utopica

Privacy Policy

Effective Date: July 4th, 2025

This Privacy Policy (“Policy”) explains how UTOPICA Inc. - a Delaware corporation - (“UTOPICA,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects information in connection with our websites, applications, and related services (collectively, the “Service”). This Policy is incorporated into and forms part of our Terms of Service (“Terms”). Capitalized terms not defined here have the meanings in the Terms.

1. Scope

This Policy applies to:

  • Visitors who browse our websites or other publicly available parts of the Service;
  • Customers (organizations) and their Authorized Users who access or use the Service; and
  • Prospective customers who interact with our sales, marketing, or support channels.

This Policy does not apply to third-party websites, products, or services that we do not control, even if we link to them.

2. Key Definitions

  • “Personal Information” means information about an identified or identifiable individual, or that is linked or reasonably linkable to an identified or identifiable individual. Under Canadian law (including PIPEDA), this is generally referred to as “personal information.”
  • “Customer-Owned Content” means: (A) Final Output, (B) Original Implementation Data, and (C) User Uploads, each as defined below.
  • “Final Output” means the specific, final version of content generated by the Service and presented to you. Final Output explicitly excludes all intermediaries, Intermediate Materials, and User Interactions.
  • “Original Implementation Data” means the original data you provide via any files, links, cloud collaboration spaces, or automated integrations (such as content management systems, web analytics, and search console accounts) through email, forms, or other implementation channels to start the custom implementation process. Original Implementation Data expressly excludes User Interactions with the AI.
  • “User Uploads” means the data that an Authorized User provides to the Service via manual upload, links, cloud collaboration spaces, or automated integrations (such as content management systems, web analytics, and search console accounts) (excluding browsing-only data and excluding User Interactions).
  • “User Interactions” means all AI/App-driven interactions, including prompts, instructions, chat logs, messages, transcripts (expressly including text, audio, and video transcripts), session-level inputs, clickstream and feature-usage events, and related usage metadata. User Interactions expressly exclude raw audio and raw video recordings, and are not Customer-Owned Content.
  • “Service Data” means Usage Data, operational telemetry, logs, debugging data, security events, aggregated analytics, and de-identified or anonymized derivatives.

3. Roles and Responsibilities (Customer vs. UTOPICA)

Where Personal Information is processed in connection with an organization's use of the Service, the Customer generally determines the purposes for which Personal Information is submitted to the Service. UTOPICA processes such information to provide the Service, to secure it, and as otherwise described in this Policy and the Terms.

Important: Customers are responsible for ensuring they have the right and legal basis to submit Personal Information, including obtaining any required notices and consents (for example, for voice recordings or call recording).

4. Information We Collect

4.1 Information you provide (Account, Billing, and Communications)

  • Account registration details (name, business email, job title, organization, role);
  • Billing and payment details (processed by our payment processor; we do not store full payment card numbers);
  • Support requests, feedback, and communications with us (which may include recordings if we notify you);
  • Information submitted through forms, scheduling links, or custom implementation intake.

4.2 Customer-Owned Content (processed to provide the Service)

  • Original Implementation Data (as defined above);
  • User Uploads (as defined above);
  • Final Output (as defined above).

4.3 User Interactions and Service Data (collected automatically when you use the Service)

  • Prompts, chat logs, transcripts, and workflow logs (User Interactions);
  • Device and browser information, IP address, approximate location (derived from IP), language settings;
  • Log files, timestamps, performance diagnostics, error reports, security events;
  • Feature usage and usage-credit consumption events.

4.4 Cookies and similar technologies

We use cookies and similar technologies that are necessary to operate the Service (e.g., session authentication and security), and may use limited analytics cookies to understand site performance. You can control cookies via browser settings; if you disable essential cookies, parts of the Service may not function properly.

5. How We Use Information

5.1 To provide, maintain, and secure the Service

  • Create and administer accounts and Authorized Users;
  • Provide custom implementation, configuration, and customer support;
  • Process payments and manage subscriptions;
  • Generate Final Output requested by users;
  • Monitor for fraud, abuse, and security incidents;
  • Integrate with your website’s content management system (CMS) for the purpose of publishing and updating content, as well as measuring content performance;
  • Process website performance and usage data obtained via Google Search Console and Google Analytics integrations to provide you with visibility into how your content is performing.

5.2 To improve and develop the Service (training and model improvement)

We use User Interactions and Service Data to develop, evaluate, and improve the Service, including training and improving our models, workflows, and methodologies. Additionally, we utilize your website's performance and usage data (obtained via integrations with your CMS, Google Search Console, and Google Analytics) for the specific purpose of improving the quality, relevance, and effectiveness of the content produced by the app. This may include creating aggregated, de-identified, or anonymized datasets and derived insights.

We do not claim ownership of Customer-Owned Content. We process Customer-Owned Content to provide the Service, and we may retain anonymized or de-identified derivatives and insights derived from User Interactions and Service Data for model improvement and legal compliance.

Enterprise Privacy Options: If your organization requires alternative data handling practices - such as a zero-data-training environment where User Interactions are excluded from model improvement - you must purchase a custom Enterprise plan. Please contact our sales team to inquire about custom Enterprise agreements.

5.3 To communicate with you

  • Send transactional messages (security alerts, invoices, account notices);
  • Send product updates and marketing communications where permitted by law (you can opt out of marketing emails).

5.4 For legal and compliance purposes

  • Comply with lawful requests and applicable laws;
  • Enforce our Terms and protect our rights, users, and the public;
  • Maintain records needed for tax, accounting, and audit requirements.

5.5 Prohibited and Sensitive Data

Because the Service is designed for external content publishing, optimization, and public analytics, we strongly advise against sharing sensitive personal or highly confidential internal business information with the AI or our team. Unless we expressly agree in writing, you must not submit, link, or upload any of the following to the Service, including via file uploads, shared links, cloud collaboration spaces, automated integrations (such as content management systems, web analytics, and search console accounts), the custom implementation process, or within User Interactions:

  • (i) government-issued identification numbers (e.g., Social Security Numbers, Social Insurance Numbers, driver's licenses);
  • (ii) passwords, security credentials, or financial account information;
  • (iii) highly confidential company information (including critical trade secrets, proprietary source code, or material non-public information);
  • (iv) protected health information regulated by HIPAA or equivalent health privacy laws;
  • (v) payment card data regulated by PCI-DSS;
  • (vi) classified or export-controlled technical data (ITAR/EAR); or
  • (vii) Personal Information of children under the age of 13.

Because UTOPICA retains and uses User Interactions (including text, audio, and video transcripts) for model improvement, you are strictly responsible for ensuring that no sensitive personal data or highly confidential company information is uploaded via files, connected via links or cloud spaces, typed into the app's chat, spoken during recorded interactions, or submitted via prompts.

6. How We Share Information

6.1 Service providers and subprocessors

We may share information with vendors who help us operate the Service (e.g., hosting, authentication, analytics, customer support, and payment processing). These providers are authorized to process information only as needed to provide services to us and are contractually required to protect it.

6.2 AI infrastructure providers

We must route certain User Interactions and Customer-Owned Content to third-party AI infrastructure providers to provide the requested inference and generate content. To protect our proprietary system architecture, we do not disclose the specific identities of these vendors; however, all such AI infrastructure providers are located exclusively within the United States and Canada.

We rely on the official enterprise terms and policies of these providers, which generally restrict them from using customer API data to train their base models. However, because these providers operate their own proprietary systems, we do not directly control their infrastructure and cannot absolutely guarantee how they handle data internally. The processing of your data by these vendors is governed strictly by their own official privacy policies and terms of service. Provider practices may change over time, and you acknowledge that UTOPICA is not liable for the data handling practices of these independent third-party AI models.

6.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of our business or assets, information may be transferred as part of that transaction, subject to applicable law.

6.4 Legal disclosures

We may disclose information if we reasonably believe disclosure is required by law or legal process, or necessary to protect rights, safety, and security.

7. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, including providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements.

  • Account and billing records: retained for the life of the account and thereafter as required by law (commonly up to 7 years for tax/accounting, depending on jurisdiction).
  • Customer-Owned Content (Final Output, Original Implementation Data, User Uploads, Raw Media): retained while the account is active. After cancellation, Customers may request deletion as described in Section 9.
  • Grace Period (Cancelled Accounts): If an account is cancelled and no explicit deletion request is made, Customer-Owned Content is retained for a 6-month grace period. After 6 months, it is at UTOPICA's sole discretion whether to delete, anonymize, or indefinitely retain the raw data until a deletion request is made.
  • User Interactions and Service Data: may be retained to operate, secure, support, and improve the Service, including maintaining anonymized/de-identified training datasets and derived insights, and for legal compliance.
  • Backups: deleted information may persist in backups for a limited period as part of routine backup cycles, and will be removed when backups are rotated, unless legally required to retain.

8. Cross-Border Processing (United States and Canada)

The Service is operated primarily in the United States, and information may be stored and processed in the United States. If you are located in Canada, this means your information may be subject to U.S. laws and lawful access requests by U.S. authorities. We use contractual and technical safeguards designed to protect information during cross-border processing.

9. Your Rights and Choices

9.1 Access, correction, and deletion

Depending on your location and applicable law, you may have rights to request access to, correction of, or deletion of certain Personal Information. Customers may also request deletion of Customer-Owned Content after cancellation as described below.

9.2 Deletion of Customer-Owned Content after cancellation

Upon account cancellation, the Customer may request the permanent deletion of only the following data associated with their account: (A) Final Output (expressly excluding ALL intermediaries and Intermediate Materials); (B) Original Implementation Data (expressly excluding any User Interactions with the AI during implementation); (C) User Uploads; and (D) any raw audio or raw video recordings hosted on UTOPICA's servers.

We will act on verified requests within a commercially reasonable time (typically within 30 days). Everything else is retained by UTOPICA. Upon executing the deletion request, UTOPICA will permanently retain all other data-including training data, derivatives, intermediaries, and User Interactions (including text, audio, and video transcripts)-strictly in an anonymized or de-identified format. Notwithstanding any deletion request, UTOPICA reserves the right to retain any raw or identifiable data strictly as required by local, state, or federal authorities for tax purposes, accounting, fraud prevention, or other mandatory legal and regulatory compliance.

9.3 Marketing opt-out

You may opt out of marketing emails using the unsubscribe link in the message. Transactional or security messages are not subject to opt-out.

9.4 How to exercise rights

Email contact@utopica.ai with the subject line “Privacy Request.” We may need to verify identity and authority before responding.

10. Audio and Voice Data

If the Service processes audio or voice data, Customers are responsible for providing legally required notices and obtaining legally required consents from individuals whose voices are captured (including under applicable U.S. state biometric and call-recording laws). We process such data to provide, secure, and improve the Service as described in this Policy and the Terms. Please note that upon a valid deletion request, raw audio and video recordings are permanently deleted, while text, audio, and video transcripts generated from them are retained strictly in an anonymized or de-identified format.

11. Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect information. However, no system can be guaranteed to be 100% secure.

12. Children's Privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect Personal Information from children under 13.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice as required by law (for example, via email or in-app notice). Continued use of the Service after the effective date of the updated Policy means you accept the updated Policy.

14. Contact / Privacy Officer

If you have questions or complaints about privacy, contact our Privacy Office:

  • Email: contact@utopica.ai
  • Mail (U.S.):
    UTOPICA Inc.
    169 Madison Ave, STE 15776
    New York, NY 10016, USA
  • Mail (Canada):
    UTOPICA Inc.
    3rd Floor - 169 Enterprise Blvd
    Markham, ON L6G 0E7, Canada

Canadian users may also have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or applicable provincial authorities, depending on the circumstances.

15. Severability

If any provision of this Policy is held invalid or unenforceable, the remaining provisions remain in effect.