Privacy

Belangrijke teksten.

Privacy Policy

Privacy Policy for YouShouldAsk

Welcome to YouShouldAsk, available at www.youshouldask.ai. Protecting your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit our website, use our platform, or interact with our services.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed through our website, platform, support services, and related communication channels. Depending on the specific service and context, YouShouldAsk may act either as a data controller or as a data processor on behalf of its customers.

Where YouShouldAsk processes personal data on behalf of a customer, that customer is generally responsible for determining the purpose and legal basis of the processing. In those situations, YouShouldAsk processes personal data only in accordance with the customer’s documented instructions and applicable law.

2. Information We Collect

We may collect personal information in a number of ways, depending on how you interact with us. This may include information you provide directly, information collected automatically, and information processed through customer use of our services.

  • Contact information, such as your name, email address, phone number, and company details;
  • Account and user information related to access to our platform;
  • Communication content, such as messages sent via webchat, email, support channels, or WhatsApp;
  • Usage and device information, including browser type, IP address, time zone, log data, timestamps, and pages viewed;
  • Transactional or reference data where relevant to a supported workflow, such as ticket details, booking references, or order-related information.

3. How We Use Your Information

We use personal information only where necessary for legitimate business and service purposes, including:

  • To provide, operate, maintain, and improve our platform and related services;
  • To manage customer support, communication handling, mailbox triage, and response generation;
  • To enable workflow automation and AI-assisted support within approved use cases;
  • To communicate with users, customers, and prospects;
  • To monitor, secure, and optimize the performance of our platform;
  • To comply with legal, regulatory, and contractual obligations;
  • To carry out limited marketing and advertising activities where permitted by applicable law.

Personal data processed through our services is not used to train public AI models.

4. Access Control and Data Minimization

We apply the principles of data minimization and least privilege. Access to systems, datasets, mailboxes, APIs, and personal data is limited to what is strictly necessary for the relevant service, workflow, or support interaction.

Unless explicitly agreed otherwise, we do not enable unrestricted access to customer systems, bulk exports of personal data, or autonomous actions in high-impact systems beyond the approved scope of service delivery.

5. Sharing Your Personal Information

We may share personal information with trusted third-party service providers where necessary to operate our platform and deliver our services. These third parties act under contractual obligations designed to protect personal data and may only process personal data for specified purposes.

Examples of service providers we may use include hosting providers, analytics providers, and AI infrastructure providers.

We may also disclose personal information where required to comply with applicable laws, legal processes, lawful requests from authorities, or to protect our rights, users, systems, or services.

6. Sub-processors

We may engage carefully selected sub-processors to support the delivery of our services, including cloud hosting and AI service providers. Where required, we ensure that these sub-processors are subject to data protection obligations that are no less protective than those applicable to us.

Our infrastructure and service delivery may involve providers such as hosting partners and AI model providers. A current overview of relevant sub-processors may be provided upon request or through applicable contractual documentation.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) or Switzerland, we ensure that such transfers are subject to a valid transfer mechanism under applicable data protection law, such as an adequacy decision or the use of appropriate safeguards including Standard Contractual Clauses.

Where AI or other cloud-based service providers process data outside the EEA, we take reasonable steps to ensure that such processing remains subject to appropriate contractual and legal protections.

8. Data Protection and Security

We implement and maintain appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

  • Encryption of data in transit and, where applicable, at rest;
  • Access controls, role-based permissions, and secure authentication measures;
  • Monitoring, logging, and audit trails for critical actions;
  • Secure backup and recovery procedures;
  • Patch management, vulnerability management, and ongoing maintenance of our systems;
  • Confidentiality obligations for authorized personnel.

We regularly review and update our security measures in light of technological, operational, and legal developments.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, contract, or legitimate operational necessity.

Retention settings within our platform may be configurable by customers, depending on the service and data category involved. Operational logs may be retained for a limited period where necessary for service integrity, security, compliance, or dispute resolution.

Where personal data is processed through third-party AI services, such data may be subject to limited short-term retention for abuse monitoring, security, and debugging, in accordance with the applicable provider terms and contractual safeguards.

10. Use of OpenAI Services

We may use services provided by OpenAI, including language model APIs, to support AI-assisted features within our platform. Data shared with such services is processed solely for the purpose of generating responses or enabling agreed functionality within our services.

Unless explicitly agreed otherwise, customer data processed through these services is not used to train public AI models. We apply appropriate contractual and technical safeguards to ensure secure and compliant processing.

11. WhatsApp, Webchat, Email, and Other Communication Channels

When you communicate with us or with services powered through our platform via channels such as webchat, email, WhatsApp, voice, or connected mailbox environments, we may process the information you provide in order to handle inquiries, support requests, service workflows, and related communications.

Such data is processed only for the relevant communication or service purpose and in accordance with applicable contractual, legal, and security requirements.

12. Data Subject Rights

Depending on your location and the applicable data protection laws, you may have rights in relation to your personal data, including the right to access, correct, delete, restrict, object to, or request portability of your personal data.

Where YouShouldAsk acts as a processor on behalf of a customer, requests relating to personal data may need to be directed to the relevant customer as the responsible controller. We will support our customers, where appropriate, in responding to such requests in accordance with applicable law.

13. Personal Data Breaches

We maintain internal procedures for identifying, assessing, containing, and responding to suspected or confirmed personal data breaches. Where required by applicable law or contract, we will notify the relevant customer or authority without undue delay and provide reasonable cooperation in investigating and mitigating the incident.

14. AI Governance and Human Oversight

Where our platform uses AI-assisted workflows, we apply governance measures appropriate to the use case, including logging, scope limitation, escalation rules, and human oversight where relevant. Certain channels or workflows may operate in suggestion-only mode, human approval mode, or controlled auto-send mode, depending on the agreed configuration and risk profile.

We aim to ensure that AI-assisted outputs remain aligned with approved knowledge, process rules, and service boundaries. Where confidence is low, a policy rule is triggered, or a request falls outside the approved scope, workflows may be escalated to a human user.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal obligations, or business practices. Any updated version will be posted on this page together with the revised effective date.

16. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or if you would like to exercise your rights, please contact us at info@youshouldask.ai.