Privacy Policy

DuranAI - Business Knowledge Search Platform

Last Updated: September 12, 2025
Effective Date: September 12, 2025

1. Introduction

DuranAI ("we," "our," or "us") operates an AI-powered business knowledge search platform designed for businesses in Mongolia and internationally. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our web applications, embedded search widgets, and messaging integrations.

Our Services Include:

  • Business Knowledge Search Dashboard
  • Document Processing and Search
  • Embedded Search Widgets for third-party websites
  • Social Media Messaging Integration (Facebook, Instagram, WhatsApp)
  • Analytics and Usage Reporting

Contact Information:

Company: DuranAI

Email: info@duran.ai

Address: Bayanzurkh District, 36th khoroo, Khunnu Street, Ikh-Mongol Office 301, Ulaanbaatar, Mongolia

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

  • Email address (required for authentication)
  • Full name
  • Password (encrypted and securely managed)
  • User ID for account linking
  • Early access validation codes (when applicable)

Business Information:

  • Business display name
  • Business category (telecom, banking, insurance, retail, healthcare, education, government, other)
  • Business language and locale preferences
  • Optional business metadata (description, website URL, contact email, industry classification)
  • User preferences (language preference, theme preference)
  • Business logo uploads (processed and stored in secure cloud storage)

Subscription and Billing:

  • Billing information for paid plans
  • Payment method details (processed by third-party payment processors)
  • Subscription preferences and usage requirements

2.2 Document and Content Data

  • PDF files, text documents, Office documents, images
  • Document metadata (filename, size, upload date)
  • Extracted text content and document structure
  • Document processing status and history
  • Business-specific knowledge base data
  • Document categorization and indexing
  • Processed data for search and retrieval

2.3 Meta Platform Integration

Permissions We Request:

When you connect Facebook Pages, Instagram Business accounts, or WhatsApp Business numbers, we request the following permissions:

  • pages_show_list: To display the Facebook Pages you manage
  • pages_messaging: To send and receive Messenger messages on your behalf
  • pages_manage_metadata: To set up message notifications
  • instagram_basic: To access your Instagram Business account information
  • instagram_manage_messages: To send and receive Instagram Direct Messages

Data We Collect from Meta Platforms:

Facebook Page and Instagram Account Information:

  • Page and account names, IDs, profile pictures
  • Instagram username, display name, follower count, media count
  • Linked Facebook Page details (for messaging capabilities)

Messages and Conversations:

  • Message content (text messages)
  • Message metadata (message IDs, timestamps)
  • User identifiers (Page-Scoped IDs unique to each page)
  • User interaction data (button clicks from menus/postbacks)
  • Referral information (source of how users discovered your page)
  • Conversation status (active/closed, message counts, duration)

WhatsApp Business Information:

  • Phone Number ID and display phone number
  • WhatsApp Business Account ID
  • Verified business name
  • Phone number quality rating (assigned by Meta)
  • Access credentials (secured with access controls)

Conversation Data Storage:

  • Complete message transcripts (both customer messages and AI responses)
  • Conversation metadata (start time, last activity, message count, status)
  • User identifiers for maintaining conversation continuity
  • AI-generated responses and confidence scores
  • Source documents referenced in responses
  • Conversation closure data and auto-timeout after 24 hours of inactivity

2.4 Widget and Search Interactions

Search Activities:

  • User search queries and terms
  • Search results and response times
  • AI-generated answers and confidence scores
  • Source documents referenced in responses
  • Search success rates and user satisfaction metrics

Widget Interactions:

  • Queries submitted through embedded widgets
  • IP addresses of widget users (end users on third-party sites)
  • User agent strings (browser and device information)
  • Referrer URLs (websites where widgets are embedded)
  • Session identifiers for conversation tracking

2.5 Technical and Analytics Data

Website Usage:

  • IP addresses and geographical location data
  • Browser type, version, and operating system
  • Device information and screen resolution
  • Page views, navigation patterns, and session duration
  • Cookies and local storage data

System Logs:

  • Authentication attempts and login timestamps
  • API requests and system performance metrics
  • Error logs and debugging information
  • Security events and access patterns

Messaging Analytics:

  • Message processing metrics (response times, success rates)
  • Query content for quality improvement
  • Platform-specific performance data (Facebook, Instagram, WhatsApp)
  • Error logs and debugging information
  • Conversation engagement metrics (message counts, conversation duration)

2.6 Cookies and Tracking Technologies

Essential Cookies:

  • Language preference cookies (1 year expiration)
  • Authentication tokens and session management cookies
  • Theme preference storage

OAuth State Cookies:

  • Facebook OAuth security verification cookies (10 minutes)
  • Instagram OAuth security verification cookies

Local Storage:

  • Onboarding progress tracking
  • Business logo caching
  • Early access validation codes (30-day expiration)

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our services
  • Process your requests and transactions
  • Improve our AI algorithms and service quality
  • Communicate with you about service updates
  • Ensure security and prevent fraud

Messaging Platform AI Processing:

Customer messages received through Facebook Messenger, Instagram Direct Messages, and WhatsApp are processed using artificial intelligence and machine learning technology to generate contextual responses based on your business knowledge base.

  • Message content is analyzed against your business knowledge base
  • We maintain conversation context across multiple messages using session identifiers
  • Messages are stored for conversation continuity and quality improvement
  • Responses are customized based on detected language and platform limitations

4. Information Sharing and Disclosure

Meta Platform Integration:

When you use our Meta platform integrations, certain data is shared with Meta through their APIs:

  • Outbound messages we send on your behalf
  • Webhook subscription information
  • Page and account connection status

Meta processes this data according to their own Privacy Policy and Platform Terms. We use Meta's secure webhook infrastructure to receive messages.

Service Providers:

We may share your information with trusted third-party service providers who assist us in operating our platform, conducting our business, or servicing you. These providers are contractually obligated to keep your information confidential and secure.

5. Data Retention

General Data Retention:

  • Account information: Retained for the duration of your account plus 90 days after closure
  • Document data: Retained while your account is active or as needed to provide services
  • Analytics data: Retained for 2 years

Messaging Data Retention:

  • Active conversations: Retained for 24 hours of inactivity, then auto-closed
  • Closed conversation history: Retained for 1 year
  • Message content: Retained for 1 year from conversation closure
  • Analytics and performance data: Retained for 2 years
  • Access tokens: Retained until integration is disconnected

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data at rest and in transit
  • Secure authentication and access controls
  • Regular security audits and monitoring
  • Restricted access to personal information

Meta Platform Access Token Security:

  • All Meta platform access tokens (Facebook, Instagram, WhatsApp) are secured with access controls
  • Access credentials are managed securely with appropriate safeguards
  • Access tokens are stored in secure cloud infrastructure with limited access
  • Tokens are refreshed according to Meta's security policies

7. Your Rights and Choices

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Data portability
  • Withdraw consent (where processing is based on consent)

Managing Your Meta Platform Data:

  • You can disconnect Facebook Pages, Instagram accounts, or WhatsApp numbers at any time from your dashboard
  • Disconnecting will stop message processing but may retain historical conversation data for the retention periods specified above
  • To request deletion of conversation data, contact us at info@duran.ai
  • You can revoke our app's permissions through your Facebook Settings → Business Integrations

Note: Some data may be retained for legal and security purposes even after disconnection

8. WhatsApp Business Messaging Compliance

  • We comply with WhatsApp Business API policies and Meta's Commerce Policy
  • Business-initiated conversations follow WhatsApp's 24-hour messaging window
  • Message templates are used for notifications outside the messaging window
  • We do not use WhatsApp data for advertising or marketing to third parties

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

12. Legal Basis for Processing (EU/GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Consent: When you have given us permission to process your data
  • Contract: When processing is necessary to fulfill our services to you
  • Legal Obligation: When we must process data to comply with legal requirements
  • Legitimate Interests: When processing is necessary for our legitimate business interests

Contact Information

Privacy Questions and Requests

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

Email: info@duran.ai

Subject Line: "Privacy Policy Inquiry" or "Data Subject Rights Request"

© 2025 DuranAI. All rights reserved.