top of page

Privacy, Security & Compliance

Data Protection & Compliance

Protecting Your Privacy With Transparency, Security, and Respect

Last Updated: Nov 18th, 2025

 

At Spiritify.ai, we maintain strict privacy controls across all our products, including our AIoT Cloud Platform and AI robots. We are committed to meeting all requirements of the European Union’s General Data Protection Regulation (GDPR) and giving you full control over your personal data.

Who We Are

Spiritify Inc. is the Data Controller for enterprise client data and/or personal data processed by:

  • Spiritify AIoT Cloud Platform - AI Brain

  • Nova.Mate Joy AI companion Carebot

  • Viva.Mate Sophie AI Concierge Robot

  • Spiritify mobile app (iOS / Android)

  • Spiritify.ai websites and customer portal

Legal Basis for Processing

We process data based on:

  • Performance of Contract: creating and maintaining your account

  • Consent: microphone access, voice interactions, optional features

  • Legitimate Interests: device performance, safety, fraud prevention

You always remain in control of your data

Your Rights

If you live in the EU, you have the right to:

  • Access your data

  • Correct inaccurate data

  • Delete your data (“Right to clear your memory”)

  • Export your data (data portability)

  • Withdraw consent anytime

  • Restrict or object to certain types of processing

To exercise your rights, contact:

    privacy@spiritify.ai

 

We respond within 30 days, in compliance with GDPR

How We Protect Your Data

Technical Safeguards

  • HTTPS/TLS encryption

  • Encrypted voice packets

  • Token-based authentication

  • Secure cloud architecture

  • Strict access controls

Organizational Safeguards

  • Employee privacy training

  • Vendor Data Processing Agreements (DPAs)

  • EU Standard Contractual Clauses (SCCs)

  • Data minimization and retention limits

Your data security is our highest priority

Where Your Data is Stored

We use secure cloud providers such as AWS Cloud.

When data is transferred outside the EU (e.g., to the U.S.), we use:

  • Standard Contractual Clauses (SCCs)

  • Vendor GDPR-compliant frameworks

This ensures your data remains protected regardless of location.

Data Type

Account data

Reminders

Voice history

Analytics

Support tickets

How Long We Keep Your Data

Retention Period

Until user delete user account

Until deleted

90 days

12 months

24 months

​Once retention periods expire, data is permanently deleted.

Third-Party Processors

We only work with GDPR-compliant partners.

Examples include:

  • AWS Cloud

  • Stripe / PayPal

  • Analytics tools (optional)

  • Customer support providers

Each partner is bound by a Data Processing Agreement (DPA).

We do not share your data with advertisers.

Cookies (Website Only)

We use cookies to:

  • Run the website

  • Improve site performance

  • Understand usage patterns (optional)

 

You may adjust cookie preferences anytime via our Cookie Settings banner

Data Breach Notification

In the unlikely event of a data breach affecting your personal data:

  • We will contact affected users directly

  • We will provide steps to protect yourself

  • We will notify relevant EU authorities within 72 hours

Contact us for privacy related questions or requests:​

        privacy@spiritify.ai

       

        774-570-1600

bottom of page