This Privacy Policy explains how GetSupportX, Inc. ("GetSupportX", "we", "us") collects, uses, shares and protects personal data when you visit our website, create an account, or use the GetSupportX customer support platform (the "Service").
We act in two different roles. For the account, billing and website data of our business customers and visitors, we are a data controller. For the support content our customers process through the Service on behalf of their own end users (the people who contact our customers for support), we act as a data processor — our customer is the controller and decides why and how that data is processed.
Data we collect
We collect the following categories of personal data, depending on how you interact with us:
- Account data — name, work email, password hash, workspace and role, and the company you represent.
- Billing data — plan, seat count, billing contact and the limited transaction metadata returned by our payments provider. We do not store full card numbers.
- Usage and device data — log data, IP address, browser and device type, pages viewed and feature interactions, used to operate, secure and improve the Service.
- Support content — the messages, attachments, contact records, knowledge-base articles and conversation history our customers and their end users create in the Service. We process this on our customers' instructions.
- Cookies and similar technologies — small identifiers used for sign-in sessions, preferences and privacy-preserving analytics (see our Cookie Policy).
- Communications — messages you send to our sales, support or success teams.
How we use data
We use personal data to provide, secure, maintain and improve the Service, including to:
- Create and administer accounts, authenticate users and provision seats.
- Operate core support features — inbox, chat, knowledge base, automation and reporting.
- Provide AI features that are grounded in a customer's own knowledge base and conversations.
- Process payments, manage subscriptions and send service and billing notices.
- Detect, prevent and respond to fraud, abuse and security incidents.
- Provide customer support and respond to your requests.
- Send product updates and marketing where permitted, which you can opt out of at any time.
AI features are knowledge-base grounded. Customer data is not used to train shared or third-party foundation models. Any model used to serve a customer is given only that customer's content at inference time, and outputs are returned only to that customer's workspace.
Legal bases (GDPR)
Where the GDPR or UK GDPR applies and we act as a controller, we rely on the following legal bases:
- Performance of a contract — to provide the Service you have signed up for.
- Legitimate interests — to secure, operate, improve and market the Service, balanced against your rights.
- Legal obligation — to comply with tax, accounting and other legal requirements.
- Consent — for optional cookies and certain marketing communications, which you may withdraw at any time.
Where we act as a processor of support content, our customer is responsible for establishing a lawful basis for processing the data of their end users.
International transfers
We operate globally and may transfer personal data to countries other than your own, including the United States. Where we transfer data out of the European Economic Area, the United Kingdom or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum.
Data retention
We retain account and billing data for as long as your account is active and as needed to comply with legal, tax and accounting obligations. Support content is retained according to the retention settings of your plan and your own configuration, after which it is deleted or anonymized. Backups are retained on a rolling basis and expire automatically.
Security
We apply administrative, technical and organizational measures appropriate to the risk, including encryption in transit, encryption at rest, per-workspace data isolation, least-privilege access controls, audit logging, and regular review of our security posture. No method of transmission or storage is perfectly secure, but we work continuously to protect your data.
Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Erase your data, subject to legal retention requirements.
- Port your data to another service in a structured, machine-readable format.
- Object to or restrict certain processing, including direct marketing.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data protection authority.
To exercise these rights, contact us at [email protected]. If your data is processed by one of our customers as a controller (for example, you contacted a business that uses GetSupportX for support), please direct your request to that business; we will assist them as their processor.
Children
The Service is a business tool and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will update the date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.
Contact us
For privacy questions or to exercise your rights, email [email protected] or write to GetSupportX, Inc., 2261 Market Street, San Francisco, CA 94114, USA.