Skip to content

Privacy Policy

Last updated: May 2026

Effective 11 May 2026. Last updated 11 May 2026.

This Privacy Policy explains how Perfect Design Enterprise (trading as Cyrus) (“Cyrus,” “we,” “us”) collects, uses, stores, and shares personal data when you use our AI chat assistant platform at meetcyrus.ai and any associated services (the “Service”). In this policy, “Customer” refers to the business that creates an account and deploys a chatbot, and “End User” refers to the individuals who interact with that chatbot through any channel.

1. What We Collect

Account information

When a Customer signs up, we collect their email address, full name, and company name. We also store authentication credentials (hashed passwords) and team invite tokens.

Conversation data

Every message exchanged between an End User and a Cyrus-powered chatbot is stored, including the End User’s messages and the AI-generated responses. We also generate and store rolling conversation summaries (updated every three turns) and structured user profiles extracted from conversation content. User profiles may include: name, role, company, location, budget, preferences, past interests, and open questions.

Knowledge base content

Documents uploaded by the Customer (PDFs, HTML files, plain text, Markdown, and web pages ingested from URLs or sitemaps) are processed, chunked, and stored alongside their vector embeddings. Raw document content is retained to support re-processing.

Catalog and item data

If the Customer enables the structured catalog feature, we store product or service records (uploaded via CSV or XLSX), their attributes, column mappings, and searchable field configurations.

Analytics and feedback

We collect query analytics (including vector embeddings of queries), unanswered query logs for knowledge gap analysis, and message-level feedback (thumbs up/down) submitted by End Users. Each message records retrieval confidence scores, cost, and latency metrics.

Action events

When chatbot actions are triggered, we log the event type, payload, and result. This includes lead capture submissions (name, phone, email, company), booking records (service, date, time, attendee details), and escalation events (reason and conversation summary).

Channel credentials

If the Customer connects WhatsApp, Telegram, or other messaging channels, we store the required API credentials. All channel credentials are encrypted at rest using Fernet symmetric encryption before being written to the database.

LLM usage logs

We log metadata for every AI model call made by the Service, including: the type of call (chat, query rewrite, summarization, knowledge base audit, knowledge base generation), token counts (input and output), estimated cost, latency, the model and provider used, and the associated tenant and bot. These logs do not contain message content.

Technical data

We collect IP addresses for rate limiting (not stored long-term), API key hashes, and domain allow-list configurations for widget embeds.

2. How We Use It

  • Service delivery. We process conversation data through our retrieval-augmented generation (RAG) pipeline to generate accurate, contextual responses grounded in the Customer’s knowledge base.
  • Conversation memory. Every three conversation turns, we generate a rolling summary and extract a structured user profile. This allows the chatbot to maintain context across long conversations and recall relevant details from earlier in the exchange.
  • User profile extraction. We automatically extract structured information (name, role, company, location, budget, preferences, past interests) from conversation content to personalize responses. Scalar values are overwritten when updated; list values are merged and deduplicated.
  • Contact identity resolution. We link interactions from the same individual across channels (web widget, WhatsApp, Telegram) using phone number matching and email matching when voluntarily provided, creating a unified view of each contact.
  • Knowledge gap analysis. Unanswered queries and low-confidence responses are surfaced to Customers so they can identify and fill gaps in their knowledge base.
  • Booking management. When the booking action is enabled, we process availability checks, appointment creation, rescheduling, and cancellations. Slot generation respects configured business hours, blackout periods, and buffer times.
  • Lead qualification. When lead capture is enabled, the AI collects visitor contact details during conversations showing buying intent and stores them for the Customer to follow up on.
  • Automated knowledge base generation. We analyze existing knowledge base content against a checklist of recommended document types and can generate missing documents using AI. This involves sending existing content to LLM providers for analysis.
  • Cost tracking and billing. We track token usage and estimated costs across all AI model calls to manage platform costs and enforce tenant quotas.
  • Security and abuse prevention. We use rate limiting, duplicate message debouncing, and domain allow-lists to protect the Service from abuse.

3. Data Shared with LLM Providers

To generate AI-powered responses, we send conversation content and retrieved knowledge base context to third-party large language model (LLM) providers. This is a core part of how the Service works. The following providers may process your data:

  • OpenAI (San Francisco, US) — used for text embeddings (text-embedding-3-large), chat completions (GPT-4o, GPT-4o-mini), audio transcription (Whisper API for voice messages), and image analysis (GPT-4o vision for image messages). OpenAI Privacy Policy.
  • Anthropic (San Francisco, US) — used for chat completions (Claude Haiku, Claude Sonnet). Anthropic Privacy Policy.
  • Google (Mountain View, US) — used for chat completions (Gemini 2.0 Flash). Google Privacy Policy.
  • xAI (US) — used for chat completions (Grok). xAI Privacy Policy.

What is sent to providers

When a message is processed, we send the conversation context (recent messages or a rolling summary), retrieved knowledge base chunks relevant to the query, the bot’s system prompt (persona and behavioral instructions), and the End User’s current message. For tool-use calls (catalog search, lead capture, booking), we also send tool definitions and results.

What is NOT sent to providers

We do not include phone numbers, raw channel credentials, API keys, or other direct personally identifiable information in LLM requests. However, if an End User voluntarily shares personal information in their messages (such as their name, email, or company), that content will be included in the conversation context sent to the provider.

Provider data usage

All LLM providers we use offer API terms that prohibit training on API inputs. OpenAI, Anthropic, Google, and xAI do not use data submitted through their APIs to train or improve their models. Refer to each provider’s privacy policy linked above for their complete data handling practices.

The Customer is responsible for ensuring that their use of the Service, including the types of data their End Users share in conversations, complies with the terms of service of the applicable LLM providers and with all relevant data protection laws.

4. Media Processing

  • Voice and audio messages. Audio messages received through WhatsApp or Telegram are transcribed using OpenAI’s Whisper API. The audio is sent to OpenAI for transcription, and the resulting text is used as the End User’s message input. Original audio files are not stored long-term after transcription.
  • Image messages. Images received through messaging channels are analyzed using OpenAI’s GPT-4o vision capability at low detail resolution. The image is sent to OpenAI for analysis, and the description is used as conversation context. Original image files are not stored long-term after processing.
  • Documents. PDFs, HTML files, plain text, and Markdown documents uploaded to the knowledge base are extracted and processed through our ingestion pipeline. The extracted text is chunked, embedded, and stored. Raw document content is retained in the database for re-processing.
  • File size limits. Media uploads are limited to 25 MB per file.

5. Contact Identity and Deduplication

Cyrus maintains a unified contact graph that links interactions from the same individual across different channels.

  • WhatsApp. Phone numbers are automatically linked because Meta verifies phone ownership as part of the WhatsApp Cloud API. When an End User messages a bot via WhatsApp, their phone number is associated with their contact record.
  • Email matching. If an End User voluntarily provides their email address during a conversation (for example, during lead capture), we use it to link their interactions across channels where the same email appears.
  • Web widget. Widget conversations are identified by a locally-stored conversation ID with a 24-hour expiry. If an End User identifies themselves (via the programmatic identify API or during conversation), their contact record is linked.
  • Telegram. Users are identified by their Telegram user ID, namespaced to distinguish between direct messages and group conversations.

Contact records and their accumulated profile data persist for the lifetime of the Customer’s account. Profile information (name, role, company, location, budget, preferences, past interests) is accumulated across sessions and channels, with newer information overwriting older values for scalar fields and list fields being merged and deduplicated.

6. Sub-processors

We use the following third-party sub-processors to deliver the Service:

Sub-processorLocationPurpose
Hetzner Online GmbHGermany (Falkenstein)Infrastructure hosting (servers, database, Redis)
OpenAI, Inc.United StatesText embeddings, chat completions, audio transcription (Whisper), image analysis (GPT-4o vision)
Anthropic, PBCUnited StatesChat completions (Claude models)
Google LLCUnited StatesChat completions (Gemini models)
xAI Corp.United StatesChat completions (Grok models)
Meta Platforms, Inc.United StatesWhatsApp Cloud API (message delivery and webhook verification)
Telegram FZ-LLCUnited Arab EmiratesTelegram Bot API (message delivery and webhook handling)
Cloudflare, Inc.GlobalCDN, DNS, email routing

Message content and conversation data may be transferred to sub-processors located in the United States. By using the Service, Customers acknowledge this cross-border data transfer. Where required by applicable law, we rely on standard contractual clauses or equivalent mechanisms to safeguard such transfers.

7. Data Retention

  • Active account. All Customer data (knowledge base, conversations, analytics, bookings, leads, action events, LLM usage logs) is retained for the lifetime of the subscription.
  • Session memory. Raw conversation turns are cached in Redis with a 7-day automatic expiry. After expiry, the rolling summary and extracted user profile remain stored permanently alongside the conversation record in the primary database.
  • Conversation summaries. Rolling summaries generated every three turns are stored permanently as part of the conversation record for the duration of the account.
  • User profiles. Structured user profiles accumulated from conversation data are stored permanently on the contact record for the duration of the account.
  • Widget conversations. Conversations initiated through the web widget use localStorage with a 24-hour conversation TTL and a 50-message display limit on the client side. Server-side records follow the active account retention policy.
  • Closed account. When a Customer closes their account, all associated data (including all tenant-scoped records across all 24 database tables) is deleted within 90 days.
  • Backups. Database backups are retained for 30 days after creation and then permanently purged.
  • LLM provider retention. Data sent to LLM providers (OpenAI, Anthropic, Google, xAI) is subject to each provider’s own data retention policy. We do not control how long providers retain API request data. Refer to the provider privacy policies linked in Section 3.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access and export. Customers can export their data through the dashboard or via the admin API. This includes conversations, knowledge base content, leads, bookings, and analytics.
  • Deletion. Customers can request full erasure of their account and all associated data by contacting us at [email protected]. We will process deletion requests within 90 days. A full erasure endpoint exists for programmatic account deletion.
  • Correction. Customers can correct inaccurate information in their account, knowledge base, and bot configurations directly through the dashboard.
  • Objection. You may object to certain types of data processing. Contact us at [email protected] to discuss your specific situation.
  • Portability. You may request a copy of your data in a structured, machine-readable format.

Important limitation: data that has already been sent to LLM providers as part of generating AI responses cannot be retroactively deleted by us. Each provider’s own retention and deletion policies apply to data they have received. See Section 3 for provider links.

End Users who wish to exercise their rights should contact the Customer (the business operating the chatbot) in the first instance, as the Customer is the data controller for End User data (see Section 10).

9. Cookies and Analytics

We use minimal cookies and client-side storage, strictly for functional purposes:

  • pd_region (cookie) — stores the detected geographic region for localizing content and pricing. Functional only, not used for tracking.
  • pd_pricing_region (session storage) — stores the pricing region for the duration of the browser session. Cleared when the session ends.
  • pd_lang (cookie) — stores the user’s language preference for the marketing site.

We use Plausible Analytics for website analytics. Plausible is a privacy-focused analytics tool that does not use cookies, does not collect personal data, and does not track users across sites. All analytics data is aggregated and anonymous. No data is shared with advertising networks.

We do not use advertising cookies, retargeting pixels, or any third-party tracking scripts.

10. Data Controller and Data Processor

For the purposes of applicable data protection laws (including GDPR and PDPA):

  • The Customer (the business that creates an account and deploys a chatbot) is the data controller for all End User personal data processed through their chatbot. The Customer determines the purposes and means of processing End User data by configuring their bot, knowledge base, and enabled actions.
  • Perfect Design Enterprise (trading as Cyrus) acts as a data processor, processing End User personal data on behalf of and under the instructions of the Customer.

As the data controller, the Customer is responsible for:

  • Informing their End Users that their conversations are processed by an AI system.
  • Providing End Users with appropriate privacy disclosures about data collection.
  • Ensuring a lawful basis exists for processing End User personal data.
  • Responding to End User data subject requests (access, deletion, correction).
  • Ensuring their use case complies with the terms of service of the LLM providers used by the Service.

For Customer account data (the Customer’s own registration details, billing information, and administrative usage), Cyrus acts as the data controller.

11. Security

We implement the following technical measures to protect your data:

  • All channel credentials (WhatsApp tokens, Telegram bot tokens) are encrypted at rest using Fernet symmetric encryption.
  • API keys are stored as cryptographic hashes, not in plaintext.
  • User passwords are hashed using industry-standard algorithms.
  • Widget API keys enforce domain allow-lists, preventing unauthorized embedding.
  • All data in transit is encrypted via TLS (enforced by our reverse proxy with automatic certificate management).
  • Webhook signatures are verified using HMAC-SHA256 (WhatsApp) and constant-time token comparison (Telegram) to prevent forgery.
  • Rate limiting is applied per-plan, per-tenant, and per-IP to mitigate abuse.
  • Catalog queries use a safe parameterized query builder. The AI never generates or executes raw SQL.
  • All tenant-scoped database queries are filtered by tenant ID with no exceptions, ensuring strict data isolation between Customers.

12. Children

The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes that affect how we handle personal data, we will notify Customers via email at least 30 days before the changes take effect. Non-material changes (such as formatting updates or clarifications that do not alter the substance of the policy) may be made without advance notice. The “Last updated” date at the top of this page will always reflect the most recent revision.

14. Contact

If you have questions about this Privacy Policy or wish to exercise any of your data rights, contact us at:

Perfect Design Enterprise (trading as Cyrus)
Email: [email protected]
Website: meetcyrus.ai