Privacy Policy
Last Updated: January 13, 2026
Our Privacy Promise
At SMS CPQ, we believe your business data belongs to you. We built Audrey with privacy-by-design principles, ensuring your conversations and business information are protected with enterprise-grade security. We never sell your data to third parties.
Encrypted Data
TLS 1.3 in transit, AES-256 at rest
No Data Sales
Your data is never sold to third parties
Limited Retention
Data retained only as long as needed
Access Controls
Role-based access to protect your data
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address: Used for authentication and important service communications
- Name: To personalize your experience
- Profile information: Optional details you choose to provide
Conversation Data
When you use Audrey, we process:
- Your questions and messages: To provide relevant responses
- Product inquiries: To look up specifications and inventory
- Session information: To maintain conversation context
Technical Information
We automatically collect:
- Device information: Browser type, operating system for compatibility
- Usage data: Features used, response times for service improvement
- Error logs: To identify and fix technical issues
2. How We Use Your Information
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account information | Authentication, personalization | Contract performance |
| Conversation data | Provide AI assistance, improve responses | Contract performance |
| Technical data | Service operation, security, debugging | Legitimate interest |
| Usage analytics | Service improvement | Legitimate interest |
What We Don't Do
We do NOT sell your personal information or conversation data. We do NOT share your business inquiries with competitors. We do NOT use your data for advertising purposes.
3. AI and Data Processing
Audrey uses artificial intelligence to provide responses. Here's how we handle AI-related data:
How AI Processing Works
- Query processing: Your questions are processed by our AI system to generate helpful responses
- Context retention: Within a session, conversation context is maintained to provide coherent assistance
- No training on your data: Your specific conversations are not used to train external AI models
Third-Party AI Services
We use Anthropic's Claude AI to power Audrey's responses. Anthropic processes queries according to their enterprise privacy policies, which include:
- No retention of business data for model training
- Enterprise-grade security and encryption
- SOC 2 Type II compliance
4. Data Security Measures
We implement comprehensive security measures to protect your data:
Technical Safeguards
- Encryption in transit: All data transmitted using TLS 1.3
- Encryption at rest: Data stored using AES-256 encryption
- Secure authentication: Enterprise authentication via Clerk with MFA support
- Network security: Firewalls, intrusion detection, and DDoS protection
Operational Safeguards
- Access controls: Role-based access limiting who can view data
- Audit logging: All data access is logged and monitored
- Employee training: Staff trained on data protection best practices
- Incident response: Documented procedures for security incidents
5. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Until account deletion | Service provision |
| Conversation history | 90 days (adjustable) | User convenience, continuity |
| Technical logs | 30 days | Security, debugging |
| Analytics data | 12 months (anonymized) | Service improvement |
6. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data
- Export: Receive your data in a portable format
- Opt-out: Opt out of non-essential data processing
To exercise these rights, contact us at privacy@sms-cpq.com.
7. Third-Party Services
We use the following third-party services:
- Clerk: Secure authentication and user management
- Anthropic: AI processing for conversation responses
- Cloud hosting: Secure, SOC 2 compliant infrastructure
Each provider is selected for their commitment to security and privacy. We ensure appropriate data processing agreements are in place.
8. Cookies and Tracking
We use minimal, necessary cookies:
- Authentication cookies: To keep you logged in securely
- Session cookies: To maintain conversation context
- Preference cookies: To remember your settings
We do not use advertising cookies or third-party tracking for marketing purposes.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through:
- Email notification to registered users
- Prominent notice within the Service
- Updated "Last Updated" date at the top of this page
10. For IT and Security Teams
Enterprise Security Information
For detailed security documentation, compliance certifications, or to discuss enterprise security requirements, please contact our security team:
- Security questionnaire requests: privacy@sms-cpq.com
Privacy Questions?
If you have questions about this Privacy Policy or how we handle your data:
Email: privacy@sms-cpq.com
Mail: SMS CPQ, Attn: Privacy Officer, 1115 Industrial Parkway, Brick, NJ 08724
We aim to respond to all privacy inquiries within 5 business days.