Security & Compliance

Privacy, Security & Compliance

Welcome to the AutoService AI Trust Center. We recognize that trust is built on transparency and earned with experience. Our voic AI solutions are provided from a SaaS platform designed to protect the data which our customers entrust to us. We have built service features to help our customers better meet consumer privacy expectations and comply with applicable law. Here we highlight some of our data protection safeguards and compliance-enabling service features.

 

PRIVACY POLICY

The AutoService AI Privacy Policy describes our practices regarding the personal information we process as a data controller operating a business. This policy also describes our role and practices in connection with personal information we may receive and otherwise process on behalf of our customers.

 

CCPA

As a business or data controller, AutoService AI adheres to the California Consumer Privacy Act of 2018 (“CCPA”) and other state privacy laws, including the Virginia Consumer Data Protection Act. As a service provider or data processor for our customers, we provide information and service features that helps our customers meet their respective state law obligations.

AutoService AI qualifies under the CCPA as a “service provider” with which you, as our AutoService AI customer or “business”, can share CA consumer PI to the extent “reasonably necessary and proportionate” to achieve your business goals. You choose the PI we process on your behalf so our AI Assistants can initiate conversations on your behalf.

 

COPPA

In accordance with the Children’s Online Privacy Protection Act (COPPA), the AutoService AI service agreement prohibits our customers from sending to us for processing the PII of anyone who is age 13 or under. If we knowingly receive such data in our services we will inform our customers and delete it.

 

EU-US Privacy Shield

We are EU-U.S. Privacy Shield certified for non-HR data. Nonetheless, in accordance with the decision by the Court of Justice of the European Union (C-311/18, also known as “Schrems II”), on July 16, 2020, we ceased relying on our EU-U.S. and Swiss-U.S. Privacy Shield certifications as a legal basis for international data transfers from the EEA or Switzerland to the U.S. We will continue to adhere to the EU-US and Swiss-US Privacy Shield principles for all personal information transferred to the US in reliance on such certifications prior to July 16, 2020, and we continue to maintain our Privacy Shield certification as we look forward to the framework being recognized once again as an adequate mechanism for the transfer of data from the EU to US.

 

GDPR

As a data controller, AutoService AI adheres to the EU General Data Protection Regulation and other applicable data protection laws. As a data processor for our customers, we comply with the GDPR as applicable to our services and provide our customers with information and service features to facilitate their respective compliance efforts.

As a service provider, AutoService AI provides appropriate data protection safeguards for the personal data we process on behalf of our customers. AutoService AI and its data hosting partner, AWS, have implemented appropriate administrative, physical, and logical safeguards designed to protect the security, availability, confidentiality, and integrity of AutoService AI customers’ data. These safeguards include the technical measures specified by GDPR Article 32 and are audited by external auditors on an annual basis.

For customers whose data includes personal data within the scope of the GDPR, AutoService AI’s DPA includes the Standard Contractual Clauses updated in June 2021 with the appropriate modules for data transfers to third countries (the U.S.) from an exporter controller (AutoService AI’s customer) and importer processor (AutoService AI).

 

DATA RETENTION POLICY

AutoService AI retains customer data in accordance with customer instructions contained in their respective services agreements. Following customer account termination, access is removed and the customer data associated with the account is logically deleted and then overwritten.

 

DATA REMOVAL REQUESTS

Customers can request data removal by contacting AutoService AI technical support. Any data removal request received from a data subject associated with a customer as the data controller will be referred to such customer.

 

INCIDENT RESPONSE PLAN

AutoService AI operates a formal Security Incident management process under a related policy and procedures. Escalation procedures exist to ensure the timely communication of any Security Incident through the management chain and to any affected customers without undue delay.

 

AVAILABILITY & RELIABILITY

AutoService AI is 100% server-less. We use the Amazon Web Services platform infrastructure because it has been architected to be one of the most flexible, reliable, and secure cloud environments available today, allowing our customers to benefit from this data infrastructure. Our services are deployed to benefit from the infrastructure redundancy of the Amazon Web Services platform.

 

CONFIDENTIALITY AGREEMENTS

Our service agreements provide for the confidential treatment of confidential customer information, including customer data. And we require all our employees and contractors as well as vendors to sign confidentiality agreements to ensure the protection of confidential information.

 

EMPLOYEE BACKGROUND CHECKS

AutoService AI employees are required to provide specific documents verifying identity and undergo federal and state criminal background checks prior to being hired.

 

EMPLOYEE SECURITY TRAINING

We train all new employees about their confidentiality, privacy and information security obligations as part of their onboarding training. A compulsory annual security and privacy training ensures employees refresh their knowledge and understanding. Engineering teams receive further training related to their work duties and access.

Our employee workstations are automatically locked after a pre-determined period of non-use via the MDM system we have implemented.

 

BUSINESS CONTINUITY

AutoService AI has implemented an integrated Business Continuity and Disaster Recovery Policy and maintains related plans under the policy. Please see the text under Disaster Recover Plan for more information on this topic.

 

DISASTER RECOVERY

AutoService AI maintains essential disaster avoidance, readiness, and recovery planning capabilities through the use of multiple geographically dispersed data centers, redundancy throughout our platform architecture, offsite data backup, and remote access capabilities. We also maintain a Business Continuity and Disaster Recovery Policy and related plans and test them on a regular basis.

 

DATA BACKUPS

AutoService AI stores all customer data on fully redundant Amazon Web Services (AWS) storage systems, utilizing hot backups stored in secure AWS facilities offsite from production facilities. Access to backup media is highly restricted.