Privacy Policy

Selox is a product developed and operated by SE&LO INC, a company that provides artificial intelligence services through an online platform.

At Selox, we are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

By using the Selox Service, you consent to the data practices described in this policy.

We collect the following types of information:

• Account information: Name, email address, company name, and role when you create an account.
• Documents and content: Files you upload (PDFs, manuals, catalogs) for processing and knowledge indexing.
• Conversation data: Messages exchanged between your end-users and your AI agents.
• Technical data: IP address, browser type, device information, and usage analytics.
• Billing data: Payment information is processed directly by Stripe. We do not store your full credit card number on our servers.

We use your data exclusively for the following purposes:

• Service provision: Processing your documents, generating vector embeddings, and powering your AI agents.
• Account management: Authenticating your identity, managing your subscription, and communicating with you.
• Billing: Processing payments, managing subscriptions, and sending invoices through Stripe.
• Support: Responding to your inquiries and providing technical assistance.
• Improvement: Analyzing aggregated, anonymized usage patterns to improve the Service.

We do not sell your personal data to third parties. We do not use your uploaded content to train AI models.

Lead Information: Our Service may identify and capture lead information from conversations between your end-users and your AI agents, such as names, email addresses, and phone numbers voluntarily provided during the conversation. This information is stored within your tenant environment and is accessible through your administration panel. You are responsible for ensuring that you have appropriate legal basis to collect and process this lead information in accordance with applicable privacy laws.

When you upload documents to Selox, we process them as follows:

• Documents are parsed, chunked into segments, and converted into vector embeddings.
• Vector embeddings are stored in a dedicated vector database (Qdrant) isolated by your tenant identifier.
• Original documents are stored securely in object storage (MinIO).
• All document data is strictly isolated per tenant. No data is shared between organizations.

Document processing is automated and occurs on our infrastructure. No human reviews your document content during normal operations.

When your AI agents generate responses, the following data flow occurs:

1. Your end-user sends a message through a connected channel (WhatsApp, Telegram, or web chat).
2. The message is received by Selox's infrastructure and matched to your tenant environment.
3. Relevant document excerpts are retrieved from your knowledge base using semantic search.
4. The end-user's message and relevant document excerpts are sent to a third-party Large Language Model (LLM) provider to generate a response.
5. The generated response is delivered back to the end-user through the original channel.

Data sent to LLM providers:

• The end-user's current message and limited conversation history
• Relevant excerpts from your uploaded documents
• System instructions you have configured for your agent

Data NOT sent to LLM providers:

• Your full document library
• Account credentials or billing information
• Data from other tenants

LLM providers process this data solely to generate responses and do not use it to train or improve their models when accessed through our API agreements.

We use the following third-party services to operate the platform:

• Large Language Model (LLM) providers: To generate AI responses. Conversation context and document excerpts may be sent to LLM providers during agent interactions. We select providers that comply with data protection standards.
• Stripe: For payment processing. Stripe handles your billing data under their own privacy policy.
• WhatsApp and Telegram APIs: For messaging channel integrations. Messages flow through these platforms according to their respective privacy policies.

We carefully select third-party providers and require them to handle data in accordance with applicable data protection regulations.

We implement robust security measures to protect your data:

• Multi-tenant isolation: All data is strictly separated by tenant identifier (tenantId). Database queries, vector searches, and file storage are all scoped to your tenant.
• Encryption: Data is encrypted in transit (TLS) and at rest.
• Infrastructure: Data is stored in PostgreSQL (relational data), Qdrant (vector embeddings), and MinIO (document files).
• Access controls: Role-based access within each tenant, with audit logging for administrative actions.

Depending on your jurisdiction (including GDPR and CCPA), you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data and uploaded documents.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request that we limit the processing of your data.
• Objection: Object to specific types of data processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

This section applies to residents of California and supplements our Privacy Policy with disclosures required under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected:

• Identifiers (name, email address, IP address, account credentials)
• Commercial information (subscription plan, billing history)
• Internet or electronic network activity (browser type, device information, usage analytics)
• Professional or employment-related information (company name, job role)

Business Purpose for Collection: Service provision, account management, billing, support, and aggregated analytics for service improvement.

Sale or Sharing of Personal Information: We do NOT sell or share your personal information as defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.

Your California Privacy Rights:

• Right to Know: Request what personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the sale or sharing of personal information (not applicable as we do not sell or share).
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

Selox uses minimal cookies for essential functionality:

• Session cookies: To maintain your authenticated session.
• Preference cookies: To remember your language selection and display preferences.

We do not use advertising or third-party tracking cookies.

We retain your data for the following periods:

• Account data: For the duration of your active account plus 30 days after cancellation.
• Documents and vectors: For the duration of your active account. Deleted upon account cancellation after the 30-day grace period.
• Conversation logs: For the duration of your active account, subject to your plan's retention settings.
• Billing records: As required by applicable tax and financial regulations (typically 7 years).
• Technical logs: Up to 90 days for security and debugging purposes.

Selox is operated by SE&LO INC from the United States. Your data is processed and stored on infrastructure located in the United States.

If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to the transfer of your information to the United States.

For users in the European Economic Area (EEA), we rely on your explicit consent and the necessity of data processing for the performance of our contract with you as the legal basis for international data transfers.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice in the Service. Your continued use of the Service after notification constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

SE&LO INC
62 NE 167th St Antm, Unit #117
Miami, FL 33162
Email: [email protected]