores, intent labels, and next-action recommendations
  • Communications you send to us (support requests, feedback)

End-user data on agents you operate

When you deploy a Knowiz agent on your website or another channel, end users may submit personal information to the agent. For that data, you are the data controller; Knowiz processes it on your behalf as your data processor under the terms of your subscription and our applicable data-processing terms.

AI Processing

Knowiz is an AI agent product. We use Google Gemini as the underlying large language model (LLM) to power the agents you build. When you upload content to your knowledge base, or when an end user interacts with an agent you have deployed:

  • The content and the conversation are processed by Google Gemini to generate responses.
  • We process this data on a zero-retention basis with Google Gemini: Google does not retain prompts or completions for training, and we do not permit it to do so.
  • We do not use customer data to train any AI model — neither Google’s nor any model we operate.
  • AI-generated metadata about each conversation (summary, sentiment, intent, recommended next actions) is stored in our systems and surfaced back to you in the Knowiz dashboard.

If our LLM provider changes, or if our processing terms with that provider materially change, we will update this Policy and notify customers in advance.

User-Generated Content

We consider “user-generated content” to be materials (text, image, or other media) voluntarily supplied to us by our users for the purpose of being indexed by, surfaced through, or processed by the Knowiz Service. All user-generated content is associated with the account or organisation used to submit it.

Please be aware that any content you publish through your AI agent (for example, through a public-facing chat widget) will be accessible to end users who interact with that agent. Once published, it may be accessible to third parties not covered under this Privacy Policy.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website or in the Service:

  • Register for an account
  • Sign up to receive updates from us via email or our social channels
  • Use a mobile device or web browser to access our content
  • Contact us via email, social media, or similar technologies
  • Mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to provide the Service’s core features
  • to contact and communicate with you
  • for analytics, market research, and business development, including to operate and improve our website, the Service, and associated channels
  • for marketing, including to send you information about our products and related services we consider may be of interest to you
  • for internal record keeping and administrative purposes
  • to comply with our legal obligations and resolve any disputes that we may have
  • for technical assessment, including to operate and improve the Service and our infrastructure

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.

You are responsible for selecting any password and ensuring the security of your own information within the bounds of our services.

How Long We Keep Your Personal Information

We retain personal information only as long as needed for the purpose it was collected. Specific retention periods are as follows:

  • Account and profile data: for the duration of your account, plus 30 days after account closure.
  • Conversation transcripts and end-user data: retention is configurable in your dashboard, with a default of 12 months from the conversation date.
  • Billing and financial records: 7 years, as required by Irish tax and accounting law.
  • Marketing communications data: until you unsubscribe, or after 24 months of no engagement — whichever comes first.
  • Server logs and security event data: rolled off on a 90-day cycle.
  • Backups: deleted or anonymised within 35 days of the underlying data’s deletion.
  • Data subject to legal hold or dispute: retained for the duration of the matter.

Where we no longer have a legal or operational basis to retain personal information, we will delete it or make it anonymous. We may retain anonymised data for analytics and research purposes indefinitely.

Children’s Privacy

We do not aim our products or services at children. We do not knowingly collect personal information about children under the age of 16 — or the equivalent minimum age set by the user’s jurisdiction (which may be as low as 13 in some countries). If we become aware that we have collected such information without verified parental consent, we will delete it as soon as reasonably possible.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • a parent, subsidiary, or affiliate of our company
  • third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, AI model providers, ad networks, analytics, error loggers, maintenance or problem-solving providers, professional advisers, and payment-system operators
  • our employees, contractors, and related entities
  • our existing or potential agents or business partners
  • courts, tribunals, regulatory authorities, and law-enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
  • third parties, including agents or sub-contractors who assist us in providing information, products, services, or direct marketing to you
  • an entity that buys, or to which we transfer, all or substantially all of our assets and business

Third parties we currently use include:

  • Google Gemini — large language model for AI agent responses (zero-retention; no training)
  • Supabase — database hosting and authentication
  • Vercel — website and application hosting
  • Resend — transactional and account email delivery
  • Stripe — payment processing for subscriptions
  • PostHog — product analytics and session insights
  • Vercel Analytics — anonymous, privacy-respecting web analytics

A complete list of current sub-processors is available on request from [email protected]. We will provide at least 30 days’ prior notice of any new sub-processor we engage to process personal data on behalf of customers, allowing customers a reasonable opportunity to object.

Data Processing Addendum

Where Knowiz processes personal data on your behalf — for example, end-user conversation data from agents you operate — a Data Processing Addendum (DPA) governs that processing in addition to this Privacy Policy. A DPA is available on request from [email protected].

Automated Processing and Profiling

Knowiz produces automated metadata about conversations — including summaries, sentiment scores, intent labels, and lead/issue classifications. This processing exists to help you operate your AI agents and surface insights from your inbox. It is not used to make decisions that produce legal effects on individuals or similarly significantly affect them. If you believe an automated decision has materially affected you, you may request human review by contacting [email protected].

Data Breach Notification

Where applicable law requires notification of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

International Transfers of Personal Information

The personal information we collect is stored and/or processed in the United Kingdom, Ireland, the European Economic Area (EEA), and the United States, or wherever we or our partners, affiliates, and third-party providers maintain facilities.

The countries to which we store, process, or transfer your personal information may not have the same data-protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this Privacy Policy.

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us; however, if you do not, it may affect your use of our website or the Service.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you. We will respond to access, correction, portability, and erasure requests within 30 calendar days of receipt, in accordance with applicable law. If we cannot resolve a request within that period (for example, because of complexity or volume), we will let you know within the same period and provide a reasonable extended timeline.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this Policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data-protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data-protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt out of communications (including marketing communications), please contact us using the details provided in this Policy, or opt out using the facilities provided in the communication.

Use of Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer and accesses each time you visit, so we can understand how you use our site.

Please refer to our Cookie Policy for more information.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this Policy.

Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our Privacy Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Policy, we will post the changes here at the same link by which you are accessing this Policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected communication preferences) with the new details and links to the updated Policy.

Additional Disclosures for GDPR (EU)

Data Controller / Data Processor

The GDPR distinguishes between organisations that process personal information for their own purposes (“data controllers”) and organisations that process personal information on behalf of others (“data processors”). With respect to personal information you provide to us as a customer (e.g. your account and billing data), Allyce AI Ltd. is the data controller. With respect to personal information processed by your AI agents from your end users, Allyce AI Ltd. acts as a data processor on your behalf, with you as the controller.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. Our lawful bases depend on the services you use and how you use them:

Consent

Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; this will not affect any use of your information that has already taken place.

Performance of a Contract

Where you have entered into a contract with us, or in order to take preparatory steps prior to entering into a contract with you (for example, if you contact us with an enquiry).

Our Legitimate Interests

Where we assess it is necessary for our legitimate interests, such as to provide, operate, improve, and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, and measures taken to protect our legal rights and interests.

Compliance with Law

In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations.

International Transfers Outside the EEA

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards — for example, by using standard contractual clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Your GDPR Rights

Restrict: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest.

Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or another easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.

Erasure: You may, in certain circumstances, request that we erase your personal data from our records.

Additional Disclosures for U.S. State Privacy Laws

The following section includes provisions that comply with the privacy laws of California, Colorado, Delaware, Florida, Virginia, and Utah, and applies only to residents of those states. Specific references to a particular state (in a heading or in the text) are only a reference to that state’s law and apply only to that state’s residents. Non-state-specific language applies to all of the states listed above.

Do Not Track

Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.

Cookies and Pixels

At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Please refer to the Cookies section of this Policy for more information.

California — CCPA / CPRA

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organisations for their marketing purposes. To make such a request, please contact us using the details provided in this Policy with “Request for California privacy information” in the subject line. You may make this type of request once per calendar year.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA / CPRA:

  • Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account.
  • Customer records, such as billing address and information processed by our payment processor.
  • Internet or other electronic network activity information, such as conversation content, content uploaded to your knowledge base, and interactions with the Knowiz dashboard.
  • Inferences drawn from any of the above, such as AI-generated conversation summaries, sentiment scores, and intent labels.

For more information on what we collect and how we use it, review the “Information We Collect” and “Collection and Use of Information” sections above.

Right to Know and Delete

You have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. To exercise any of these rights, please contact us using the details provided in this Policy.

Right to Opt Out of Sale or Sharing

We do not sell personal information for monetary consideration. However, our use of product-analytics cookies (including PostHog) may constitute “sharing” under California’s CPRA and similar U.S. state laws. To opt out:

  • Enable Global Privacy Control (GPC) signals in your browser — we honour GPC signals as a valid opt-out request.
  • Email [email protected] with “Do Not Sell or Share” in the subject line.

We will not discriminate against you for exercising this right.

Shine the Light

You have the right to request information from us regarding the manner in which we share certain personal information with third parties and affiliates for their own direct marketing purposes. To receive this information, send us a request using the contact details provided in this Policy. Requests must include “Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.

Additional Disclosures for UK GDPR (UK)

Data Controller / Data Processor

For the purposes covered by this Privacy Policy, Allyce AI Ltd. is a data controller with respect to the personal information you provide to us as a customer, and a data processor with respect to personal information processed by your agents from your end users.

Third-Party-Provided Content

We may indirectly collect personal information about you from third parties who have your permission to share it. For example, if you purchase a product or service from a business working with us, and give your permission for us to use your details in order to complete the transaction.

Your UK Data-Subject Rights

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Right to Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest.

Right to be Informed: You have the right to be informed about how your data is collected, processed, shared, and stored.

Right of Access: You may request a copy of the personal information that we hold about you at any time by submitting a Data Subject Access Request (DSAR). The statutory deadline for fulfilling a DSAR is 30 calendar days from our receipt of your request.

Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from the records held by organisations. However, this right is qualified and not absolute.

Right to Portability: You have the right to receive some of your personal data from us in a structured, commonly used, machine-readable format, and to ask us to transfer it to another organisation where technically feasible.

Right to Rectification: If personal data is inaccurate, out of date, or incomplete, you have the right to correct, update, or complete that data.

Notification of Data Breaches: Upon discovery of a data breach, we will investigate the incident and report it to the UK’s data-protection regulator and you, if we deem it appropriate to do so.

Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data-protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO — please contact us first using the details below.

Enquiries, Reports, and Escalation

To enquire about Knowiz’s privacy practices, or to report a potential violation, you may contact us at [email protected].

If we fail to resolve your concern to your satisfaction, you may also contact the Information Commissioner’s Office (ICO), the UK data-protection regulator, at www.ico.org.uk.

Contact Us

For any questions or concerns regarding your privacy, you may contact us at:

[email protected]

Allyce AI Ltd., a private limited company incorporated in Ireland (operating the Knowiz brand). Our registered office address is available on request — please email [email protected].