Privacy Policy

1. Overview

This Privacy Policy describes how Garcia Multimedia LLC, operating Symkind ("Symkind," "we," "us," or "our"), collects, uses, and protects information in connection with the Symkind platform, website (symkind.ai), WordPress plugin, embeddable chat widget, and associated services (collectively, the "Service").

This policy applies to two distinct categories of people:

• Subscribers (site owners) — businesses and individuals who purchase or register for Symkind services.
• End users (visitors) — visitors who interact with a Symkind chat widget on a Symkind subscriber's website.

2. Information We Collect

From Subscribers

When you register for an account, purchase a subscription, or configure the Service, we collect:

• Contact information (name, email, phone, business name, business address)
• Payment information (processed by Stripe; Symkind does not store full card numbers)
• Business content you provide for your genome (company description, services, voice, operational details)
• Website URLs where you deploy the Service
• Configuration preferences (agent selection, tier, widget appearance)
• Account activity logs (logins, configuration changes)

From End Users (Visitors Interacting with the Chat Widget)

When a visitor interacts with a Symkind agent via the chat widget on a subscriber's site, we process:

• The text of messages the visitor sends
• The text of agent responses
• An anonymous session identifier generated client-side (not tied to personal identity)
• The page URL where the widget is embedded
• Standard HTTP request metadata (IP address, user-agent string) for routing and abuse prevention

We do NOT automatically collect visitor names, email addresses, or phone numbers. If a visitor voluntarily provides such information in the course of the conversation (for example, when the agent is capturing a lead and the visitor agrees to be contacted by the business), that information is included in the conversation content and transmitted to the subscriber.

3. How We Use Information

Subscriber Information

• To provide, operate, and improve the Service
• To bill subscribers and manage accounts
• To provide customer support
• To communicate about service updates, billing, and account security
• To comply with legal obligations

Visitor Conversation Content

• To generate agent responses in real time
• To produce a Lead Intelligence Brief delivered to the subscriber when the conversation meets lead-capture criteria
• For subscribers at Senior tier and above, to build a compressed memory record of the visitor's prior conversations so the agent can recognize returning customers (as disclosed by the subscriber on their site)

We do NOT sell visitor conversation content to third parties. We do NOT use visitor conversation content to train public language models. Conversation content is used to operate the Service for the specific subscriber whose widget the visitor used.

4. Data Retention

Associate Tier

Conversations are processed in real time and are not retained beyond the immediate session. Session memory (within a single conversation) is held in browser storage and on our servers for the duration of the session and then discarded.

Senior Tier and Above

Compressed memory records are retained to support returning-customer recognition. Memory records contain summary information (customer identity markers voluntarily provided, prior intent, outstanding commitments) rather than raw transcripts. Subscribers and end users may request deletion of memory records at any time by contacting the subscriber's business or by emailing contact@symkind.ai. Records are deleted within thirty days of a verified request.

Subscriber Account Data

Retained for the duration of the subscription plus a reasonable post-termination period (typically 90 days) to handle billing, support, and tax records. Longer retention applies where required by law.

5. How We Share Information

We share information only in the following circumstances:

• With the subscriber whose widget was used. Conversation content from a subscriber's widget belongs to that subscriber. We transmit Lead Intelligence Briefs and memory records to the subscriber.
• With third-party service providers acting on our behalf:
  • Anthropic — operates the large language model used to generate agent responses. Anthropic processes message content in real time to produce responses. Anthropic's terms and privacy practices apply to this processing.
  • Stripe — processes subscription payments.
  • Hostinger — provides the underlying infrastructure hosting.
• When required by law. We will disclose information if required by a valid legal process (subpoena, court order, law enforcement request) or when necessary to protect safety, property, or rights.
• In a business transfer. If Symkind is involved in a merger, acquisition, or asset sale, information may be transferred to the acquiring entity, subject to the terms of this policy.

We do NOT sell personal information to third parties. We do NOT share conversation content across subscribers.

6. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information, including:

• Access — request a copy of the personal information we hold about you.
• Correction — request that we correct inaccurate information.
• Deletion — request that we delete your information, subject to legal retention obligations.
• Portability — request a copy of your information in a portable format.
• Objection or restriction — object to or restrict certain uses of your information.
• Withdrawal of consent — where processing is based on consent, withdraw that consent at any time.
• Right to lodge a complaint with a data protection authority.

To exercise these rights, contact us at contact@symkind.ai. We verify requests before acting to protect account security.

7. GDPR (European Users)

For users in the European Economic Area and the United Kingdom, the legal bases for our processing include: performance of our contract with you (subscribers), legitimate interests (service operation, fraud prevention), consent (where specifically requested), and legal obligation. Subscribers deploying the Service in the EEA/UK are responsible for obtaining the consents required by applicable law from their end users.

8. CCPA (California Users)

California residents have rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to deletion, the right to opt out of "sale" or "sharing" of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights. To exercise these rights, contact us at contact@symkind.ai.

9. Children's Privacy

The Service is not directed to children under 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will delete it. Parents or guardians who believe their child may have provided personal information should contact us.

10. Cookies and Similar Technologies

The Symkind chat widget uses a small amount of browser-local storage (localStorage) to maintain conversation state within a session and to generate the anonymous session identifier. This storage is restricted to the subscriber's site and is not shared across sites. The Symkind website itself uses standard session cookies for authentication and analytics (where applicable).

11. Data Security

We use reasonable technical and organizational measures to protect information, including TLS encryption in transit, access controls, and regular security review of our infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we work continuously to protect information against foreseeable risks.

12. International Data Transfer

Symkind operates in the United States, and information is processed on our servers and on the servers of our third-party providers (which may include the United States). If you access the Service from outside the US, your information may be transferred to and processed in the US. We rely on appropriate safeguards for international data transfers, including standard contractual clauses where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date and, where practical, communicated to subscribers via email. Your continued use of the Service after such changes constitutes acceptance of the revised policy.