utopica

Privacy Policy

Effective Date: July 4th, 2025

This Privacy Policy (“Policy”) explains how UTOPICA Inc. - a Delaware corporation - (“UTOPICA,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects information in connection with our websites, applications, and related services (collectively, the “Service”). This Policy is incorporated into and forms part of our Terms of Service (“Terms”). Capitalized terms not defined here have the meanings in the Terms.

1. Scope

This Policy applies to:

  • Visitors who browse our websites or other publicly available parts of the Service;
  • Customers (organizations) and their Authorized Users who access or use the Service; and
  • Prospective customers who interact with our sales, marketing, or support channels.

This Policy does not apply to third-party websites, products, or services that we do not control, even if we link to them.

2. Key Definitions

  • “Personal Information” means information about an identified or identifiable individual, or that is linked or reasonably linkable to an identified or identifiable individual. Under Canadian law (including PIPEDA), this is generally referred to as “personal information.”
  • “Customer-Owned Content” means: (A) Final Output, (B) Original Onboarding Data, and (C) User Uploads, each as defined below.
  • “Final Output” means the specific, final version of content generated by the Service and presented to you (e.g., the final article, script, image, audio file, or video file). Final Output excludes drafts, alternatives, intermediate steps, system messages, logs, metadata, and transcripts.
  • “Original Onboarding Data” means the documents and materials you provide via email, forms, or other onboarding channels to begin or support implementation (e.g., brand guidelines, example content, style guides, playbooks, and similar onboarding documents).
  • “User Uploads” means documents, images, text, audio, video, or other materials that an Authorized User manually uploads to the Service (excluding browsing-only data and excluding User Interactions as defined below).
  • “User Interactions” means prompts, instructions, chat logs, messages, transcripts (including audio-to-text), session-level inputs and outputs as they appear within conversational or workflow logs, clickstream and feature-usage events, and related usage metadata generated by or captured through use of the Service. User Interactions are not Customer-Owned Content.
  • “Service Data” means Usage Data, operational telemetry, logs, debugging data, security events, aggregated analytics, and de-identified or anonymized derivatives.

3. Roles and Responsibilities (Customer vs. UTOPICA)

Where Personal Information is processed in connection with an organization's use of the Service, the Customer generally determines the purposes for which Personal Information is submitted to the Service. UTOPICA processes such information to provide the Service, to secure it, and as otherwise described in this Policy and the Terms.

Important: Customers are responsible for ensuring they have the right and legal basis to submit Personal Information, including obtaining any required notices and consents (for example, for voice recordings or call recording).

4. Information We Collect

4.1 Information you provide (Account, Billing, and Communications)

  • Account registration details (name, business email, job title, organization, role);
  • Billing and payment details (processed by our payment processor; we do not store full payment card numbers);
  • Support requests, feedback, and communications with us (which may include recordings if we notify you);
  • Information submitted through forms, scheduling links, or onboarding intake.

4.2 Customer-Owned Content (processed to provide the Service)

  • Original Onboarding Data (as defined above);
  • User Uploads (as defined above);
  • Final Output (as defined above).

4.3 User Interactions and Service Data (collected automatically when you use the Service)

  • Prompts, chat logs, transcripts, and workflow logs (User Interactions);
  • Device and browser information, IP address, approximate location (derived from IP), language settings;
  • Log files, timestamps, performance diagnostics, error reports, security events;
  • Feature usage and usage-credit consumption events.

4.4 Cookies and similar technologies

We use cookies and similar technologies that are necessary to operate the Service (e.g., session authentication and security), and may use limited analytics cookies to understand site performance. You can control cookies via browser settings; if you disable essential cookies, parts of the Service may not function properly.

4.5 Prohibited / sensitive data

Unless we expressly agree in writing, you must not submit: (i) protected health information regulated by HIPAA, (ii) payment card data regulated by PCI-DSS, (iii) classified or export-controlled technical data (ITAR/EAR), or (iv) children's Personal Information under 13.

5. How We Use Information

5.1 To provide, maintain, and secure the Service

  • Create and administer accounts and Authorized Users;
  • Provide onboarding, configuration, and customer support;
  • Process payments and manage subscriptions;
  • Generate Final Output requested by users;
  • Monitor for fraud, abuse, and security incidents.

5.2 To improve and develop the Service (training and model improvement)

We use User Interactions and Service Data to develop, evaluate, and improve the Service, including training and improving our models, workflows, and methodologies. This may include creating aggregated, de-identified, or anonymized datasets and derived insights.

We do not claim ownership of Customer-Owned Content. We process Customer-Owned Content to provide the Service, and we may retain anonymized or de-identified derivatives and insights derived from User Interactions and Service Data for model improvement and legal compliance.

5.3 To communicate with you

  • Send transactional messages (security alerts, invoices, account notices);
  • Send product updates and marketing communications where permitted by law (you can opt out of marketing emails).

5.4 For legal and compliance purposes

  • Comply with lawful requests and applicable laws;
  • Enforce our Terms and protect our rights, users, and the public;
  • Maintain records needed for tax, accounting, and audit requirements.

6. How We Share Information

6.1 Service providers and subprocessors

We may share information with vendors who help us operate the Service (e.g., hosting, authentication, analytics, customer support, and payment processing). These providers are authorized to process information only as needed to provide services to us and are contractually required to protect it.

6.2 AI infrastructure providers

We may route certain User Interactions and/or Customer-Owned Content to third-party AI infrastructure providers solely to provide requested inference and processing results. Provider practices may change over time and are governed by their terms. UTOPICA remains responsible for our vendor management obligations, but third-party providers operate their own systems and controls.

6.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of our business or assets, information may be transferred as part of that transaction, subject to applicable law.

6.4 Legal disclosures

We may disclose information if we reasonably believe disclosure is required by law or legal process, or necessary to protect rights, safety, and security.

7. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, including providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements.

  • Account and billing records: retained for the life of the account and thereafter as required by law (commonly up to 7 years for tax/accounting, depending on jurisdiction).
  • Customer-Owned Content (Final Output, Original Onboarding Data, User Uploads): retained while the account is active. After cancellation, Customers may request deletion as described in Section 9.
  • User Interactions and Service Data: may be retained to operate, secure, support, and improve the Service, including maintaining anonymized/de-identified training datasets and derived insights, and for legal compliance.
  • Backups: deleted information may persist in backups for a limited period as part of routine backup cycles, and will be removed when backups are rotated, unless legally required to retain.

8. Cross-Border Processing (United States and Canada)

The Service is operated primarily in the United States, and information may be stored and processed in the United States. If you are located in Canada, this means your information may be subject to U.S. laws and lawful access requests by U.S. authorities. We use contractual and technical safeguards designed to protect information during cross-border processing.

9. Your Rights and Choices

9.1 Access, correction, and deletion

Depending on your location and applicable law, you may have rights to request access to, correction of, or deletion of certain Personal Information. Customers may also request deletion of Customer-Owned Content after cancellation as described below.

9.2 Deletion of Customer-Owned Content after cancellation

Upon account cancellation, the Customer may request the permanent deletion of: (A) Final Output, (B) Original Onboarding Data, and (C) User Uploads. We will act on verified requests within a commercially reasonable time (typically within 30 days), subject to limited exceptions (e.g., legal compliance, security, fraud prevention, and maintaining de-identified/anonymized training data and derived insights).

9.3 Marketing opt-out

You may opt out of marketing emails using the unsubscribe link in the message. Transactional or security messages are not subject to opt-out.

9.4 How to exercise rights

Email contact@utopica.ai with the subject line “Privacy Request.” We may need to verify identity and authority before responding.

10. Audio and Voice Data

If the Service processes audio or voice data, Customers are responsible for providing legally required notices and obtaining legally required consents from individuals whose voices are captured (including under applicable U.S. state biometric and call-recording laws). We process such data to provide, secure, and improve the Service as described in this Policy and the Terms.

11. Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect information. However, no system can be guaranteed to be 100% secure.

12. Children's Privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect Personal Information from children under 13.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice as required by law (for example, via email or in-app notice). Continued use of the Service after the effective date of the updated Policy means you accept the updated Policy.

14. Contact / Privacy Officer

If you have questions or complaints about privacy, contact our Privacy Office:

  • Email: contact@utopica.ai
  • Mail (U.S.):
    UTOPICA Inc.
    169 Madison Ave, STE 15776
    New York, NY 10016, USA
  • Mail (Canada):
    UTOPICA Inc.
    3rd Floor - 169 Enterprise Blvd
    Markham, ON L6G 0E7, Canada

Canadian users may also have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or applicable provincial authorities, depending on the circumstances.

15. Severability

If any provision of this Policy is held invalid or unenforceable, the remaining provisions remain in effect.