Privacy Policy

This Privacy Policy explains how CloudSecNetwork LLC, doing business as DrusyAI ("DrusyAI," "we," "us," or "our"), collects, uses, stores, discloses, and protects personal information when you access our website, dashboard, WhatsApp-based AI business assistant, related APIs, integrations, support channels, and other services (collectively, the "Service").

DrusyAI helps businesses automate customer conversations, capture and qualify leads, schedule bookings, answer common questions, and route conversations to human team members. This Policy applies to business customers who subscribe to the Service, their authorized users, website visitors, and individuals who communicate with our customers through channels connected to DrusyAI, including WhatsApp.

Where a business customer uses DrusyAI to process messages or customer records, that customer is generally the data controller or business that determines why and how personal information is processed, and DrusyAI acts as a processor or service provider. Where we collect information for our own website, account administration, billing, security, analytics, and marketing purposes, we may act as an independent controller or business.

We collect information that you provide directly, information generated through use of the Service, information received from connected channels and integrations, and information from trusted third parties where permitted by law.

• Account and contact information, such as name, business name, job title, email address, phone number, login credentials, billing contact details, and support communications.
• Business configuration information, such as workspace settings, business hours, services, locations, product or service descriptions, knowledge-base content, team member permissions, conversation routing preferences, and automation rules.
• WhatsApp and messaging data, such as phone numbers, profile names, message content, attachments, timestamps, delivery and read status, conversation labels, agent assignment, opt-in or opt-out indicators, and metadata provided by WhatsApp or other connected messaging providers.
• Lead, booking, and customer relationship data, such as customer names, contact details, inquiry details, appointment preferences, notes, tags, transaction context, and status updates entered by users or generated by workflows.
• AI interaction data, including prompts, customer messages, knowledge-base snippets used for context, AI-generated drafts or responses, confidence signals, moderation or safety flags, and human review or override actions.
• Payment and subscription information, such as plan type, invoices, payment status, tax information, and limited payment metadata. Full card numbers are processed by our payment processors and are not intentionally stored by DrusyAI.
• Device, usage, and log information, such as IP address, browser type, device identifiers, pages viewed, referring URLs, session activity, error logs, authentication events, and approximate location derived from IP address.
• Cookies, pixels, and similar technologies, as described in the cookies and analytics section below.

• Provide, operate, maintain, and improve the Service, including account management, conversation automation, lead capture, booking workflows, support handoff, and reporting.
• Generate, draft, personalize, route, and analyze AI-assisted responses based on customer instructions, connected knowledge sources, conversation history, and configured business rules.
• Authenticate users, manage permissions, prevent unauthorized access, monitor abuse, debug errors, and maintain the security and reliability of the Service.
• Process subscriptions, invoices, payments, taxes, renewals, and related account notices.
• Provide onboarding, customer support, administrative messages, product updates, and service-related communications.
• Analyze product performance, usage trends, feature adoption, and marketing effectiveness, including through aggregated or de-identified information where appropriate.
• Comply with legal obligations, enforce our agreements, protect rights and safety, respond to lawful requests, and resolve disputes.
• Send marketing communications where permitted by law and honor unsubscribe or opt-out requests.

DrusyAI may process WhatsApp messages and metadata on behalf of business customers when they connect their WhatsApp Business account or an approved messaging provider. Customers are responsible for obtaining any required permissions, consents, notices, and lawful bases before sending messages to individuals or connecting conversations to DrusyAI.

Messages may be ingested, stored, analyzed, classified, summarized, routed, and used to produce AI-generated drafts or responses according to the customer’s configuration. DrusyAI may also process delivery receipts, opt-out signals, templates, attachments, and message metadata necessary to provide and secure the Service.

We do not sell WhatsApp message content. We do not use WhatsApp message content to target unrelated third-party advertising. If a customer enables AI features, message content and relevant business context may be shared with AI model providers or infrastructure vendors solely to provide the requested functionality, subject to contractual safeguards.

DrusyAI uses artificial intelligence and automation to draft or send responses, classify inquiries, summarize conversations, recommend next actions, and assist with business workflows. AI-generated output may be inaccurate, incomplete, or inappropriate in certain contexts, and customers should configure safeguards, escalation rules, and human review appropriate for their business and industry.

Customers are responsible for deciding whether AI-generated drafts are sent automatically or reviewed by a human agent. DrusyAI may log prompts, inputs, outputs, context, and feedback to provide the Service, troubleshoot issues, improve customer-specific configurations, and maintain safety and security. Where we use data to improve the Service more generally, we use appropriate contractual, technical, and organizational controls and, where feasible, aggregated or de-identified data.

DrusyAI is not intended to make decisions that produce legal or similarly significant effects without meaningful human involvement. Customers must not use the Service for prohibited or high-risk use cases without appropriate legal review and safeguards.

Where the GDPR, UK GDPR, or similar laws apply, we process personal information under one or more legal bases, including performance of a contract, legitimate interests, consent, compliance with legal obligations, and, where applicable, protection of vital interests. Our legitimate interests include operating and securing the Service, improving functionality, communicating with customers, preventing fraud and abuse, and developing our business in a manner that does not override individual privacy rights.

We share personal information only as described in this Policy, as directed by our customers, or as otherwise permitted by law.

• Service providers and subprocessors that support hosting, storage, communications, analytics, payment processing, customer support, security, AI processing, and operational tooling.
• Messaging and integration partners, including WhatsApp Business platform providers, CRM systems, calendar tools, helpdesk tools, payment platforms, analytics services, and other third-party services that a customer chooses to connect.
• Customer administrators and authorized users within the relevant customer workspace, according to configured permissions.
• Professional advisers, auditors, insurers, and legal representatives where necessary for business operations or compliance.
• Authorities, courts, regulators, or other parties when we believe disclosure is required by law, legal process, or to protect rights, safety, and security.
• Successors in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction, subject to appropriate confidentiality safeguards.

Customers may connect DrusyAI to third-party services such as WhatsApp Business providers, CRMs, calendars, analytics platforms, payment processors, helpdesk tools, and automation platforms. When a customer enables an integration, DrusyAI may exchange information with that third party as needed to provide the integration.

Third-party services are governed by their own terms and privacy policies. Customers should review those policies and ensure they have authority to connect the integration and transfer relevant data. DrusyAI is not responsible for the privacy practices of third-party services that are not acting as our subprocessors.

We may use cookies, local storage, pixels, SDKs, and similar technologies to operate our website and Service, remember preferences, authenticate users, improve performance, analyze usage, prevent fraud, and measure marketing campaigns.

Depending on your location, we may request consent before using non-essential cookies. You can control cookies through your browser settings and, where available, our cookie preference tools. Disabling certain cookies may affect website or Service functionality.

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and fulfill the purposes described in this Policy. Retention periods vary depending on the type of information, customer configuration, contractual commitments, legal requirements, and operational needs.

Customer-controlled content, including conversations, leads, and booking records, is generally retained according to the customer’s subscription settings, instructions, and applicable agreement. We may retain backups, logs, billing records, security records, and legal compliance records for limited periods after deletion from active systems.

We use administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, encryption in transit, monitoring, logging, least-privilege permissions, vendor diligence, employee confidentiality obligations, and incident response procedures.

No method of transmission or storage is completely secure. Customers are responsible for maintaining strong passwords, limiting authorized user access, configuring appropriate permissions, reviewing AI automation settings, and promptly notifying us of suspected unauthorized use of their account.

We and our service providers may process personal information in countries other than where individuals reside. These countries may have data protection laws that differ from those in your jurisdiction. Where required, we use appropriate safeguards for international transfers, such as standard contractual clauses, data processing agreements, transfer impact assessments, or other lawful transfer mechanisms.

Depending on your location and relationship with DrusyAI, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal information, withdraw consent, opt out of certain processing, appeal a decision, or lodge a complaint with a data protection authority.

If you are an end user communicating with a business that uses DrusyAI, please contact that business first because it controls the relevant conversation and customer records. We will support our customers in responding to valid privacy requests as required by applicable law and our agreements.

California residents may have rights under the CCPA/CPRA, including the right to know, delete, correct, limit use of sensitive personal information, and opt out of sale or sharing. DrusyAI does not sell personal information as the term is commonly understood. If we engage in activities considered a sale or sharing under applicable law, we will provide required notices and opt-out mechanisms.

You may opt out of marketing emails by using the unsubscribe link in those emails or contacting us. We may still send transactional or service-related communications, such as security alerts, billing notices, support messages, and changes to terms or policies.

The Service is intended for business use and is not directed to children under 13, or the minimum age required by applicable law. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. When we make material changes, we will take reasonable steps to notify customers, such as by posting the updated Policy on our website, updating the effective date, or sending a notice through the Service. Your continued use of the Service after an update means the updated Policy applies, where permitted by law.

If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, contact us using the details below. We review privacy requests promptly and respond within the time required by applicable law.

• Legal entity: CloudSecNetwork LLC
• Postal address: 2055 Limestone Road, Suite 200-C, Wilmington, DE 19808, United States
• Email: hello@cloudsecnetwork.com
• Data Protection Officer or EU/UK Representative, if applicable: not currently appointed; privacy requests may be sent to hello@cloudsecnetwork.com