Copied to clipboard
Login
Start Free
Join Waitlist

GDPR Compliance

Last updated: January, 2027

YourSaleMate (“we”, “our”, “us”) is committed to protecting user privacy and complying with the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA) and the United Kingdom.

As an AI-powered customer service platform, we process both:

  • Account holder data (your data as a customer of YourSaleMate)
  • End-user data (data belonging to your customers when they interact with AI agents)

This page explains how we process personal data under GDPR and outlines your rights as a data subject.

1. What Is GDPR?

The General Data Protection Regulation is a European Union data protection law designed to give individuals greater control over their personal data and ensure organizations handle personal information responsibly.

GDPR establishes rules regarding:

  • How personal data is collected
  • How it is processed and stored
  • How it is shared
  • The rights individuals have regarding their data

Although YourSaleMate operates globally, we apply GDPR principles as a baseline privacy standard for all users worldwide.

2. Our Role: Data Controller vs. Data Processor

Depending on the context, YourSaleMate acts as either a Data Controller or a Data Processor.

Role

Context

Responsibility

Data Controller

For YourSaleMate account holders

We determine how your account information is processed

Data Processor

For data processed through AI agents on your website

We process your customers’ data only according to your instructions

When you deploy a YourSaleMate AI chatbot on your website:

  • You act as the Data Controller for your customers’ data.
  • YourSaleMate acts as the Data Processor.

We provide a Data Processing Agreement (DPA) that governs this relationship and ensures GDPR compliance.

3. Personal Data We Process

Account Holder Data (Your Data)

When you create and use a YourSaleMate account, we may collect:

  • Name, email address, and company information
  • Account credentials and authentication data
  • Billing and payment information
  • Uploaded knowledge base content (documents, URLs, Q&A pairs)
  • AI agent configuration settings
  • Platform usage analytics and interaction logs
  • IP address, browser type, and device information
  • Support communications and ticket history

End-User Data (Your Customers’ Data)

When visitors interact with AI agents powered by YourSaleMate, we may process:

  • Conversation transcripts and chat history
  • Names, email addresses, or identifiers voluntarily provided
  • IP addresses and device metadata
  • Any personal data users choose to share in conversations

Important:

We do not intentionally collect special category data (such as health data, biometric identifiers, racial or ethnic origin, political opinions, or religious beliefs) unless explicitly required and authorized by the customer using our platform.

4. Legal Basis for Processing

Under Article 6 of the General Data Protection Regulation, we process personal data based on the following legal grounds:

Legal Basis

Purpose

Consent

When users create accounts, accept cookies, or enable integrations

Contractual Necessity

To provide AI services, maintain accounts, and process subscriptions

Legal Obligation

Compliance with tax laws, fraud prevention, and legal requests

Legitimate Interests

Platform security, performance improvements, and abuse prevention

For end-user data processed through AI agents, the legal basis is determined by the customer acting as Data Controller.

5. How We Use Personal Data

For Account Holders

We use your data to:

  • Create and manage your account
  • Operate and configure AI agents
  • Process subscriptions and payments
  • Provide customer support
  • Send service notifications and updates
  • Improve platform performance and features
  • Detect and prevent security threats or abuse

For End-Users (Your Customers)

We process end-user data to:

  • Enable real-time AI conversations
  • Maintain chat context for support
  • Generate insights and analytics
  • Store conversation history according to customer settings

We Never

We do not:

Sell personal data to third parties
Use customer conversation data to train general AI models without permission
Share data with unauthorized third parties
Use automated decision-making that produces legal or similarly significant effects

6. AI-Specific Data Processing

YourSaleMate uses artificial intelligence to generate responses to user queries.

How Our AI Works

  • Conversations may be processed by third-party AI providers
  • Requests are securely transmitted via encrypted APIs
  • AI responses are generated in real time
  • Data is processed according to contractual agreements with AI providers

AI providers may include:

  • OpenAI
  • Anthropic
  • Google

These providers process data according to their own security and privacy standards.

Customer Control Over AI Processing

Customers using YourSaleMate can:

  • Select which AI models to use
  • Configure conversation retention periods
  • Enable or disable chat logging
  • Configure automatic PII redaction

AI outputs may contain inaccuracies and should be reviewed before making critical decisions.

7. Cookies and Tracking Technologies

YourSaleMate uses cookies and similar technologies to operate and improve the platform.

Cookies may be used for:

  • Authentication and login sessions
  • Security monitoring
  • Usage analytics
  • Performance optimization

Where required by law, we obtain user consent before placing non-essential cookies.

8. Data Storage & Security

We use enterprise-grade infrastructure to protect data.

Infrastructure Providers

  • Amazon Web Services (AWS)
  • Google Cloud Platform
  • Microsoft Azure

Security Measures

We implement multiple safeguards including:

  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.3)
  • Multi-factor authentication (MFA)
  • Role-based access control
  • Continuous security monitoring
  • Regular vulnerability testing
  • Automated encrypted backups

Access to personal data is limited to authorized personnel who require it to perform their duties.

9. Data Sharing & Subprocessors

We may share limited data with trusted service providers (subprocessors) who help us operate the platform.

Subprocessor

Purpose

AWS / Google Cloud / Azure

Infrastructure and hosting

OpenAI / Anthropic / Google

AI processing

Stripe

Payment processing

Postmark / SendGrid

Email delivery

Sentry

Error monitoring

Mixpanel / Amplitude

Product analytics

All subprocessors:

  • Are vetted for security and GDPR compliance
  • Have signed Data Processing Agreements
  • Use Standard Contractual Clauses (SCCs) where required

We do not share data with advertising networks or data brokers.

10. International Data Transfers

Some service providers operate outside the European Economic Area.

To ensure lawful transfers, we rely on safeguards including:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements
  • Encryption and pseudonymization
  • Transfer Impact Assessments

These mechanisms ensure personal data remains protected when transferred internationally.

11. Your GDPR Rights

Individuals located in the EEA or UK have rights under the General Data Protection Regulation.

These rights include:

Right

Description

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate data

Right to Erasure

Request deletion of your data

Right to Restrict Processing

Limit how data is processed

Right to Data Portability

Receive your data in machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent at any time

We respond to verified requests within 30 days, unless extensions are required.

Requests can be submitted to:

Email: yoursalemate@gmail.com
Subject: GDPR Request

12. Complaints to Supervisory Authorities

If you believe your data protection rights have been violated, you may lodge a complaint with your local supervisory authority.

Examples include:

  • Information Commissioner’s Office (UK)
  • Authorities listed by the European Data Protection Board

13. Data Retention

We retain personal data only for as long as necessary.

Data Type

Retention Period

Account information

Duration of account + up to 2 years

Conversation logs

Default 90 days (configurable by customer)

Payment records

Up to 7 years (legal requirements)

Deleted account data

Soft-deleted for 30 days before permanent deletion

Backup data

Up to 90 days

Customers may configure shorter retention periods where available.

14. Children’s Privacy

YourSaleMate services are not intended for children under 16. We do not knowingly collect personal data from individuals under 16.

If we discover such data has been collected inadvertently, it will be deleted promptly.

15. Data Breach Notification

If a personal data breach occurs:

  • Affected users will be notified without undue delay
  • Relevant authorities will be notified within 72 hours when required
  • We will provide details of the incident and remediation steps

16. Updates to This Page

We may update this GDPR Compliance page as regulations evolve or our platform features change.

Minor updates: Posted immediately with revised date

Significant changes: Email notification to account holders 30 days in advance

Last updated: March 7, 2026

17. Contact Us

For GDPR-related questions or requests:

Email: yoursalemate@gmail.com
Website: www.yoursalemate.com

Join The Waitlist Now

We’d Love to Hear From You

Experience Salesmate in action. Explore Agents creation, chatbots working, and customization options. See how we compare to other AI platforms and discuss pricing and launch timelines.