Privacy Policy

Girikon AI Inc. ("Girikon AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at girikon.ai, use our AI-powered products (GirikUnified, GirikVOICE, GirikCTI, GirikSMS, GirikQA, GirikHire, GirikIQ, GirikForms), or interact with us in any other way.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services.

Girikon AI maintains the highest standards of security, quality, and governance through multiple independent certifications and strategic technology partnerships:

We collect information in several ways depending on how you interact with us:

Information you provide directly includes name, email address, phone number, company name, job title, billing information, and any messages you send us through forms or support channels.

Information collected automatically includes IP addresses, browser type, operating system, referring URLs, pages visited, session duration, and Salesforce platform integration metadata when you use our products.

We use the information we collect to operate, improve, and personalise our services. Specifically, we use your data to:

• Provide and manage services — deliver, operate, and maintain GirikUnified, GirikVOICE, GirikCTI, GirikSMS, GirikQA, GirikHire, GirikIQ, GirikForms, and related Salesforce AppExchange products.
• Process transactions — handle billing, payments, and enterprise licensing agreements.
• Customer support — respond to enquiries, troubleshoot issues, and provide technical assistance within our 2-hour average response commitment.
• Product improvement — analyse usage patterns to improve AI agent performance, reduce handle time, and increase query resolution rates.
• Communications — send product updates, security alerts, promotional materials (where consented), and policy change notifications.
• Security & compliance — detect fraud, enforce terms of service, and meet legal obligations including SOC 2 audit requirements.
• Analytics — measure and understand service performance, user engagement, and business metrics.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following circumstances:

• Service providers — trusted vendors who assist us in operating our platform (hosting, analytics, payment processing, email delivery). They are contractually bound to protect your data.

• Salesforce ecosystem — because our products run natively on Salesforce, certain data interactions occur within the Salesforce platform under its own Privacy Policy.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• Legal requirements — when required by law, court order, or to protect the rights, property, or safety of Girikon AI, its users, or the public.
• With your consent — for any other purpose with your explicit prior consent.

We use cookies and similar tracking technologies to enhance your experience, understand how our site is used, and deliver relevant content.

• Essential cookies — required for core site functionality, authentication, and security.
• Analytics cookies — help us understand visitor behaviour and page performance (e.g., Google Analytics).
• Preference cookies — remember your settings and personalisation choices.
• Marketing cookies — used to deliver relevant advertisements. You can opt out at any time.

You can control cookie settings through your browser preferences or our cookie consent banner. Note that disabling certain cookies may affect site functionality.

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account data — retained for the duration of your account and up to 3 years after termination for legal compliance.
• Usage & log data — retained for up to 12 months in identifiable form, then anonymised for analytical purposes.
• Communication records — support tickets and emails retained for 2 years.
• Financial records — retained for 7 years as required by applicable tax and accounting regulations.

When your data is no longer needed, we securely delete or anonymise it in accordance with our data disposal procedures.

Depending on your location, you may have the following rights regarding your personal data under applicable laws including GDPR, CCPA, and other regional privacy regulations:

• Right to access — request a copy of the personal information we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten"), subject to legal obligations.
• Right to restriction — request that we limit how we process your data in certain circumstances.
• Right to portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on our legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@girikon.com. We will respond within 30 days or as required by applicable law.

We implement industry-standard technical, administrative, and physical security measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. Our commitment to data protection is demonstrated through multiple independent certifications and partnerships with leading technology providers.

• Encryption — data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption standards.
• Access controls — strict role-based access controls (RBAC) and principle of least privilege limit internal access to personal data.
• SOC 2 Type II Certified — our security and confidentiality controls are independently audited annually by third-party auditors.
• ISO 27001:2022 Certified — our information security management system (ISMS) is certified and regularly audited for continuous compliance.
• ISO/IEC 42001 Certified — our AI management system demonstrates responsible AI development and governance practices.
• ISO 9001:2015 Certified — our quality management system ensures consistent service delivery and continuous improvement.
• ISO 14001:2015 Certified — our environmental management system reflects our commitment to sustainable operations.
• Incident response — we have a documented breach notification process and will notify affected users within 72 hours of becoming aware of a significant breach, in compliance with applicable data protection regulations.

No method of transmission over the Internet is 100% secure. While we strive to protect your data through multiple layers of security and third-party validation, we cannot guarantee absolute security.

For enterprise and B2B customers who require a formal Data Processing Addendum (DPA), Girikon AI offers a standard DPA template that governs the processing of personal data as a data processor (or joint controller) under GDPR Article 28 and similar international regulations.

• Who needs a DPA? — B2B customers, especially those subject to GDPR, CCPA, DPDP Act, or other data protection laws, should execute a DPA to establish compliant data processing terms.
• What's included? — Our standard DPA covers data subject rights, sub-processor authorisation, data security obligations, breach notification, international transfers (Standard Contractual Clauses), and audit rights.
• How to request? — Contact us at privacy@girikon.com with the subject line "DPA Request" and include your organisation name, contact details, and jurisdiction. We will provide our standard DPA within 10 business days.
• International transfers — For transfers outside your region (e.g., EU to US), our DPA references EU Standard Contractual Clauses (SCCs) as the legal mechanism to ensure adequate data protection safeguards.

Our website and products may contain links to third-party websites, including Salesforce AppExchange, partner sites, and external documentation. These third-party sites have their own privacy policies, and we have no responsibility or liability for their content or practices.

We encourage you to review the privacy policies of any third-party sites you visit.

Our services are designed for business and enterprise use and are not directed to children under the age of 16. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@girikon.com and we will take prompt steps to delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page, sending an email to registered users, or displaying a prominent notice on our website. We encourage you to review this policy periodically.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised policy.

Our AI Calling CTI processes communication and operational data to facilitate the following services:

Integrated AI tools provide Real-Time Note Taking and Automated Task Creation, automatically capturing key information during calls and creating follow-up actions inside Salesforce — without requiring manual input from agents.

This application is operated by Girikon AI and is designed to help users view and sync meeting information through Google Calendar integrations.

• How We Use Your Data: This data is used solely to provide and improve user-facing features of our application: displaying calendar schedules, verifying event metadata, and checking availability. Because this application requests strictly read-only permissions, we do not create, modify, delete, or update any of your calendar events, nor do we manage Google Meet configuration links.
• Data Sharing and Transfers: We do not sell, rent, or share your Google data with third parties for advertising or unrelated purposes. We only transfer Google data to others if that transfer is necessary to provide or improve user-facing features of the application, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets. All data transfers comply with applicable data protection laws.
• For users in the EEA/UK/Switzerland: Your personal data will be transferred outside these regions only when appropriate safeguards are in place, such as standard contractual clauses (SCCs), and in compliance with GDPR/UK GDPR requirements. You may request details of these safeguards by contacting us.
• Data Retention and Deletion: We store calendar and meeting data only as long as needed to provide the service. Upon account deletion or user request, calendar event data is permanently removed from our servers. You can revoke access and request data deletion at any time through your Google Account settings or by contacting us directly.
• Our use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. We access only the minimum permissions necessary to provide the requested read-only functionality.

When you connect Girikon AI to your Microsoft 365 account, we request the following OAuth permissions to provide calendar and scheduling functionality. All permissions are scoped to the minimum required for operation.

Our AI Call & Recording capability captures, transcribes, and analyses voice interactions to improve service delivery and agent performance. The following data may be collected and processed during AI-enabled calls:

• Audio recordings — full or partial call recordings stored securely and encrypted at rest with AES-256.
• Real-time transcripts — live speech-to-text conversion used to generate notes and trigger automations in Salesforce.
• Sentiment analysis — AI-derived signals (tone, sentiment, intent) extracted from call audio to assist supervisors and QA teams.
• Automated task data — structured output (follow-up tasks, case updates, field changes) written back to Salesforce records based on call content.
• Agent performance data — talk time, silence ratio, script adherence, and other analytics used for coaching and compliance review.

Recordings and transcripts are retained per your configured data retention policy and can be deleted on request. Access is restricted to authorised personnel only.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us: