Privacy Policy for Hippo Chatbot

Updated: 24 January 2025

At Inject AI, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use Hippo (the "Service"), which leverages Open Source and third-party Large Language Models (LLMs) that are hosted on cloud infrastructure such as Microsoft Azure. By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

Registration

When you register to use the Service, we may collect the following personal information necessary to create and manage your account:

  • First and last name
  • Email address
  • Password (stored securely using industry-standard encryption techniques)

Providing this information is required to create an account and access certain features of the Service.

User Input

  • The text or data you provide as input to the chatbot ("User Input").
  • This information is processed by LLMs hosted on third-party cloud infrastructure to generate responses.

AI Output

  • The responses generated by the chatbot ("AI Output") based on your User Input.

Automatically Collected Data

  • Technical information such as:
    • Usage data (e.g., timestamps, interaction logs)

Personal Information

  • If you voluntarily provide personal information (e.g., name, email address) through your interactions with the chatbot or related features, this information may be collected.

2. Payment Processing and Subscriptions

We use Lemon Squeezy as a third-party service provider to process payments and manage subscriptions. Lemon Squeezy acts as our merchant of record and securely handles payment transactions on our behalf. This may involve sharing your personal information, such as payment details and billing information, with Lemon Squeezy for purposes including:

  • Payment processing
  • Subscription management
  • Fraud prevention
  • Global tax compliance

Lemon Squeezy may process your personal information in countries outside Australia where it operates. We ensure that any cross-border data transfers comply with Australian privacy laws by requiring Lemon Squeezy to adhere to privacy protections equivalent to the Australian Privacy Principles. For more information about how Lemon Squeezy handles your personal information, please refer to their Privacy Policy at https://www.lemonsqueezy.com/privacy.

3. How We Use Your Information

We use the information collected for the following purposes:

  • To provide and improve the Service.
  • To process User Input and generate AI Output.
  • To analyse usage patterns for performance improvements and troubleshooting.
  • To comply with legal obligations or enforce our Terms of Service.
  • To communicate with you regarding updates, changes, or support requests.

4. Data Processing and Hosting

The Service is hosted on third-party cloud infrastructure, such as Microsoft Azure, which processes User Input and AI Output to generate responses. Data processed through cloud-hosted AI models may be stored temporarily for operational purposes but is not used to train AI models unless explicitly permitted by you.

As part of providing the Service, your data may be primarily processed on servers located in Australia. However, certain service-specific requirements may result in processing in other countries where Microsoft Azure operates, such as for globally distributed or non-regional services.

5. Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Specifically:

  • User Input and AI Output are retained temporarily during processing but are not stored permanently unless required for troubleshooting or service improvement with your explicit consent.
  • Automatically collected data may be retained for analytics purposes but is anonymised wherever possible.

Conversation History

If you choose to retain your conversation history within the Service (e.g., saved chats or transcripts), the following applies:

  • User Control: You have full control over your retained conversation history. You may delete or export this data at any time using the tools provided within your account settings.
  • Storage: Conversation history is stored securely on servers that provide the service and encrypted to protect your privacy.
  • Retention Period: We retain your conversation history for as long as you choose to keep it within your account. If you delete your account, all associated conversation history will be permanently deleted from our servers within 30 days.
  • Purpose: Retained conversation history is used solely for your convenience and is not accessed by us unless required for troubleshooting or service improvement with your explicit consent.

6. Sharing Your Information

We do not sell or rent your personal information to third parties. However, we may share your information in the following circumstances:

  • With Service Providers: We may share data with trusted third-party providers (e.g., Microsoft Azure) to operate and maintain the Service.
  • Legal Compliance: If required by law or legal process, we may disclose your information to comply with applicable regulations or enforce our rights.
  • Business Transfers: In case of a merger, acquisition, or sale of assets, your information may be transferred to the new entity under similar privacy protections.

7. Security Measures

We implement reasonable technical and organisational measures to protect your data from unauthorised access, loss, misuse, or alteration. These measures include:

  • Encryption of data during transit and at rest.
  • Access controls to limit who can access sensitive data.
  • Regular security audits of our systems.

While we strive to protect your data, no system is completely secure. By using the Service, you acknowledge this risk.

8. Your Rights

Under the Privacy Act 1988 and Australian Privacy Principles (APPs), you have rights to:

  • Access personal information we hold about you.
  • Request corrections to inaccurate or incomplete personal information.
  • Lodge complaints about how we handle your personal data.

To exercise these rights, please contact us at info@inject.ai

9. Cookies and Tracking Technologies

We may use cookies or similar technologies to improve user experience and analyse usage patterns. You can manage cookie preferences through your browser settings.

10. Data Breach Notification

In compliance with Australian law (Notifiable Data Breaches scheme) and other applicable regulations:

  • We will notify affected users and relevant authorities in the event of a data breach involving personal information that poses a risk of harm.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective upon posting. Continued use of the Service after updates constitutes acceptance of those changes.

12. Contact Information

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at:

Inject AI
info@inject.ai

Alternatively, if you are located in Australia and wish to lodge a complaint regarding privacy concerns, you can contact the Office of the Australian Information Commissioner (OAIC).