1. Introduction
Xsistant ("we," "our," or "us") operates an AI-powered marketplace platform that connects businesses with their customers through voice and text interactions. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect
For Businesses (B2B Customers)

• Account Information: Email address, password, company name, billing information

• Business Data: Product/service information, documents (PDFs, images, text files), website content, pricing data

• Usage Data: Dashboard interactions, query analytics, response times, conversion metrics

• Communication Data: Support requests, feedback, correspondence

For End Customers (B2C Users)

• Interaction Data: Voice recordings, text messages, queries, and responses

• Technical Data: IP address, browser type, device information, session data

• Action Data: Booking requests, preferences, interaction history

3. How We Use Your Information
We use your information to:

• Provide and improve our AI marketplace platform

• Train and customize AI agents for business customers

• Process customer queries and execute actions (like bookings)

• Send email confirmations and notifications

• Provide customer support and technical assistance

• Analyze platform performance and user behavior

• Ensure security and prevent fraud

• Comply with legal obligations

4. Data Processing and AI Training

• Business data is processed to train customized AI agents using Google's Vertex AI

• Customer interactions are analyzed to improve response accuracy and relevance

• All AI training is performed securely with encrypted data

• We use Retrieval-Augmented Generation (RAG) to minimize data hallucinations

5. Data Sharing and Third Parties
We may share your information with:

• Google Cloud Services: For AI processing, data storage, and platform hosting

• SendGrid: For email confirmations and notifications

• Firebase: For authentication and security services

• Business Partners: End customer data is shared with the relevant business for service fulfillment

• Legal Authorities: When required by law or to protect our rights

We do not sell your personal information to third parties.

6. Data Security
We implement industry-standard security measures including:

• AES-256 encryption for data at rest and in transit

• Firebase Authentication with multi-factor authentication support

• Secure Google Cloud infrastructure (asia-southeast1 region)

• Regular security audits and monitoring

• Access controls and employee training

7. Data Retention

• Business Data: Retained for the duration of your account plus 30 days after termination

• Customer Interaction Data: Retained for 12 months for service improvement

• Analytics Data: Aggregated data may be retained longer for platform optimization

• Legal Compliance: Some data may be retained longer to meet legal requirements

8. Your Rights
Depending on your location, you may have the right to:

• Access your personal information

• Correct inaccurate information

• Delete your personal information

• Restrict processing of your information

• Data portability

• Object to processing

• Withdraw consent

To exercise these rights, contact us at contact@xsistant.com.

9. Compliance with UU PDP 2022
We comply with Indonesia's Personal Data Protection Law (UU PDP 2022) by:

• Obtaining proper consent for data processing

• Implementing appropriate security measures

• Providing transparency about data use

• Respecting individual rights regarding personal data

• Conducting regular compliance audits

10. International Data Transfers
Your data may be processed and stored in:

• Indonesia (primary)

• Google Cloud regions as required for service delivery

• Other locations as necessary for business operations

We ensure appropriate safeguards are in place for international transfers.

11. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website

• Sending email notifications to registered users

• Displaying prominent notices on our platform

13. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact us:

Email: contact@xsistant.com
For data protection inquiries specifically related to UU PDP 2022 compliance, please use the subject line "Data Protection Inquiry."

14. Cookies and Tracking
We use cookies and similar technologies to:

• Maintain user sessions and preferences

• Analyze platform usage and performance

• Improve user experience

• Provide personalized content

You can control cookie settings through your browser preferences.
This Privacy Policy is available in Bahasa Indonesia upon request.