Privacy Policy

Last updated: June 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email, company)
  • Profile information and voice preferences
  • Content you create using our Service
  • Communications with us
  • Payment information (processed securely by our payment provider)

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Personalize AI-generated content to match your voice
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your comments and questions
  • Analyze usage patterns to improve our Service

3. Information Sharing

We do not sell your personal information. We may share information with:

  • Service providers who assist in our operations
  • Professional advisors (lawyers, accountants)
  • Law enforcement when required by law
  • Other parties with your consent

4. Payment Processing

We use Stripe, a third-party payment processor, to handle all payment transactions. When you make a purchase, your payment information is transmitted directly to Stripe and processed according to their security standards. We do not store your complete credit card information on our servers.

  • Stripe is PCI-DSS Level 1 certified (the highest level of certification)
  • Payment data is encrypted using industry-standard protocols
  • Stripe may process your data in the United States and other countries
  • View Stripe's privacy policy at: https://stripe.com/privacy

5. Data Retention

We retain your information for as long as your account is active or as needed to provide our Service. You can request deletion of your data at any time by contacting us.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability
  • Withdraw consent at any time

7. Cookies

We use cookies and similar technologies to collect information about your browsing activities. You can control cookies through your browser settings.

8. Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption, access controls, and regular security assessments.

9. LinkedIn Data

When you connect your LinkedIn account, we access only the data necessary to provide our Service. We never post to LinkedIn without your explicit approval. We do not store your LinkedIn credentials.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date.

11. Microsoft Teams Integration

When you install and use the Co.Actor bot in Microsoft Teams, additional data handling applies:

Data we receive from Microsoft Teams

  • Message content: the text you send to the Co.Actor bot in personal chats, group chats, or team channels where the bot is mentioned.
  • User identifiers: your Microsoft Entra (Azure AD) object ID, your display name, and your tenant ID, as provided by the Microsoft Bot Framework. We use these solely to route responses back to you and to distinguish between conversations.
  • Conversation context: a short rolling window (up to the last 5 messages) of recent interactions in the same chat, used to keep responses coherent. This context is held in server memory and is not persisted beyond the bot process lifetime unless otherwise disclosed.

How we process your Teams messages

  • When you send a message to the Co.Actor bot, the text (combined with the short conversation window) is transmitted to the Co.Actor AI backend over TLS.
  • The Co.Actor AI backend uses a retrieval-augmented generation (RAG) pipeline together with large language models provided by Anthropic (the Claude family of models) to generate a response. The response is then delivered back to you inside Microsoft Teams.
  • Message content sent via the Teams bot is not used to train third-party models. Anthropic processes requests under their commercial API terms and does not use submitted content for model training.

Sub-processors

  • Microsoft Corporation — hosts our bot endpoint on Microsoft Azure and operates the Microsoft Bot Framework that routes messages between Teams and our service.
  • Anthropic, PBC — provides the Claude large language model used to generate responses.

Retention

  • Conversation context held by the bot is ephemeral and is cleared on service restart or when you issue the reset conversation command.
  • Request/response logs are retained for up to 30 days for operational debugging and abuse prevention, then deleted, unless required to be retained longer by law.
  • Account-level data applies when you connect a Co.Actor account; without a connected account, the bot does not create a persistent user profile on our side.

Your controls inside Teams

  • Clear conversation context at any time by sending reset conversation to the bot.
  • Uninstall the Co.Actor app from Teams at any time; this stops all further data transfer.
  • Request deletion of any residual logs by contacting privacy@co.actor.

Microsoft's role

Microsoft is an independent data controller for the Microsoft Teams platform itself (user accounts, authentication, transport). Data handling by Microsoft is governed by the Microsoft Services Agreement and the Microsoft Online Services Data Protection Addendum.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@co.actor
Phone: +1 628 7893871
Company: Creative Content Crafts Inc.
Address: 2093 PHILADELPHIA PIKE #6050
Claymont, DE 19703
United States