Privacy Policy

At Potential.com, we take the privacy, security, and data protection of our users and clients seriously. This Privacy Policy describes how we collect, use, store, and protect information across our suite of AI Tools, including AI Chatbots and AI Voice Agents (collectively referred to as "AI Tools"). By using our services, you agree to the practices described in this policy.

1. Who We Are

Potential.com is a technology company that provides AI-powered empowerment tools hosted on enterprise-grade infrastructure. We are committed to upholding the highest standards of privacy and security in compliance with international regulations, including the General Data Protection Regulation (GDPR).

2. Hosting and Infrastructure

  • All AI Tools are hosted on Amazon Web Services (AWS) servers located in Europe, benefiting from AWS's robust compliance with ISO 27001, SOC 1/2/3, and other industry-leading certifications.
  • Our infrastructure is designed with enterprise-grade security in mind, including data encryption in transit and at rest.

3. Data Collection and Use

a. Types of Data Collected

We do not collect or store personally identifiable information (PII) by default. However, in the course of using our AI Tools, users may voluntarily share:

  • Names
  • Email addresses
  • Phone numbers
  • Business inquiries or support issues

In some cases, if our clients explicitly request to collect additional personal data through the AI Tools, we may support this upon mutual agreement and subject to appropriate safeguards, data processing terms, and full compliance with relevant privacy regulations, including GDPR.

Note: All information is anonymized where possible, and only the minimum necessary non-personal data is processed for each interaction.

b. Purpose of Data Use

Data exchanged within our AI Tools is used solely for the purpose of delivering and improving the conversation flow and functionality of the specific conversation session the user is engaged in. It is not used across multiple conversations or retained for purposes beyond the current interaction. It is not used for:

  • AI model training
  • Marketing purposes (unless explicitly requested to)
  • Profiling or behavioral tracking (unless explicitly requested to)

4. Use of Third-Party Large Language Models (LLMs)

  • All communication with LLMs is mediated through Potential.com's servers, which include customizable safeguards to control what data is shared.
  • By default, we do not share any personal information with third-party LLM providers unless a client has explicitly requested such sharing and provided informed consent.
  • Clients may configure their data-sharing preferences at the enterprise level.
  • All conversations are strictly used to serve end-user interactions and are not retained or used for training by third-party providers.

5. Data Retention and Deletion

  • Data and conversation logs are retained for a maximum of 7 days on our servers, after which they are automatically deleted.
  • Clients can opt-in to longer retention periods by written request and through specific data processing agreements (DPAs).
  • Upon client request, we provide data access, export, and deletion in accordance with GDPR.

6. Legal Basis for Processing

We process personal data based on:

  • The legitimate interest of providing and maintaining the service.
  • User consent, where applicable (e.g., when inputting personal data).
  • Compliance with legal obligations, if required.
  • Performance of a contract, when data is necessary for delivering our services.

7. Your Rights

Under GDPR and other applicable laws, you have the right to:

  • Access the personal data we hold about you
  • Request rectification or deletion of your data
  • Object to or restrict processing
  • Withdraw consent at any time (where applicable)
  • Data portability in a commonly used, machine-readable format
  • File a complaint with a supervisory authority

To exercise any of these rights, contact us at: info@potential.com

Single Sign-On (SSO)

Potential.com and its subdomains provide Single Sign-On (SSO) functionality to streamline your login experience. When you use SSO, you will be directed to a third-party authentication service such as Google, Facebook, or another SSO provider, which will authenticate your identity and provide you with access to our sites. These third-party providers may collect and process your personal information according to their own privacy policies.

Use of Google User Data

Our use of Google user data is limited to the practices disclosed in this Privacy Policy and conforms with Google's Limited Use requirements. When you use Google SSO to access our platform, we collect and use Google user data such as display name, email, and first name to create your user account on our platform. We only use Google user data for the purposes explicitly stated in this policy and do not share this data with unauthorized third parties.

8. Data Security Measures

We apply a layered approach to securing client data:

  • End-to-end encryption (TLS 1.2+)
  • Strict access controls and role-based permissions
  • Real-time monitoring and automated incident detection
  • Secure APIs with audit logs and rate limiting
  • Frequent vulnerability assessments and security audits
  • Security training and awareness programs for staff

9. Third-Party Sharing and Cookies

  • We do not sell or rent your personal data to third parties.
  • We only share data with trusted subprocessors as necessary to provide our services, governed by data processing agreements that ensure GDPR compliance.
  • We may use cookies and similar tracking technologies on our web interfaces, including our domains and subdomains, but NOT when our AI tools are added to clients' websites and applications to improve user experience. Users are prompted to consent to cookie usage, and cookie preferences can be managed anytime.

Cookies and Web Beacons

We do use cookies to store information, such as your personal preferences when you visit our sites. This could include only showing you a popup once in your visit or the ability to log in to some of our features, such as forums. We also use third-party advertisements on Potential.com and its subdomains to support our sites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. In case of significant changes, we will notify users via email or a notice on our website.

11. Contact Us

For any questions or concerns related to this Privacy Policy or data protection practices, please contact:

Potential.com
Email: info@potential.com
Website: https://www.potential.com