Privacy Policy
How we collect, use, and protect your information.
Last updated: March 10, 2026
1. Introduction
Quality IT Solutions LLC ("Company," "we," "us") operates the LaliSays platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including the web portal, API, and agent software.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, organization, and user role. If you enable multi-factor authentication, we store encrypted TOTP secrets and WebAuthn credential identifiers.
Contact Form Submissions
If you submit a contact form on our website, we collect the information you provide: name, email, phone, company, job title, industry, and any message content. We also record your consent preferences for email and SMS communications.
Usage Data
We collect information about how you interact with the Service, including login timestamps, IP addresses, user agent strings, and feature usage. This data is used for security auditing and service improvement.
Integration Data
When you connect third-party services (e.g., Microsoft 365, Google Workspace), we store OAuth2 tokens and configuration settings required to access those services on your behalf. We do not store your third-party passwords.
On-Premises Data
The LaliSays agent processes files and data on your local infrastructure. This data is not transmitted to our cloud servers unless you explicitly instruct the agent to do so (e.g., uploading a file to a cloud integration). Job metadata (task names, status, timestamps) is synced with the cloud control plane.
3. How We Use Your Information
- Provide the Service: Authenticate users, execute tasks, manage integrations, and deliver platform functionality.
- Security: Detect and prevent unauthorized access, fraud, and abuse. Audit logs record login attempts, password changes, and administrative actions.
- Communication: Send password reset emails, account notifications, and (with your consent) product updates and marketing communications.
- Improvement: Analyze usage patterns to improve Service reliability, performance, and user experience.
- Support: Respond to inquiries, troubleshoot issues, and provide customer support.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share data in the following circumstances:
- Third-Party Integrations: When you connect a service, your data is shared with that service per your instructions (e.g., sending an email via Office 365).
- Service Providers: We use cloud infrastructure providers (AWS) to host our Service. These providers are contractually obligated to protect your data.
- AI Processing: Conversation content is processed by Anthropic's Claude API to generate responses. Anthropic does not train on API data.
- Legal Requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of our users or the public.
5. Data Security
We implement industry-standard security measures, including:
- Passwords hashed with Argon2 (memory-hard algorithm resistant to GPU attacks)
- TOTP and FIDO2/WebAuthn multi-factor authentication
- API credentials encrypted at rest using Fernet symmetric encryption
- Database credentials stored in private subnets with no direct internet access
- TLS encryption for all data in transit
- Session management with automatic timeout and rotation
- Audit logging of all authentication and administrative actions
- Bot detection and geo-restriction for platform access
6. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account termination upon request.
- Audit logs: Retained for up to 12 months for security purposes.
- Contact form submissions: Retained until you request deletion.
- Job metadata: Retained while the associated organization is active.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (subject to legal retention requirements).
- Withdraw consent for marketing communications at any time.
- Export your data in a machine-readable format.
- Lodge a complaint with a data protection authority.
8. SMS and Email Communications
If you consent to receive SMS or email communications, you can opt out at any time by:
- Clicking the unsubscribe link in any email.
- Replying STOP to any SMS message.
- Contacting us at the email below.
Message and data rates may apply for SMS. SMS frequency varies based on your interaction with the platform. We do not share your phone number or email with third parties for their own marketing purposes.
9. Cookies and Tracking
The LaliSays platform uses session cookies for authentication. These are essential cookies required for the Service to function and cannot be disabled. We do not use third-party tracking cookies, analytics trackers, or advertising pixels.
10. Children's Privacy
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will promptly delete it.
11. International Data Transfers
The Service is hosted in the United States (AWS us-east-1). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top indicates the most recent revision.
13. Contact Us
For privacy-related questions or to exercise your rights, contact us at:
support@qualityitsolutions.net