Privacy Policy - Niona AI

1. Introduction

Welcome to Niona AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice-powered CRM assistant service.

By using Niona AI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Company/organization name
Password (encrypted)
Profile information you choose to provide

2.2 Usage Data

We automatically collect information about how you interact with our service:

Voice commands and text inputs (for AI processing)
CRM actions performed through our platform
Session duration and feature usage
Device information and browser type
IP address and general location

2.3 Integration Data

When you connect third-party services:

HubSpot CRM: Access tokens and CRM data you authorize us to access. With your authorization, we may read, create, update, and modify records in your HubSpot account including contacts, companies, deals, tasks, notes, and quotes to facilitate AI-powered CRM management features.
Salesforce CRM: Access tokens and CRM data you authorize us to access. With your authorization, we may read and create records in your Salesforce account including leads, contacts, accounts, opportunities, cases, tasks, events, notes, and quotes to facilitate AI-powered CRM management features. Salesforce uses OAuth 2.0 with PKCE for enhanced security.
QuickBooks Accounting: Access tokens and accounting data you authorize us to access. With your authorization, we may read, create, update, send, and void records in your QuickBooks account including customers, vendors, invoices, bills, payments, estimates, and items to facilitate AI-powered accounting management features.
Google Workspace / Gmail: Authentication tokens and, if explicitly authorized by you, read-only access to email content (headers, bodies, attachments) solely to facilitate AI summarization, CRM logging, and context extraction features.

3. How We Use Your Information

We use the collected information for:

Service Delivery: Process voice commands and execute CRM actions
AI Improvement: Enhance our natural language processing capabilities
Account Management: Maintain your account and provide customer support
Communication: Send service updates, security alerts, and promotional content (with your consent)
Analytics: Understand usage patterns to improve our service
Security: Detect and prevent fraud, abuse, and security threats

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

Service Providers: Third-party vendors who assist in operating our service (cloud hosting, payment processing)
AI Service Providers: To provide our AI-powered features, your text inputs, voice commands, and related content may be processed by third-party AI service providers. These providers process data solely to generate responses and do NOT use your data for training their AI models.
Integrated Platforms: HubSpot, Salesforce, QuickBooks, and other platforms you connect, as authorized by you
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with a merger, acquisition, or sale of assets

5. AI Data Processing

Niona AI uses artificial intelligence to provide its core features. Important information about AI data processing:

What We Process: Text commands, voice recordings, voice transcriptions, and email content you submit for AI analysis.
Voice Recognition: Your voice recordings may be processed by third-party speech-to-text services to convert speech into text commands.
AI Processing: Text data is sent to third-party AI APIs to generate intelligent responses and extract CRM and accounting insights.
Voice Synthesis: AI-generated text responses may be converted to speech using third-party text-to-speech services.
No AI Training: Your data is NOT used to train AI models. It is only processed to provide you with immediate service responses.
Data Minimization: We only send the minimum necessary data required for each AI operation.
No Persistent Storage by AI Providers: AI providers process your data in real-time and do not retain it after generating responses.

Email Filtering & Minimization

To protect your privacy and ensure we process only relevant business data, our system employs strict automated filtering:

No Human Access: Our support and engineering teams do not have access to view your raw emails. Processing is performed entirely by automated code.
Relevance Filtering: We only process and display emails identified as business-critical. Emails are filtered based on specific keywords related to:
- Sales & Finance: (e.g., deal, proposal, contract, invoice, budget, pricing)
- Meetings: (e.g., schedule, zoom, google meet, agenda, availability)
- Networking: (e.g., introduction, partnership, collaboration, lead)
Data Exclusion: Emails that do not contain these specific business keywords (such as personal correspondence) are ignored by our system and are not stored, processed, or displayed in the Action Center.

Email Analysis for Connected Platforms

When email integration is active, our AI may analyze email content to extract relevant data for your connected platforms:

HubSpot: Emails may be analyzed to identify contacts, companies, deals, and actionable items for your HubSpot CRM.
Salesforce: Emails may be analyzed to extract contacts, accounts, opportunities, leads, cases, and tasks relevant to your Salesforce instance.
QuickBooks: Emails may be analyzed to identify customers, invoices, estimates, and payment-related information for your QuickBooks account.

This analysis is performed by AI in real-time and is not stored separately from your conversation history. No human reviews this analysis.

Google API Limited Use Disclosure

Niona AI's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Third-Party Integration Disconnection

You may disconnect third-party integrations (HubSpot, Salesforce, QuickBooks, Google) at any time through your account settings:

Token Revocation: When you disconnect an integration, we immediately delete your stored access tokens and revoke our access to your third-party account.
Data Handling: Upon disconnection, we no longer have access to retrieve new data from the disconnected service. Previously synced data may be retained as part of your conversation history unless you request deletion.
Re-authorization: If you wish to reconnect, you will need to re-authorize access through the standard OAuth flow.

6. Payment Processing

We use third-party payment processors to handle billing:

Payment Provider: Your payment information is processed securely by our third-party payment processor. We do not store your full credit card number on our servers.
Data Shared: We share necessary billing information (name, email, billing address) with our payment processor to complete transactions.
PCI Compliance: Our payment processor is PCI-DSS compliant to ensure your payment data is handled securely.
Recurring Billing: For subscriptions, your payment method will be automatically charged at each billing cycle unless you cancel.
Billing Records: We retain transaction records for accounting, tax compliance, and dispute resolution purposes.

7. Data Security

We implement industry-standard security measures:

End-to-end encryption for data in transit (TLS 1.3)
AES-256 encryption for data at rest
All passwords securely hashed with bcrypt
Regular security audits and penetration testing
Access controls and authentication mechanisms

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

Security Incident Response

In the event of a data breach or security incident that affects your personal data:

Notification: We will notify affected users within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms.
Third-Party Notification: We will promptly notify relevant third-party platforms (such as HubSpot, Salesforce, QuickBooks, Google) if their data or integrations are affected.
Incident Details: Our notification will include the nature of the breach, types of data affected, and steps we are taking to address the incident.
Remediation: We will take immediate steps to contain the breach, investigate the cause, and implement measures to prevent future incidents.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your data at any time. We will retain and use your information as necessary to:

Comply with legal obligations
Resolve disputes
Enforce our agreements

9. Financial & Accounting Data Processing

When you connect QuickBooks or other accounting platforms, the following applies to your financial data:

Data Accessed: With your authorization, we access financial records including customers, vendors, invoices, bills, payments, estimates, and items from your connected accounting platform.
Processing Method: Financial data is accessed in real-time through secure API connections. We do not create local copies or caches of your financial records beyond what is necessary for immediate processing.
AI Analysis: Our AI may analyze email content to extract invoice details, payment information, and customer/vendor data relevant to your accounting platform. This analysis is performed automatically without human review.
Token Security: OAuth access tokens and refresh tokens for accounting platforms are encrypted at rest using industry-standard encryption.
Multi-Company Support: QuickBooks integration supports connecting multiple companies (realm IDs) within a single organization. Each connection is isolated and independently secured.
Sensitive Financial Data: We treat all accounting and financial data as sensitive information. Access is restricted to automated systems only, and no human team members can view your financial records.

10. Salesforce Data Processing

When you connect Salesforce, the following applies to your CRM data:

Data Accessed: With your authorization, we access sales records including leads, contacts, accounts, opportunities, cases, tasks, events, notes, quotes, products, and organization metadata from your Salesforce instance.
Enhanced Security: Salesforce integration uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for enhanced authorization security, preventing authorization code interception attacks.
Instance Isolation: Your Salesforce instance URL is stored to ensure all API calls are directed to your specific Salesforce organization. Only one active Salesforce connection is permitted per organization.
Processing Method: Salesforce data is accessed in real-time through secure REST API connections. We do not create local replicas of your Salesforce data.
AI Analysis: Our AI may analyze email content to extract contacts, accounts, opportunities, leads, cases, and tasks relevant to your Salesforce instance. This analysis is performed automatically without human review.
Environment Support: Both Salesforce production and sandbox environments are supported. Your connection environment type is stored to route API requests correctly.

11. Your Rights

Depending on your location, you may have the right to:

Access: Request a copy of your personal data
Correction: Update inaccurate or incomplete data
Deletion: Request deletion of your personal data
Portability: Receive your data in a structured format
Objection: Object to certain processing activities
Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, contact us at support@nionaai.com.

12. Cookies and Tracking

We use cookies and similar technologies to:

Maintain your session and preferences
Analyze usage patterns
Improve our service

You can control cookies through your browser settings.

13. Children's Privacy

Niona AI is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@nionaai.com
Website: https://nionaai.com
Support & Documentation: https://nionaai.com/docs#contact-us