Privacy Policy

Last updated: 19 March 2026 · Effective immediately

🔒 HTTPS Encrypted 🇪🇺 GDPR Compliant 🇮🇳 DPDP Act 2023 🇦🇪 UAE PDPL 🔐 SOC2 In Progress

1. Who We Are

Percepto AI ("we," "us," "our") operates a voice-first AI agent that scores visitor intent and personalises website conversations. This Privacy Policy explains how we collect, use, and protect your personal data, and what rights you have.

2. Jurisdictions We Comply With

EU & EEA: GDPR (Regulation 2016/679)
India: Digital Personal Data Protection Act 2023 (DPDP)
UAE: Federal Decree-Law No. 45 of 2021 (UAE PDPL)
Global: SOC2 Type II (in progress)

3. Data We Collect & Why

3.1 Visitor Signals (with your consent)

When you visit a website running Percepto AI, we collect:

Visitor ID — _scout_vid cookie (365-day TTL, first-party)
Browser signals — page URL, referrer, device type, browser language, time of day, day of week, UTM parameters
IP address — enriched via ip-api.com to identify your company name, city, and country
Visit history — previous pages visited and intent score (stored in Redis, 30-day TTL)

Purpose: Score intent level and personalise Percepto AI's opening conversation.
Legal basis: Explicit consent (consent banner).
Retention: 30 days in Redis, then automatically deleted.

3.2 Conversation Data (if you engage Percepto AI)

Transcript — what you say and Percepto AI's replies
Voice audio — WebM/WAV recording, transcribed by Groq Whisper (not stored after transcription)
Extracted lead summary — name, email, company, pain points, use case (extracted by LLM with your knowledge)

Purpose: Enable real-time conversation and provide a CRM-ready summary to the website owner.
Legal basis: Consent (you initiated the conversation).
Retention: Session transcript: 24 hours. Extracted summary: 90 days.

3.3 Signup / Waitlist Form Data

First name, last name, work email, company website, team size

Purpose: Create your Percepto AI account and send product updates.
Legal basis: Consent (form submission).
Retention: Until you request deletion.

4. Data Processors

Percepto AI shares your data with the following sub-processors, each under a Data Processing Agreement:

Processor	Location	Purpose	Data Shared
Groq, Inc.	USA	LLM inference + Whisper STT	Visitor signals, conversation
Anthropic	USA	Claude Haiku (LLM fallback)	Visitor signals, conversation
ElevenLabs	USA	Text-to-speech synthesis	Conversation text only
Supabase	USA	Database + authentication	All collected data
Upstash	USA	Redis session cache	Visitor signals, session data
Render	USA	Backend server hosting	Visitor data (in memory)
Cloudflare	USA	CDN, DDoS protection	Widget JS, request headers
ip-api.com	USA	IP geolocation lookup	IP address only

All processors are USA-based. For GDPR users, transfers are made under Standard Contractual Clauses (Art. 46 GDPR).

5. Your Rights

Right	GDPR	DPDP	UAE PDPL	How to exercise
Access your data	Art. 15	§8	Art. 13	Email privacy@perceptoai.com — "Data Access Request"
Delete your data	Art. 17	§10	Art. 14	Email — "Data Deletion Request" — actioned within 30 days
Correct your data	Art. 16	§8	Art. 14	Email — "Data Correction Request" — actioned within 14 days
Withdraw consent	Art. 7(3)	§6	Art. 8	Click "Decline" on the consent banner at any time
Data portability	Art. 20	§9	Art. 13	Email — "Data Portability Request" — delivered as CSV/JSON

We respond to all requests within 30 days. If you are unsatisfied, you may lodge a complaint with your local data protection authority.

6. Data Retention

Data Type	Retention	Storage
Visitor signals + visit history	30 days	Upstash Redis
Session transcripts	24 hours	Upstash Redis
CRM lead summaries	90 days	Supabase PostgreSQL
Signup form data	Until deletion requested	Supabase
`_scout_vid` cookie	365 days (browser)	First-party cookie

7. Security

HTTPS / TLS 1.2+ for all data in transit
Encryption at rest on Supabase PostgreSQL
Row-Level Security (RLS) on all database tables
API keys stored as environment variables — never hardcoded
SOC2 Type II certification in progress

Found a vulnerability? Email security@perceptoai.com.

8. Breach Notification

In the event of a data breach, we will notify affected individuals within 72 hours as required by GDPR, DPDP, and UAE PDPL — by email to the address you provided.

9. Children's Privacy

Percepto AI is not intended for individuals under 13. We do not knowingly collect data from children. Contact privacy@perceptoai.com if you believe we have.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or via a notice on our website. Continued use of Percepto AI constitutes acceptance.

Percepto AI · privacy@perceptoai.com · Last updated 19 March 2026