Table of Contents

Important Notice

This Privacy Policy was last updated on January 2025. By using LEO AI Microsoft Teams Voice Bot, you agree to the collection and use of information in accordance with this policy.

1. Overview

LEO AI Microsoft Teams Voice Bot ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice bot service within Microsoft Teams.

Our service is designed to enhance your Microsoft Teams experience through AI-powered voice interactions while maintaining the highest standards of data protection and privacy compliance.

Our Commitment

We are committed to transparency, security, and giving you control over your personal information. We follow industry best practices and comply with applicable data protection regulations including GDPR, CCPA, and other relevant privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: User ID, tenant ID, email address (if provided)
  • Voice Data: Audio recordings of your voice interactions with the bot
  • Text Messages: Text-based conversations and commands
  • License Information: Subscription details, upgrade requests, and payment information
  • Support Communications: Messages sent to our support team

2.2 Information Collected Automatically

  • Usage Data: Interaction frequency, feature usage, session duration
  • Technical Data: Device information, browser type, IP address (anonymized)
  • Performance Data: Response times, error logs, system performance metrics
  • Analytics Data: Aggregated usage statistics and trends

2.3 Information from Microsoft Teams

  • Teams Integration Data: Meeting context, participant information (when authorized)
  • Organization Data: Tenant information, user roles (as provided by Microsoft)
  • Authentication Data: Microsoft authentication tokens and permissions

Voice Data Processing

Voice recordings are processed in real-time and are not permanently stored unless explicitly required for service functionality. All voice data is encrypted during transmission and processing.

3. How We Use Your Data

3.1 Primary Service Functions

  • Processing voice commands and providing AI-powered responses
  • Facilitating multi-language communication and translation
  • Managing user licenses and subscription services
  • Providing web search capabilities and real-time information
  • Maintaining conversation context and history during sessions

3.2 Service Improvement

  • Analyzing usage patterns to improve AI accuracy and performance
  • Developing new features and capabilities
  • Optimizing system performance and reliability
  • Training AI models (using anonymized and aggregated data only)

3.3 Administrative Purposes

  • Processing license upgrades and payment transactions
  • Providing customer support and technical assistance
  • Sending service notifications and updates
  • Ensuring compliance with terms of service
  • Detecting and preventing fraud or abuse

Legal Basis for Processing

We process your data based on: (1) Your consent, (2) Performance of our contract with you, (3) Compliance with legal obligations, and (4) Our legitimate interests in providing and improving our services.

4. Data Sharing and Disclosure

4.1 We Do NOT Share Your Data Except:

  • With Your Consent: When you explicitly authorize data sharing
  • Service Providers: Trusted third-party services that help us operate (under strict data protection agreements)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notice to users)
  • Safety and Security: To protect rights, property, or safety of users or others

4.2 Third-Party Services We Use

  • Microsoft Azure: Cloud hosting and AI services (covered by Microsoft's privacy policy)
  • OpenAI: AI language processing (data processed according to OpenAI's privacy policy)
  • Azure Speech Services: Voice recognition and synthesis
  • Analytics Providers: Anonymized usage analytics and performance monitoring

Data Processing Agreements

All third-party service providers are bound by strict data processing agreements that ensure your data is protected according to the same standards we maintain.

5. Data Security

5.1 Security Measures

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: 24/7 monitoring and rapid response procedures

5.2 Data Centers and Infrastructure

  • Data hosted in Microsoft Azure data centers with SOC 2 Type II compliance
  • Geographic data residency options available for enterprise customers
  • Redundant backups and disaster recovery procedures
  • Regular security updates and patch management

Security Incident Notification

In the unlikely event of a security breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by applicable laws.

6. Data Retention

6.1 Retention Periods

  • Voice Recordings: Processed in real-time, not permanently stored (unless explicitly saved by user)
  • Conversation History: Retained for 30 days for context, then automatically deleted
  • Account Information: Retained while account is active plus 90 days after deactivation
  • License Data: Retained for 7 years for accounting and legal compliance
  • Support Communications: Retained for 3 years for quality assurance
  • Analytics Data: Anonymized data retained indefinitely for service improvement

6.2 Data Deletion

You can request deletion of your personal data at any time. We will process deletion requests within 30 days, except where retention is required by law or for legitimate business purposes.

Automatic Data Cleanup

Our systems automatically delete temporary data, conversation histories, and cached information according to the retention schedules above. No manual intervention is required.

7. Your Rights

7.1 Data Subject Rights (GDPR)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing

7.2 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to your request within 30 days and may require identity verification.

7.3 California Privacy Rights (CCPA)

California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information (note: we do not sell personal information).

8. Cookies and Tracking

8.1 Types of Cookies We Use

  • Essential Cookies: Required for basic service functionality
  • Performance Cookies: Help us understand how users interact with our service
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Provide insights into usage patterns (anonymized)

8.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect service functionality. We do not use cookies for advertising or tracking across other websites.

9. Third-Party Services

Our service integrates with several third-party services to provide enhanced functionality:

  • Microsoft Graph API: For Teams integration and user authentication
  • Azure OpenAI: For AI language processing and responses
  • Azure Speech Services: For voice recognition and text-to-speech
  • Web Search APIs: For real-time information retrieval

Each third-party service has its own privacy policy. We recommend reviewing these policies to understand how your data is handled by these services.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For users between 13 and 18 years of age, parental consent may be required depending on local laws and organizational policies.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that such transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Certification schemes and codes of conduct
  • Microsoft's Data Protection Addendum and compliance certifications

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying in-app notifications
  • Providing notice through Microsoft Teams (where applicable)

Your continued use of our service after any changes indicates your acceptance of the updated Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@cscbilisim.com

Data Protection Officer: dpo@cscbilisim.com

Address: Cloud Solution Company LTD
Data Protection Department
[Your Business Address]

Phone: +1 (555) 123-4567

Contact Support Back to Home