Privacy Policy

1 Introduction

Tradia, Inc. ("Tradia," "we," "us," or "our") is a managed AI assistant platform organized as a Delaware C Corporation. We deploy and host AI agents for small businesses that handle inbound communications via email and iMessage.

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our platform, dashboard, AI agents, public portals, and related services (collectively, the "Service"). It applies to our Customers (businesses that subscribe to the Service), End Users (individuals who communicate with Customer AI Agents), and visitors to our website.

For End User data processed through Agent interactions, the Customer is the data controller and Tradia is the data processor. End Users with questions about how their data is handled should contact the business (Customer) they communicated with.

2 Information We Collect

2.1 Customer Account Information

When Customers register for the Service, we collect: name, email address, business name, billing information, and account credentials.

2.2 Customer Content

Customers provide business information, configuration instructions, branding materials, and other content used to train and configure their AI Agent ("Customer Content").

2.3 Conversation Data

When End Users communicate with an Agent, we process and store message transcripts, metadata (timestamps, channel identifiers), and contact information (email addresses, phone numbers) associated with the conversation ("Conversation Data").

2.4 Usage Data

We automatically collect information about how Customers use the Dashboard, including pages visited, features used, session duration, browser type, device information, and IP address.

2.5 Technical Data

We collect server logs, error reports, and performance data necessary to maintain and improve the Service.

3 How We Collect Information

We collect information through the following means:

Directly from Customers -- through account registration, Dashboard configuration, and support interactions;
From End Users -- through Agent communications via email (AgentMail at agents.tradia.ai) and iMessage channels;
Automatically -- through cookies, server logs, and analytics tools when Customers use the Dashboard or visit our website;
From third-party services -- through our AI language model providers (e.g., Anthropic), communication infrastructure providers, and payment processors.

4 Lawful Basis for Processing

We process personal data on the following legal bases under applicable data protection law:

Purpose	Data Used	Legal Basis
Provide the Service to Customers	Account info, Customer Content, billing data	Contract performance
Respond to End User messages via AI Agent	Message content, contact info, business context	Contract performance (processing on behalf of Customer); legitimate interest
Process payments	Billing information	Contract performance
Store and display Conversation Data	Message transcripts, metadata	Contract performance (processing on behalf of Customer)
Service analytics and improvement	Aggregate, de-identified usage data	Legitimate interest
Detect and prevent fraud, abuse, or security threats	Account info, usage data, metadata, message content	Legitimate interest; legal obligation
Communicate with Customers	Account info, email address	Contract performance; legitimate interest
Comply with legal obligations	As required by applicable law	Legal obligation

5 How We Use Information

We use the information we collect for the following purposes:

To provide, operate, and maintain the Service, including deploying and hosting AI Agents;
To process Agent communications with End Users and generate AI responses;
To store and display Conversation Data in the Customer Dashboard;
To process payments and manage billing;
To provide customer support and respond to inquiries;
To send service-related communications (maintenance notices, security alerts, account updates);
To analyze aggregate, de-identified usage data to improve the Service;
To detect, prevent, and address technical issues, fraud, and security threats;
To comply with applicable laws, regulations, and legal processes.

6 AI Processing & Model Training

6.1 How AI Processing Works

When End Users communicate with a Customer's Agent, messages are processed through third-party AI language model providers (e.g., Anthropic) to generate responses. This processing uses message content and Customer-provided business context. Conversation transcripts and metadata are stored by Tradia on behalf of the Customer.

6.2 AI Model Training Restrictions

Tradia does not use Customer Content or Conversation Data containing personal information to train general-purpose AI models. Personal data processed through Agent interactions is used solely to generate responses within the specific conversation context and to provide the Service as described in these terms.

Only aggregate, de-identified data that cannot be linked to any individual is used for service improvement and analytics. Customer Data is never commingled with data from other customers for model training purposes.

6.3 Third-Party AI Providers

Our AI language model providers process message content to generate Agent responses. We select providers who maintain appropriate data protection commitments and do not use customer input data to train their general-purpose models. See Section 8 (Sub-Processors) for details on our third-party providers.

7 How We Share Information

We do not sell personal information. We share information only in the following circumstances:

Sub-Processors -- with trusted third-party service providers who process data on our behalf to operate the Service (see Section 8);
With Customers -- End User Conversation Data is accessible to the Customer whose Agent was involved in the communication;
Legal compliance -- when required by applicable law, regulation, legal process, or enforceable governmental request;
Protection of rights -- to enforce our Terms of Service, protect the rights, property, or safety of Tradia, our Customers, or others;
Business transfers -- in connection with a merger, acquisition, reorganization, or sale of assets, in which case we will notify affected Customers before personal data is transferred and becomes subject to a different privacy policy;
With consent -- when the Customer has given explicit authorization to share data with a specified third party.

8 Sub-Processors

Tradia engages the following categories of sub-processors to provide the Service:

Category	Purpose	Data Processed
AI language model providers	Generate Agent responses	Message content, business context
Infrastructure hosting providers	Host platform and store data	All Service data
Email delivery services	Process Agent email communications	Email content, addresses
Payment processors	Process Customer payments	Billing information
Analytics providers	Dashboard usage analytics	Aggregate usage data

All sub-processors are bound by data processing agreements that require them to protect personal data in accordance with applicable law and these terms.

8.1 Sub-Processor Changes & Objection Rights

Tradia will notify Customers at least 30 days before engaging a new sub-processor that will process personal data. If a Customer has a reasonable, documented objection to a new sub-processor on data protection grounds, Customer must notify Tradia in writing within 15 days of receiving notice.

Tradia will make commercially reasonable efforts to address the objection. If Tradia cannot resolve the objection to Customer's reasonable satisfaction within 30 days, Customer may terminate the affected services without penalty by providing written notice within 15 days of the resolution deadline.

9 Data Retention

We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

Customer account data -- retained for the duration of the Customer's subscription and for 30 days following termination to allow data export;
Conversation Data -- retained for the duration of the Customer's subscription. Customers may request deletion of specific Conversation Data at any time through the Dashboard or by contacting support;
Billing records -- retained as required by applicable tax and financial record-keeping laws;
Usage and technical data -- retained in aggregate form for up to 24 months for analytics purposes;
Trial Service data -- may be permanently deleted 30 days after trial expiration if the Customer does not subscribe to a paid plan.

After the applicable retention period, personal data is securely deleted or anonymized in accordance with our data deletion procedures.

10 Security

Tradia implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS) and at rest;
Multi-tenant platform architecture with logical data isolation between Customer accounts;
Secrets management through enterprise-grade password management (1Password);
Secure mesh networking (Tailscale) for internal infrastructure communications;
Regular security assessments and monitoring;
Access controls and authentication requirements for platform administration;
Employee security training and confidentiality obligations.

10.1 Security Breach Notification

In the event of a confirmed security breach involving personal data, Tradia will notify affected Customers within 72 hours of confirmation and cooperate with Customer to meet applicable breach notification requirements.

For End Users, the Customer (as data controller) is responsible for determining and carrying out any required breach notifications. Tradia will provide Customer with available details regarding the nature, scope, and impact of the breach to assist with Customer's notification obligations.

11 Customer & End User Rights

11.1 Customer Rights

Customers have the following rights with respect to their personal data and account information:

Access -- view your personal data through the Dashboard or by contacting support;
Correction -- update or correct inaccurate personal data through the Dashboard;
Deletion -- request deletion of your account and associated personal data;
Restriction -- request that we restrict processing of your personal data in certain circumstances;
Data portability -- request a machine-readable export of your Conversation Data and account information in a standard format (JSON or CSV);
Objection -- object to processing of your personal data based on legitimate interest;
Withdraw consent -- where processing is based on consent, withdraw that consent at any time.

11.2 End User Rights

Because Tradia acts as a data processor for End User data, End Users should direct privacy-related requests (access, deletion, correction, etc.) to the Customer (the business they communicated with). Tradia will cooperate with Customers to fulfill such requests in a timely manner.

To exercise any of these rights, Customers may contact us at privacy@tradia.ai. We will respond to valid requests within 30 days (or as required by applicable law).

12 Automated Decision-Making

The Agent does not make legally significant automated decisions about End Users (such as determining eligibility for services, credit, employment, or insurance).

If applicable law provides End Users with a right to opt out of automated decision-making or to request human review, End Users should direct such requests to the Customer (the business they communicated with), who controls how the Agent is used. Tradia will cooperate with Customers to honor such requests to the extent technically feasible.

13 International Data Transfers

Tradia's infrastructure is hosted with Hetzner, a Germany-based hosting provider. Data may be processed in and transferred between the European Union, the United States, and other jurisdictions where our sub-processors operate.

Where personal data is transferred across international borders, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms as required by applicable data protection law.

14 Cookies & Tracking Technologies

The Tradia website and Dashboard use cookies and similar technologies for essential functionality and analytics:

Essential cookies -- necessary for the Service to function, including session management and authentication. These cannot be disabled.
Analytics cookies -- help us understand how Customers use the Dashboard to improve the Service. These can be disabled through your browser settings or our cookie preferences.

We do not use advertising cookies or tracking pixels. We do not engage in cross-site tracking. The AI Agent communication channels (email and iMessage) do not use cookies.

15 Children's Privacy

The Service is designed for use by businesses and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@tradia.ai.

16 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers of material changes at least 30 days in advance via the Dashboard or email. The "Effective Date" at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

17 Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Tradia, Inc.
A Delaware C Corporation
Email: privacy@tradia.ai
Legal inquiries: legal@tradia.ai