Last updated: July 2, 2026
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
For the purposes of this Privacy Policy:
The Company processes Personal Data in two distinct capacities, and Your rights and the applicable terms differ depending on which capacity applies:
We are the Data Controller for Personal Data that We collect for Our own purposes, including: (a) Account registration, authentication, and administration data of Customers and their authorized users; (b) billing and payment-related data; (c) data collected on Our Website, including Usage Data, cookies, and analytics; (d) marketing, sales, and support communications; and (e) data relating to Our own business operations. This Privacy Policy governs that processing.
We are the Data Processor for Customer Data. When End Users interact with an AI agent deployed by a Customer (or a Customer's client), the Customer — or its client — determines the purposes and means of that processing and is the Data Controller (or a Processor acting on behalf of its own client). We process Customer Data solely on the documented instructions of the Customer and in accordance with Our Data Processing Agreement, which meets the requirements of Article 28(3) GDPR and incorporates the EU Standard Contractual Clauses for international transfers.
Customers who require a signed DPA may request one at [email protected].
If You are an End User who has interacted with an AI agent powered by the Service, the privacy notice of the business that deployed that agent governs the processing of Your Personal Data, and Your data protection rights (access, rectification, erasure, and others) should be exercised against that business as the Data Controller. If We receive a request from an End User directly, We will forward it to the relevant Customer without undue delay and will not respond to it except on the Customer's documented instructions or as required by law.
We do not use Customer Data — including End User conversation content such as chat transcripts, voice recordings or transcripts, and SMS content — to train, retrain, fine-tune, or otherwise improve any artificial intelligence or machine learning model, whether Our own or those of third parties.
AI responses on the Service are generated through commercial API agreements with third-party large language model providers, including OpenAI and Anthropic, whose commercial API terms provide that data submitted through their APIs is not used to train their models.
We engage a limited number of third-party sub-processors to provide the Service, including cloud hosting, large language model inference, voice infrastructure, and SMS transmission providers. The current list of sub-processors, their locations, and the applicable transfer safeguards is available upon request at [email protected]. Customers will be notified of any intended addition or replacement of a sub-processor in accordance with the DPA and may object on reasonable data-protection grounds.
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Where AI agents deployed through the Service are used, We process Customer Data (including End User conversation content) as a Data Processor on behalf of the relevant Customer, as described in "Our Role Under the GDPR: Controller and Processor" above and in the DPA. The categories of Personal Data contained in Customer Data are determined by the Customer and by what End Users choose to disclose in conversations.
The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services: Google, Facebook, Twitter, LinkedIn.
If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal data that is already associated with Your Third-Party Social Media Service's account, such as Your name, Your email address, Your activities or Your contact list associated with that account.
You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service's account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
The Company may use Personal Data for the following purposes:
For the avoidance of doubt, the purposes above apply to Personal Data for which We are the Data Controller. Customer Data is used solely to provide the Service to the relevant Customer in accordance with the DPA, and is never used for advertising, marketing, or AI model training.
We may share Your personal information in the following situations:
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Customer Data is retained for the duration of the Customer's use of the Service and is deleted or returned in accordance with the DPA upon termination, subject to standard backup rotation cycles and any retention required by law.
The Company is based in the United States, and Your information, including Personal Data, is processed and stored on infrastructure located in the United States (currently provided by DigitalOcean, LLC) and in any other locations where Our sub-processors operate, as set out in Our Sub-processor List.
Where Personal Data protected by the GDPR, the UK GDPR, or the Swiss FADP is transferred to a country that has not received an adequacy decision, We rely on appropriate safeguards under Article 46 GDPR — specifically, the Standard Contractual Clauses approved by European Commission Implementing Decision (EU) 2021/914 (as supplemented by the UK International Data Transfer Addendum for UK transfers), which are incorporated into Our DPA with Customers and into Our agreements with sub-processors. A copy of the relevant safeguards may be requested at [email protected].
We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy.
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service.
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
If Your Personal Data is contained in Customer Data (for example, You spoke with an AI agent operated by one of Our Customers), please direct Your deletion request to the business that operates that agent; We will assist that business in fulfilling Your request in accordance with the DPA.
Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. A description of Our technical and organizational security measures is set out in Annex II of the DPA and summarized in the "Data Security" section below.
The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.
We may use third-party Service providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. You may also opt-out of certain Google Analytics features through your mobile device settings. For more information on the privacy practices of Google, please visit: https://policies.google.com/privacy
Matomo is a web analytics service. You can visit their Privacy Policy page here: https://matomo.org/privacy-policy
We may use Service Providers to show advertisements to You to help support and maintain Our Service.
Google AdSense & DoubleClick Cookie: Google, as a third party vendor, uses cookies to serve ads on our Service. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Service or other websites on the Internet. You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/
Meta: Their Privacy Policy can be viewed at https://www.facebook.com/privacy/policy/
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You:
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The Company uses remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can improve our Service to reflect Your interests and serve You advertisements that are likely to be of more interest to You.
These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies and to enable Us to:
Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit You to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:
You may opt-out of all personalized advertising by enabling privacy features on Your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See Your mobile device Help system for more information.
We may share information, such as hashed email addresses (if available) or other online identifiers collected on Our Service with these third-party vendors. This allows Our third-party vendors to recognize and deliver You ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.
The third-party vendors We use are:
We use an invisible captcha service named reCAPTCHA. reCAPTCHA is operated by Google. The reCAPTCHA service may collect information from You and from Your Device for security purposes. The information gathered by reCAPTCHA is held in accordance with the Privacy Policy of Google: https://www.google.com/intl/en/policies/privacy/
Where We act as Data Controller, We may process Personal Data under the following conditions:
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Where We act as Data Processor for Customer Data, the legal basis for processing is determined by the relevant Customer as Data Controller.
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:
If Your Personal Data was collected through an AI agent operated by one of Our Customers, please direct Your request to that business as the Data Controller; We will assist them in responding in accordance with the DPA.
You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us at [email protected]. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Fan Page https://fb.me/stammerai, the Company and the operator of the social network Facebook are Joint Controllers.
The Company has entered into agreements with Facebook that define the terms for use of the Facebook Fan Page, among other things. These terms are mostly based on the Facebook Terms of Service: https://www.facebook.com/terms.php
Visit the Facebook Privacy Policy https://www.facebook.com/policy.php for more information about how Facebook manages Personal data or contact Facebook online, or by mail: Facebook, Inc. ATTN, Privacy Operations, 1601 Willow Road, Menlo Park, CA 94025, United States.
We use the Facebook Insights function in connection with the operation of the Facebook Fan Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.
For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook Fan Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period.
Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Fan Page and services by other companies that use Facebook services.
For more information on the privacy practices of Facebook, please visit Facebook Privacy Policy here: https://www.facebook.com/privacy/explanation
This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.
Please note that the categories and examples provided in the list below are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if You provided such personal information directly to Us.
Under CCPA/CPRA, personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources:
We may use or disclose personal information We collect for "business purposes" or "commercial purposes" (as defined under the CCPA/CPRA), which may include the following examples:
Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how we use this information, please refer to the "Use of Your Personal Data" section.
If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes, We will update this Privacy Policy.
We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:
Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.
When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We may share, and have shared in the last twelve (12) months, Your personal information identified in the above categories with the following categories of third parties:
As defined in the CCPA/CPRA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information by the Business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.
We do not sell personal information as the term sell is commonly understood. We do allow Service Providers to use Your personal information for the business purposes described in Our Privacy Policy, for activities such as advertising, marketing, and analytics, and these may be deemed a sale under CCPA/CPRA.
We may sell and may have sold in the last twelve (12) months the following categories of personal information:
Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been shared for value in return.
We do not knowingly collect personal information from minors under the age of 16 through our Service, although certain third party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and We encourage parents and legal guardians to monitor their children's Internet usage and instruct their children to never provide information on other websites without their permission.
We do not sell the personal information of Consumers We actually know are less than 16 years of age, unless We receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative) may submit a request to Us by contacting Us.
If You have reason to believe that a child under the age of 13 (or 16) has provided Us with personal information, please contact Us with sufficient detail to enable Us to delete that information.
The CCPA/CPRA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:
Please see the "Do Not Sell My Personal Information" section and "Limit the Use or Disclosure of My Sensitive Personal Information" section for more information on how to opt out and limit the use of sensitive information collected.
Additionally, in order to exercise any of Your rights under the CCPA/CPRA, and if You are a California resident, You can contact Us:
Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information.
Your request to Us must: provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative; and describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
We cannot respond to Your request or provide You with the required information if We cannot verify Your identity or authority to make the request and confirm that the personal information relates to You.
We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.
Any disclosures We provide will only cover the 12-month period preceding the verifiable request's receipt.
For data portability requests, We will select a format to provide Your personal information that is readily usable and should allow You to transmit the information from one entity to another entity without hindrance.
As defined in the CCPA/CPRA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information by the Business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.
We do not sell personal information as the term sell is commonly understood. We do allow Service Providers to use Your personal information for the business purposes described in Our Privacy Policy, for activities such as advertising, marketing, and analytics, and these may be deemed a sale under CCPA/CPRA.
You have the right to opt-out of the sale of Your personal information. Once We receive and confirm a verifiable consumer request from You, we will stop selling Your personal information. To exercise Your right to opt-out, please contact Us.
The Service Providers we partner with (for example, our analytics or advertising partners) may use technology on the Service that sells personal information as defined by the CCPA/CPRA law. If you wish to opt out of the use of Your personal information for interest-based advertising purposes and these potential sales as defined under CCPA/CPRA law, you may do so by following the instructions below.
Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that You use.
If applicable, click "Privacy Preferences", "Update Privacy Preferences" or "Do Not Sell My Personal Information" buttons listed on the Service to review Your privacy preferences and opt out of cookies and other technologies that We may use. Please note that You will need to opt out from each browser that You use to access the Service.
Additionally, You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:
The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by Your browser, You will need to opt out again.
Your mobile device may give You the ability to opt out of the use of information about the apps You use in order to serve You ads that are targeted to Your interests:
You can also stop the collection of location information from Your mobile device by changing the preferences on Your mobile device.
If You are a California resident, You have the right to limit the use and disclosure of Your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such services or goods.
We collect, use and disclose sensitive personal information in ways that are necessary to provide the Service. For more information on how We use Your personal information, please see the "Use of Your Personal Data" section or contact us.
Our Service does not respond to Do Not Track signals.
However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.
Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.
If you'd like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.
California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.
To request removal of such data, and if You are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.
Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, or wish to exercise your data protection rights, You can contact us:
At Stammer.ai, your data security is our top priority. Data is encrypted in transit using HTTPS/TLS, and Our platform is hosted in SOC 2-audited data centers operated by DigitalOcean, LLC, with encryption at rest provided by the underlying infrastructure.
Each AI agent within Stammer.ai is independent and self-contained, with Customer Data logically segregated per account. Through strict access controls, we ensure your agent functions independently for a personalized and secure experience.
Access to production environments is highly restricted and limited to authorized personnel on a least-privilege basis, combined with rigorous internal auditing of security procedures. This ensures that your data remains protected at all times.
We leverage world-class security measures from providers such as Cloudflare, providing an additional layer of data protection and resilience.
At Stammer.ai, our goal is always to exceed industry standards. We are actively dedicated to enhancing our security infrastructure, and plan to pursue globally recognized compliance standards in the near future.
A more detailed description of Our technical and organizational security measures is available in Annex II of Our Data Processing Agreement, available to Customers upon request.
At Stammer.ai, your data security is our top priority. Our systems use HTTPS protocols to encrypt your data during transit, providing robust protection against potential data breaches.
Self-Contained Bots
Each bot within Stammer.ai is independent and self-contained, ensuring your data stays private. Through strict access controls, we ensure your bot functions independently for a personalized and secure experience.
Commitment to Excellence
At Stammer.ai, our goal is always to exceed industry standards. We are actively dedicated to enhancing our security infrastructure, and plan to pursue globally recognized compliance standards in the near future.
Secure Storage and User-Controlled Privacy
Stammer.ai securely stores your data on our dedicated servers, with access limited only to the application itself. Your chatbot's privacy is directly controlled by the settings you establish within the app, ensuring you're always in command.
Trusted by Industry Leaders
We incorporate the best security practices from industry leaders such as AWS and Cloudflare. Leveraging their world-class security measures, we provide an additional layer of data protection and resilience.
Exclusive Access Control
At Stammer.ai, access to production environments is highly restricted. This policy, combined with our rigorous internal auditing of security procedures, ensures that your data remains protected at all times.
Stammer.ai - Where Security Meets Innovation
Choose Stammer.ai for a chatbot service that doesn't compromise on security. We take your safety and privacy seriously, implementing robust security practices and continually enhancing our systems. Experience the best of secure chatbot technology with Stammer.ai.