1.1 What This Policy Covers

This Privacy Policy applies to information processed by AI Pro Capital in connection with:

• our websites, pages, and online properties that link to this Policy (the "Site")
• our platform, dashboards, and administrative interfaces used by dealership personnel and other authorized business users
• demonstrations, sales inquiries, onboarding, technical support, and related communications
• the operation of AI-enabled call handling, SMS, and email automation workflows configured by our dealership customers

1.2 What This Policy Does Not Cover

This Privacy Policy does not apply to:

• privacy practices of our dealership customers (including how a dealership uses lead information, recordings, or messages once delivered to its systems)
• third-party websites, applications, or services that may integrate with the Services or be accessible via links
• information processed in a purely employment context by a dealership customer (unless provided to us in connection with the Services)

1.3 Audience and Data Context

For clarity, we commonly process information in three contexts:

• Dealership Users: employees and personnel of dealership customers who access and administer the Services
• Website Visitors and Prospects: individuals who visit the Site or contact us directly for sales or support
• Dealership End Customers: consumers who call, text, or otherwise interact with an AI workflow operated for a dealership customer. In this context, we generally process information on the dealership's instructions and for the dealership's business purposes.

2.1 Key Defined Terms

For purposes of this Privacy Policy:

• -"Personal Information" (or "Personal Data") means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• -"Customer" means the dealership or other business entity that subscribes to the Services.
• -"Authorized Users" means Customer's employees, contractors, and other personnel authorized by Customer to access and use the Services.
• -"Customer Data" means information submitted to, collected by, transmitted through, or processed via the Services on behalf of a Customer, including communications content, transcripts, call metadata, lead details, and configuration inputs.
• -"Communications Data" means call audio (if enabled), call recordings, call metadata, transcripts, message content, message delivery events, routing outcomes, appointment details, and similar data generated or processed through the Services.
• -"De-identified" means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual, household, or device, directly or indirectly, and for which we maintain and use reasonable technical and organizational controls to prevent re-identification.

2.2 Interpretation

Headings are for convenience only and do not affect interpretation. The term "including" means "including without limitation." Where terms are defined in our Terms and Conditions and used here without a separate definition, they will have the meaning set out in the Terms and Conditions.

3.1 Controller/Business vs. Processor/Service Provider

Depending on the context, AI Pro Capital may act as:

• a controller/business (where we determine the purposes and means of processing), such as for Site analytics, marketing, sales administration, billing administration, and account management
• a processor/service provider (where we process information on a Customer's instructions), such as when we process Customer Data and Communications Data to provide the Services to the Customer

3.2 Dealership Customer Responsibilities

Where we process information on behalf of a Customer, the Customer is responsible for:

• providing legally required notices to its customers and prospective customers
• obtaining and maintaining required consents (including for recording, messaging, and other communications practices)
• managing opt-outs and suppression lists
• ensuring its use of the Services complies with applicable laws and industry rules

3.3 Data Processing Addendum

Where applicable, we may make available additional data processing terms (including a data processing addendum) governing processor/service provider processing for Customers. Any such terms will apply in addition to this Privacy Policy in the event of conflict for Customer Data processing on behalf of a Customer.

4.1 Service Functionality

The Services are designed to help automotive dealerships respond to inbound inquiries and manage lead workflows. Depending on Customer configuration, the Services may:

• answer inbound telephone calls using AI-enabled automation
• send and receive SMS/MMS messages and/or emails
• collect lead qualification details and appointment preferences
• route callers or leads to dealership personnel
• record outcomes and synchronize information to Customer systems such as CRMs or calendars

4.2 Sources and Destinations of Data

Information processed through the Services may flow between:

• the individual initiating the interaction (for example, a caller or texter)
• AI Pro Capital systems (for call handling, transcription, message processing, workflow logic, and reporting)
• Customer systems (for example, CRM and scheduling tools) when integrations are enabled
• third-party communications infrastructure (including carriers and messaging providers) required to deliver or complete communications

4.3 Configuration-Driven Operation

The content, logic, and operational rules of a workflow (including business hours, routing, escalation, qualification questions, and booking rules) are primarily configured by the Customer. Customer is responsible for the accuracy and appropriateness of such configurations and any statements communicated to end customers through Customer's configured workflows.

5.1 Dealership Account and Administrative Information

When a Customer subscribes to the Services or creates an account, we may collect:

• business contact information (name, business email, business phone number)
• dealership identifiers and administrative account details
• user credentials and authentication information (as applicable)
• communications with us regarding onboarding, configuration, and support

5.2 Sales, Support, and Other Communications

When you contact us (including through forms, email, phone calls, or chat), we may collect:

• the content of your inquiry and any attachments you provide
• contact details and company information you submit
• records of our communications and related internal notes for customer support and account administration

5.3 Billing and Transaction Administration

We may collect limited billing-related data in connection with subscriptions and payments, such as:

• billing contact details and subscription status
• payment confirmation, invoice history, and transaction identifiers provided by payment processors

Payment card information is typically handled by our payment processor(s) and not stored directly by AI Pro Capital, except as necessary for billing administration.

5.4 Configuration Inputs Provided by Customers

Customers may provide configuration inputs and operational instructions, which may include:

• routing and escalation rules
• dealership hours and departmental workflows
• qualification scripts, prompts, and appointment booking parameters
• disclaimers or other operational content the Customer elects to include

6.1 Device, Log, and Usage Information

When you access the Site or Services, we may automatically collect:

• IP address, device identifiers, browser type, operating system, and similar technical information
• access logs, timestamps, and activity records (such as pages viewed, features used, and administrative actions taken)
• diagnostic and performance data to operate, secure, and improve the Services
• security and fraud-prevention signals (including unusual login events and access anomalies)

6.2 Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to:

• maintain sessions and provide core functionality
• remember preferences
• conduct analytics and performance measurement
• support marketing activities where implemented

Additional detail regarding cookies, choices, and controls will be provided in Section 15 (Cookies and Tracking Technologies) and/or in a cookie notice presented on the Site, as applicable.

6.3 Platform Telemetry

Within the Services, we may collect telemetry relating to feature usage, configuration changes, and workflow performance to maintain service quality, investigate issues, prevent abuse, and support Customers.

7.1 Categories of Communications Data

Depending on Customer configuration and enabled features, we may process the following data when an individual interacts with a Customer's AI workflow:

• -Call Data: call time and duration, phone numbers, routing outcomes, interaction metadata, and (where enabled) call audio and call recordings
• -Transcripts and Derived Outputs: transcripts, summaries, classifications, disposition codes, qualification notes, and other workflow outputs generated in connection with the interaction
• -Messaging Data: SMS/MMS and email content, timestamps, delivery events, and related logs
• -Appointment and Lead Data: requested appointment times, booking confirmations, and lead qualification information captured during the interaction

7.2 Recording and Transcription

Where recording or transcription is enabled, call audio, recordings, and transcripts may be generated and stored for operational purposes such as delivering the Services, quality assurance, troubleshooting, and dispute handling. Legal requirements for recording, notice, and consent vary by jurisdiction, and Customers are responsible for implementing and managing required notices and consents for their operations.

7.3 Operational Storage and Access Controls

We limit access to Communications Data to authorized personnel and service providers with a legitimate need to support delivery, security, and maintenance of the Services. Communications Data may be retained for limited periods in accordance with our retention practices, subject to legal obligations, technical constraints, and Customer configurations.

7.4 Customer Systems and Integrations

If a Customer enables integrations, Communications Data and workflow outputs may be transmitted to Customer systems (such as a CRM) at the Customer's direction. Once transmitted to a Customer's systems, the Customer's privacy practices govern further processing.

8.1 Customer Systems and Data Sources

Customers may provide or make available Customer Data to AI Pro Capital through the Services, including by uploading information, configuring workflows that collect information, or enabling data connections with Customer systems. Customer Data may include lead and prospect information, appointment data, department routing rules, and other operational inputs provided by or on behalf of the Customer.

8.2 Integrations Enabled at Customer Direction

If a Customer enables an integration, the Customer authorizes AI Pro Capital to access, receive, and transmit Customer Data to and from the applicable third-party service solely to provide the Services as configured by the Customer. Integrations may include customer relationship management tools, scheduling systems, calendaring tools, messaging services, and other business software designated by the Customer.

8.3 Third-Party Communications Infrastructure

Delivery and completion of calls and messages necessarily relies on third-party communications infrastructure (including telecommunications carriers and messaging providers). In the course of completing communications, such providers may receive limited information required to route, deliver, or validate communications, such as phone numbers, timestamps, delivery events, and carrier routing metadata.

8.4 Customer Responsibility for Integration Permissions

Customers are responsible for ensuring that they have the appropriate rights and permissions to connect systems, transmit data, and authorize AI Pro Capital to process and transmit Customer Data via integrations. AI Pro Capital is not responsible for Customer misconfiguration, permission errors, or Customer's failure to maintain integration credentials or access.

9.1 Data Minimization Principle

We design the Services to process information relevant to dealership lead handling and customer communications. Customers should configure workflows to collect and process only information reasonably necessary for the intended dealership operations and customer experience.

9.2 Prohibited or Restricted Data Categories

Unless expressly agreed by AI Pro Capital in writing, Customers must not submit or process through the Services:

• protected health information regulated by HIPAA
• payment card information or authentication data subject to PCI DSS
• government-issued identifiers beyond what is reasonably necessary for dealership operations (unless legally required and appropriately safeguarded)
• precise geolocation data in a manner that would create heightened regulatory obligations
• other categories of information subject to specialized regulatory regimes not contemplated by the Services

9.3 Incidental Sensitive Information

If sensitive information is provided inadvertently (for example, within a call or message), AI Pro Capital may process such information only to the extent necessary to provide the Services and maintain platform integrity, and may restrict access, delete, or otherwise handle such information consistent with security and legal requirements.

9.4 Customer Responsibility

Customers remain responsible for ensuring that their scripts, qualification flows, and personnel do not solicit restricted information through the Services unless permitted under an applicable written agreement and appropriate safeguards are implemented.

9.5 Enforcement; Risk Mitigation

If prohibited or restricted data is submitted or processed through the Services (whether by a Customer, an Authorized User, or an end customer), AI Pro Capital may, without liability and in its discretion, restrict access to such data, delete such data, disable or limit affected features, and/or suspend the relevant workflow(s) or account access, in each case to reduce legal, regulatory, security, or carrier risk and to protect the integrity of the Services.

10.1 Core Service Provision

We use Personal Information to provide, operate, and maintain the Services, including to:

• administer accounts and Authorized User access
• execute configured AI workflows, including call handling and messaging automation
• generate transcripts, routing outcomes, appointment artifacts, and other operational outputs as part of the Services
• synchronize information with Customer systems where integrations are enabled

10.2 Support, Troubleshooting, and Quality Assurance

We use Personal Information to provide customer support and to diagnose, troubleshoot, and resolve issues, including by reviewing relevant logs, configuration settings, and (where applicable) recordings or transcripts for support and quality assurance purposes.

10.3 Security, Integrity, and Abuse Prevention

We use Personal Information to protect the Services and our customers, including to:

• detect and prevent fraud, abuse, and unauthorized access
• enforce acceptable use restrictions and protect carrier relationships
• monitor system performance, reliability, and operational integrity
• maintain audit trails and access logs

10.4 Billing and Business Administration

We use Personal Information to manage subscriptions, process payments, prevent billing fraud, provide invoices, and administer the customer relationship, including internal recordkeeping and financial reporting.

10.5 Product Improvement and Analytics

We may use information about usage and performance to improve the Services, develop new features, and conduct analytics, including by using aggregated and de-identified information as described in this Privacy Policy.

10.6 Marketing and Communications

We may use business contact details to send administrative and service-related communications. Where permitted by applicable law, we may also send marketing communications to business contacts, and we provide an unsubscribe mechanism where required.

11.1 Contractual Necessity

We process Personal Information where necessary to perform our contract with a Customer, including to provide the Services, manage accounts, provide support, and administer subscriptions.

11.2 Legitimate Interests

We process Personal Information where necessary for our legitimate interests, such as securing and improving the Services, preventing misuse, maintaining operational integrity, and conducting internal analytics, provided that such interests are not overridden by applicable legal protections.

11.3 Consent and Choice-Based Processing

Where required, we rely on consent for certain processing activities, such as particular cookie categories or marketing preferences, and we provide mechanisms to withdraw consent where applicable.

11.4 Legal Obligations and Protection of Rights

We may process Personal Information to comply with applicable legal obligations, to respond to lawful requests, to enforce our agreements, and to protect the rights, safety, and property of AI Pro Capital, our customers, and others.

12.1 Automated Processing in the Services

The Services use automation and artificial intelligence to support dealership communications and workflow outcomes, including detecting intent, collecting structured lead details, routing inquiries, and assisting with appointment booking. Automated processing is used to deliver the Services as configured by Customers.

12.2 Human Oversight and Customer Control

Customers configure key operational parameters, including business rules, escalation and transfer paths, and routing outcomes. Customers are responsible for implementing appropriate operational review and human oversight for their dealership workflows and for ensuring that responses and outcomes are suitable for their operations.

12.3 Service Improvement; De-Identified and Aggregated Data

We may use aggregated and/or de-identified data derived from use of the Services to improve performance, reliability, and safety, to develop and refine features, and to conduct analytics. We maintain controls designed to prevent re-identification of de-identified information, and we do not attempt to re-identify de-identified data except as permitted by law.

12.4 No Customer "Legal Compliance" Determinations

AI Pro Capital does not use automated processing to make legal compliance determinations for Customers. Customers remain responsible for their own legal compliance, including communications and recording practices, and should consult their own counsel regarding applicable obligations.

13.1 Service Providers and Subprocessors

We may disclose Personal Information to vendors and service providers that support delivery of the Services, such as hosting providers, analytics providers, customer support tooling providers, communications infrastructure providers, and security vendors. These providers are permitted to process Personal Information only to provide services to AI Pro Capital and are subject to contractual confidentiality and security obligations. AI Pro Capital maintains a list of subprocessors used to support the Services and will make the list available to Customers upon reasonable request.

13.2 Third-Party Services and Integrations

Where a Customer enables an integration, we may disclose and transmit Customer Data to the designated third-party service at the Customer's direction. The third party's privacy practices govern its processing of data once received.

13.3 Customers and Authorized Users

We disclose Customer Data and operational outputs (including transcripts, call outcomes, and lead information) to the Customer and its Authorized Users through the Services and via configured integrations.

13.4 Legal, Regulatory, and Safety Disclosures

We may disclose information where we believe disclosure is necessary or appropriate to: (a) comply with law or lawful requests; (b) enforce our agreements and policies; (c) protect the security or integrity of the Services; (d) prevent or investigate suspected fraud or misuse; or (e) protect the rights, safety, and property of AI Pro Capital, our customers, and others.

13.5 Business Transfers

We may disclose information in connection with a corporate transaction, such as a merger, acquisition, reorganization, financing, or sale of all or substantially all of our assets, including due diligence and transition planning, subject to customary confidentiality protections.

13.6 No Disclosure of Call Content for Advertising Purposes

We do not disclose the content of Customer communications (including call recordings, transcripts, or message content processed for dealership workflows) to unaffiliated third parties for their independent advertising purposes.

14.1 General Position

AI Pro Capital operates primarily as a B2B SaaS provider. We do not "sell" Personal Information in exchange for money in the ordinary course of our business.

14.2 Targeted Advertising and Measurement

If we engage in targeted advertising or use marketing analytics tools on the Site, we may disclose limited identifiers and device information (such as cookie identifiers, IP address, and event data) to advertising and analytics partners to measure and improve marketing performance. This type of disclosure may be considered "sharing" for cross-context behavioral advertising under certain U.S. state privacy laws.

14.3 Global Privacy Control

Where required by applicable law, we will recognize browser-based opt-out signals, such as the Global Privacy Control, for Site-based disclosures that constitute "sharing" for targeted advertising purposes.

14.4 Opt-Out Mechanisms

Where applicable, we provide opt-out mechanisms for targeted advertising and/or "sharing," including through cookie preference tools or other controls implemented on the Site. Customers may also adjust browser settings and device controls to limit certain cookies and tracking technologies.

14.5 Communications Data Not Used for Advertising

Communications Data, including call recordings, transcripts, SMS/MMS content, email content, and other content processed through the Services on behalf of Customers, is not used for advertising, cross-context behavioral advertising, or marketing profiling. Any cookies, pixels, SDKs, or advertising/analytics tools (if used) apply to Site activity only and are not used to ingest or target advertising based on Communications Data.

15.1 Cookies, Pixels, and Similar Technologies

We and our service providers may use cookies, pixels, SDKs, local storage, and similar technologies ("Cookies") on the Site and, in limited cases, in connection with certain non-authenticated portions of the Services, to:

• provide core functionality and maintain sessions
• remember preferences and improve user experience
• understand Site performance and usage patterns
• prevent fraud and protect the security and integrity of the Site and Services
• support marketing and measurement activities where implemented

15.2 Categories of Cookies

Cookies used on the Site may include:

• Strictly Necessary Cookies required to operate the Site and provide core functionality
• Functional Cookies that remember preferences and enhance features
• Analytics Cookies that help us understand how the Site is used and how it performs
• Advertising Cookies (if implemented) that support marketing measurement and, in some cases, targeted advertising

15.3 Your Choices and Controls

Where required by law, we provide cookie preference tools and consent mechanisms for certain cookies. You can also control Cookies through browser settings. Blocking or deleting certain Cookies may affect Site functionality.

15.4 Do Not Track Signals

Some browsers transmit "Do Not Track" signals. Because there is not yet an industry-standard approach to honoring such signals, we do not respond to "Do Not Track" signals. We do, however, recognize the Global Privacy Control signal as described in Section 14 where required by applicable law.

For clarity, Cookies relate to Site activity and are not used to process or target advertising based on Communications Data (including call recordings, transcripts, or message content).

16.1 Service and Administrative Communications

We may send service-related and administrative communications to Customers and Authorized Users, including notices regarding subscriptions, billing, security, service changes, and support matters. These communications are not marketing communications, and opting out of such communications may limit our ability to provide the Services or support.

16.2 Marketing Communications

Where permitted by applicable law, we may send marketing communications to business contacts. You may opt out of marketing emails by using the unsubscribe mechanism included in the email or by contacting us using the details in Section 25.

16.3 Dealership End-Customer Communications

Communications initiated by a Customer to its end customers (including calls, texts, and emails facilitated through the Services) are controlled by the Customer. Customers are responsible for obtaining necessary permissions and honoring opt-out requests and do-not-contact requirements. AI Pro Capital processes such communications on behalf of Customers as part of providing the Services.

17.1 Feature Availability and Configuration

Depending on Customer configuration and enabled features, the Services may support call recording, call monitoring, transcription, and the generation of derived outputs (such as summaries and disposition tags). These features are provided to support dealership workflows, quality assurance, troubleshooting, and service performance.

17.2 Customer Responsibility for Notices and Consents

Recording, monitoring, and transcription laws vary by jurisdiction and may require notice and/or consent of one or more call participants. Customers are solely responsible for determining whether recording or transcription is permitted in their circumstances and for providing any legally required disclosures and obtaining any legally required consents prior to enabling or using such features.

17.3 Our Use of Recordings and Transcripts

Where recordings or transcripts are generated and stored within our systems, we may use them for:

• providing and operating the Services as configured
• quality assurance and performance measurement
• troubleshooting, debugging, and support
• security and abuse prevention
• resolving disputes regarding service operation or usage

Access is limited to personnel and service providers with a legitimate need to support the Services and subject to confidentiality and security obligations.

17.4 Customer Access and Downstream Processing

Recordings, transcripts, and related workflow outputs may be made available to Customers through the Services or transmitted to Customer systems via integrations. Once delivered to Customer systems, Customer's policies and practices govern further use, retention, and disclosure.

17.5 No Voiceprints / Biometric Identifiers

AI Pro Capital does not intentionally create, derive, store, or use voiceprints or other biometric identifiers from call audio for identification, verification, or authentication purposes, unless otherwise expressly disclosed in writing.

18.1 Retention Principles

We retain Personal Information only for as long as reasonably necessary to:

• provide and improve the Services
• maintain business records and administer accounts
• comply with legal obligations
• resolve disputes
• enforce our agreements

18.2 Category-Based Retention

Retention periods may vary depending on the nature of the data and the context in which it is processed, including:

• Account and administrative information retained for the subscription term and thereafter as needed for recordkeeping, support history, and legal compliance
• Operational logs and security records retained for security, auditing, and integrity purposes
• Communications Data (including recordings and transcripts) retained for limited periods consistent with operational needs, storage constraints, Customer configuration, and legal requirements

18.3 Customer Export Responsibility

Customers are responsible for exporting any Customer Data or Communications Data that they require to retain beyond any retention period supported by the Services or described in an Order Form or addendum. We do not guarantee indefinite storage of recordings, transcripts, or related artifacts.

18.4 Deletion and Backups

When information is deleted, it may persist in backups for a limited period as part of routine security and disaster recovery practices, and may be retained longer where required by law or for legal holds.

18.5 Retention Summary (High-Level)

By way of summary, we generally retain (a) account, billing, and contractual records for the subscription term and thereafter as necessary for legal, accounting, audit, and dispute purposes; (b) security and operational logs for integrity, fraud prevention, and troubleshooting; and (c) Communications Data (including recordings and transcripts) for limited operational periods that may vary based on Customer configuration, storage constraints, technical limitations, and legal requirements. Specific retention periods may change over time as the Services evolve and as legal or operational requirements change.

19.1 Safeguards

We maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction. Safeguards may include access controls, authentication measures, logging, monitoring, encryption in transit and, where appropriate, encryption at rest, as well as vendor security diligence.

19.2 Customer Security Responsibilities

Customers are responsible for maintaining the security of their accounts, devices, and internal systems. This includes limiting access to Authorized Users, managing role-based permissions, implementing appropriate credential hygiene, and promptly disabling access for departed personnel.

19.3 Security Incidents

In the event we become aware of a confirmed security incident involving unauthorized access to Personal Information in our possession or control, we will take commercially reasonable steps to investigate and mitigate the incident and to provide notice to Customers as required by applicable law.

20.1 U.S.-Centric Operations; Cross-Border Processing

AI Pro Capital is based in the United States, and the Services are intended primarily for U.S. dealership operations. Personal Information may be processed and stored in the United States and, depending on our service providers, in other jurisdictions.

20.2 Transfer Mechanisms

Where required by applicable law, we implement appropriate safeguards designed to support lawful cross-border transfers, including contractual protections with service providers and other measures appropriate to the nature of the processing.

20.3 Incidental EEA/UK Data

Although the Services are not directed to individuals in the European Economic Area or the United Kingdom, Customer Data may incidentally include information relating to individuals located in those regions. Customers are responsible for ensuring they have appropriate lawful bases and notices for any such processing in connection with their use of the Services.

21.1 Rights May Vary by Jurisdiction

Depending on where you reside and the context of processing, you may have rights regarding your Personal Information, including rights to access, correct, delete, and obtain a copy of certain information.

21.2 Requests Relating to Customer Data Processed for Dealerships

Where we process information on behalf of a Customer (for example, an end customer's call or text to a dealership), the Customer is typically the primary party responsible for responding to requests. We may, as appropriate, direct requests to the relevant Customer or assist the Customer in responding, subject to legal requirements and our contractual arrangements.

21.3 How to Submit a Request

You may submit a request by contacting us using the information in Section 25. To protect Personal Information, we may require reasonable verification of identity and, where applicable, authority to act on behalf of another person. We may also request additional information reasonably necessary to understand, evaluate, and respond to the request and to locate the relevant records.

21.4 Authorized Agents

Where permitted by law, you may use an authorized agent to submit a request on your behalf. We may require proof of authorization and verification of identity before processing such requests.

21.5 Limitations

We may deny or limit requests where permitted by law, including where fulfilling the request would adversely affect the rights of others, conflict with legal obligations, or be impracticable. We will respond to requests within the timeframes required by applicable law, and may deny or limit requests where permitted by law, including where an exemption applies or where compliance would be impracticable or would adversely affect the rights of others.

22.1 Overview

Certain U.S. state privacy laws provide residents with specific rights and require specific disclosures. This Section summarizes such disclosures to the extent applicable to our processing activities.

22.2 California (CCPA/CPRA) Notice

To the extent applicable, California residents may have rights to request access, deletion, and correction of Personal Information, and to opt out of "sale" or "sharing" of Personal Information for cross-context behavioral advertising. We do not sell Personal Information for money. If we engage in Site-based disclosures that constitute "sharing" under California law, we provide mechanisms to opt out, including recognition of Global Privacy Control where required.

22.3 Categories of Personal Information Collected and Disclosed (High-Level)

In the preceding 12 months, we may collect and disclose the following categories of Personal Information for business purposes:

• identifiers (such as name, email address, phone number, IP address)
• internet or network activity information (such as Site usage and logs)
• professional or employment-related information (business contact data)
• communications content processed as Customer Data on behalf of Customers (where enabled)
• inferences drawn from usage for service improvement and security

We disclose Personal Information to service providers and, at a Customer's direction, to third-party integrations, as described in Section 13.

22.4 Other State Laws

Residents of other states with privacy laws may have similar rights, including the right to access, delete, correct, obtain a copy of data, and opt out of targeted advertising in certain circumstances. Where required, we provide an appeals mechanism for denied requests.

22.5 Appeals (Where Required)

If we deny a request and applicable law provides an appeals right, you may appeal by contacting us at the email address in Section 25 with "Privacy Appeal" in the subject line. We will respond in accordance with applicable law.

23.1 Not EU-Targeted

The Services are intended for U.S.-based dealership operations and are not offered as EU-targeted services. Nevertheless, Customer Data may incidentally include Personal Data relating to individuals located in the EEA or the UK.

23.2 Roles and Responsibilities

Where AI Pro Capital processes Customer Data on behalf of a Customer, the Customer generally acts as controller and AI Pro Capital acts as processor. Customers are responsible for providing required notices and identifying an appropriate lawful basis for their processing.

23.3 Cooperation and Safeguards

Where required by applicable law and consistent with our contractual arrangements, we will cooperate reasonably with Customers to support lawful processing, including responding to certain requests routed through the Customer, and implementing appropriate safeguards for international transfers.

25.1 Changes

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If we make material changes, we may provide additional notice through the Site, within the Services, or by email, as appropriate.

25.2 Contact Us

For questions, requests, or concerns regarding this Privacy Policy or our privacy practices, contact: