Mosaiq AS ("we", "us", "KonversAI") is committed to protecting your privacy. This statement explains what personal data we process, why we process it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable privacy legislation.
1Data controller
The data controller for your personal data is:
Mosaiq AS is a Norwegian company and processes your data in compliance with the GDPR and applicable privacy legislation.
2Data we collect
We collect the following categories of personal data:
- Contact information: Name, email address, phone number and company name when registering or submitting contact requests.
- Usage data: Information about how you use the service, including page views, click patterns, time of use and device type.
- Customer inquiries: The content of messages and conversations processed through the KonversAI solution on behalf of our customers. This data belongs to the customer (the data processing relationship is governed by a separate data processing agreement).
- Payment information: Billing details are processed by our payment provider and are not stored with us.
- Technical information: IP address, browser type, operating system and cookies.
3Purposes of processing
We process personal data for the following purposes:
- Deliver the service: Create and manage user accounts, manage subscriptions and provide access to the KonversAI platform.
- Improve the service: Analyse usage patterns to improve functionality, performance and user experience.
- Improve the AI model: Anonymised and aggregated data may be used to train and improve AI models, unless you have opted out.
- Support and communication: Respond to inquiries, send technical notifications and provide customer support.
- Billing: Process payments and issue invoices.
- Legal obligations: Comply with accounting laws and other legal requirements.
4Legal basis
We process your personal data on the following legal bases (GDPR Article 6):
- Contract (Art. 6(1)(b)): Processing necessary to fulfil the agreement with you as a customer or user.
- Consent (Art. 6(1)(a)): Where you have given explicit consent, e.g. for marketing communications or use of data for AI improvement.
- Legitimate interests (Art. 6(1)(f)): For analytics and service improvement purposes, where our interests are not overridden by your privacy interests.
- Legal obligation (Art. 6(1)(c)): Processing required to comply with legal requirements, including accounting legislation.
5Sharing with third parties
We never sell your personal data. We share data only in the following cases:
- AI processing: Content processed by KonversAI may be sent to AI sub-processors (e.g. large language models). These process data solely on our behalf and are bound by data processing agreements.
- Cloud infrastructure and hosting: We use infrastructure providers operating servers within the EEA.
- Payment processor: Payment information is shared with a certified payment provider for billing and transaction processing.
- Analytics: Anonymised usage data may be shared with analytics tools to understand and improve the service.
- Legally required disclosure: We may disclose data to public authorities if legally required to do so.
All third parties processing personal data on our behalf are bound by data processing agreements and may not use the data for their own purposes.
6Storage and security
Geographic location: Your data is stored on servers in Norway and/or the EEA. We do not transfer personal data to countries outside the EEA without a valid transfer mechanism in place (e.g. EU Standard Contractual Clauses).
Security measures: We use encryption in transit (TLS) and at rest, access control based on the principle of least privilege, regular security assessments and access logging.
Retention periods: Personal data is not stored longer than necessary for the purpose:
- Account data: deleted 30 days after the account is closed.
- Accounting data: retained for 5 years in accordance with accounting legislation.
- Conversation logs: deleted after the agreed period with the customer (default 90 days).
7Your rights
Under the GDPR you have the following rights:
- Access (Art. 15): You may request a copy of the personal data we hold about you.
- Rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
- Erasure (Art. 17): You may request the deletion of your data («the right to be forgotten»), unless we have a legal obligation to retain it.
- Restriction (Art. 18): You may ask us to restrict the processing of your data in certain circumstances.
- Data portability (Art. 20): You may request your data in a machine-readable format.
- Objection (Art. 21): You may object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Send requests to exercise your rights to contact@mosaiq.ai. We will respond within 30 days.
9Contact information
If you have questions about this statement or how we process your personal data, please get in touch:
We reserve the right to update this privacy statement. For material changes we will notify you by email or through the service. The current version is always available at konvers.ai/privacy.