Privacy Policy

Girikon AI Inc. ("Girikon AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at girikon.ai, use our AI-powered products (GirikUnified, GirikVOICE, GirikCTI, GirikSMS), or interact with us in any other way.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services.

We collect information in several ways depending on how you interact with us:

Information you provide directly includes name, email address, phone number, company name, job title, billing information, and any messages you send us through forms or support channels.

Information collected automatically includes IP addresses, browser type, operating system, referring URLs, pages visited, session duration, and Salesforce platform integration metadata when you use our products.

We use the information we collect to operate, improve, and personalise our services. Specifically, we use your data to:

• Provide and manage services — deliver, operate, and maintain GirikUnified, GirikVOICE, GirikCTI, GirikSMS, and related Salesforce AppExchange products.
• Process transactions — handle billing, payments, and enterprise licensing agreements.
• Customer support — respond to enquiries, troubleshoot issues, and provide technical assistance within our 2-hour average response commitment.
• Product improvement — analyse usage patterns to improve AI agent performance, reduce handle time, and increase query resolution rates.
• Communications — send product updates, security alerts, promotional materials (where consented), and policy change notifications.
• Security & compliance — detect fraud, enforce terms of service, and meet legal obligations including SOC 2 audit requirements.
• Analytics — measure and understand service performance, user engagement, and business metrics.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following circumstances:

• Service providers — trusted vendors who assist us in operating our platform (hosting, analytics, payment processing, email delivery). They are contractually bound to protect your data.
• Salesforce ecosystem — because our products run natively on Salesforce, certain data interactions occur within the Salesforce platform under its own Privacy Policy.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• Legal requirements — when required by law, court order, or to protect the rights, property, or safety of Girikon AI, its users, or the public.
• With your consent — for any other purpose with your explicit prior consent.

We use cookies and similar tracking technologies to enhance your experience, understand how our site is used, and deliver relevant content.

• Essential cookies — required for core site functionality, authentication, and security.
• Analytics cookies — help us understand visitor behaviour and page performance (e.g., Google Analytics).
• Preference cookies — remember your settings and personalisation choices.
• Marketing cookies — used to deliver relevant advertisements. You can opt out at any time.

You can control cookie settings through your browser preferences or our cookie consent banner. Note that disabling certain cookies may affect site functionality.

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account data — retained for the duration of your account and up to 3 years after termination for legal compliance.
• Usage & log data — retained for up to 12 months in identifiable form, then anonymised for analytical purposes.
• Communication records — support tickets and emails retained for 2 years.
• Financial records — retained for 7 years as required by applicable tax and accounting regulations.

When your data is no longer needed, we securely delete or anonymise it in accordance with our data disposal procedures.

Depending on your location, you may have the following rights regarding your personal data under applicable laws including GDPR, CCPA, and other regional privacy regulations:

• Right to access — request a copy of the personal information we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten"), subject to legal obligations.
• Right to restriction — request that we limit how we process your data in certain circumstances.
• Right to portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on our legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@girikon.com. We will respond within 30 days.

We implement industry-standard technical, administrative, and physical security measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction.

• Encryption — data is encrypted in transit using TLS 1.2+ and at rest using AES-256.
• Access controls — strict role-based access controls limit who can access personal data internally.
• SOC 2 Type II — our security controls are independently audited annually.
• Incident response — we have a documented breach notification process and will notify affected users within 72 hours of becoming aware of a significant breach.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Our website and products may contain links to third-party websites, including Salesforce AppExchange, partner sites, and external documentation. These third-party sites have their own privacy policies, and we have no responsibility or liability for their content or practices.

We encourage you to review the privacy policies of any third-party sites you visit.

Our services are designed for business and enterprise use and are not directed to children under the age of 16. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@girikon.com and we will take prompt steps to delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page, sending an email to registered users, or displaying a prominent notice on our website. We encourage you to review this policy periodically.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised policy.

Our AI Calling CTI processes communication and operational data to facilitate the following services:

Integrated AI tools provide Real-Time Note Taking and Automated Task Creation, automatically capturing key information during calls and creating follow-up actions inside Salesforce — without requiring manual input from agents.

This application is operated by Girikon AI and is designed to help users manage meetings through Google Calendar and Google Meet integrations.

This data is used strictly to enable user-facing features: scheduling, updating events, checking conflicts, and creating or managing Google Meet links. We do not sell, rent, or use your Google data for advertising purposes.

• Your data is shared only with secure infrastructure providers when necessary to operate the service, or as required by law.
• Data is stored securely using industry-standard protections and retained only as long as needed to provide the service.
• You can revoke access at any time through your Google Account settings.
• You may request deletion of your data by contacting sales@girikon.ai.

When you connect Girikon AI to your Microsoft 365 account, we request the following OAuth permissions to provide calendar and scheduling functionality. All permissions are scoped to the minimum required for operation.

Our AI Call & Recording capability captures, transcribes, and analyses voice interactions to improve service delivery and agent performance. The following data may be collected and processed during AI-enabled calls:

• Audio recordings — full or partial call recordings stored securely and encrypted at rest with AES-256.
• Real-time transcripts — live speech-to-text conversion used to generate notes and trigger automations in Salesforce.
• Sentiment analysis — AI-derived signals (tone, sentiment, intent) extracted from call audio to assist supervisors and QA teams.
• Automated task data — structured output (follow-up tasks, case updates, field changes) written back to Salesforce records based on call content.
• Agent performance data — talk time, silence ratio, script adherence, and other analytics used for coaching and compliance review.

Recordings and transcripts are retained per your configured data retention policy and can be deleted on request. Access is restricted to authorised personnel only.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us: