1. Introduction
Assist Engine ("we," "us," or "our") provides an AI-native IT service management platform designed for managed service providers (MSPs) and IT teams. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service").
By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
We collect information necessary to provide, maintain, and improve the Service. The categories of data we collect include:
| Category | Data Collected | Purpose |
|---|---|---|
| Account Information | Name, business email address, organization name, authentication credentials (via SSO/OAuth) | Account creation, authentication, tenant provisioning |
| Ticket & Conversation Data | Support ticket content, conversation history, AI-generated summaries and analyses, internal notes | Core service delivery, AI-powered ticket triage, routing, and resolution assistance |
| Voice Data | Voice call recordings, AI-generated transcripts, call metadata (duration, timestamps) | AI voice agent functionality, call analysis, quality assurance |
| Usage & Telemetry | Feature usage patterns, session data, performance metrics, error logs | Service improvement, debugging, reliability monitoring |
| Integration Data | Data received from connected third-party services (e.g., Microsoft Teams) as configured by your organization | Enabling integrations your organization configures |
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To operate the platform, process tickets, run the AI voice agent, generate AI-assisted responses, and deliver core functionality.
- AI Processing: Ticket content, conversation history, and voice data (when recording is enabled) are processed by third-party AI models to provide intelligent triage, summarization, response suggestions, and voice interactions. See Section 5 for details on our AI sub-processors.
- Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the reliability and functionality of the Service.
- Security: To detect, prevent, and respond to security incidents, fraud, and abuse.
- Communication: To send service-related notifications, respond to inquiries, and provide support.
We do not sell your personal information. We do not use your data for advertising purposes.
4. Multi-Tenant Architecture & Data Isolation
Assist Engine operates a multi-tenant architecture. Each customer organization ("tenant") is logically isolated. Data belonging to one tenant is not accessible to other tenants. Tenant isolation is enforced at the database query level with row-level security and validated through our application layer.
5. Third-Party Sub-Processors
To deliver the Service, we use the following third-party providers that may process your data:
| Provider | Function | Data Processed |
|---|---|---|
| OpenAI | AI completions (GPT-4.1-mini), voice synthesis (GPT-4o-mini-TTS) | Ticket content, conversation context, voice output generation |
| Google (Gemini) | Text embeddings (Gemini Embedding model) | Ticket content for semantic search and retrieval |
| Neon | Database hosting (PostgreSQL) | All persistent application data |
| Vercel | Application hosting, serverless compute | Request/response data, application logs |
| Sentry | Error tracking and monitoring | Error logs, stack traces (may include request context) |
| Microsoft | Teams integration (when enabled) | Messages and data as configured by your tenant |
Each sub-processor is contractually bound to process data only as necessary to provide their respective services. We evaluate the security practices of our sub-processors and select providers with SOC 2 or equivalent certifications where available.
6. Data Retention
We retain your data for as long as your organization maintains an active account with the Service. Upon account termination:
- We will delete or anonymize your tenant data within 90 days of account closure.
- Backup copies may persist for up to an additional 30 days before automatic deletion.
- Aggregated, anonymized data that cannot identify any individual or organization may be retained indefinitely for analytics and service improvement.
Your organization's administrator may request data export or deletion at any time by contacting us.
7. Data Security
We implement technical and organizational measures designed to protect your data, including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Row-level tenant isolation at the database layer
- Input validation and sanitization (Zod schema validation)
- Webhook authentication and verification
- TOTP-based verification for sensitive voice operations
- Automated error monitoring and alerting (Sentry)
- Regular security assessments and penetration testing
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Rights & Choices
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data, subject to our legal obligations.
- Portability: Request an export of your data in a machine-readable format.
- Opt-Out of AI Processing: Your administrator can disable AI analysis and voice recording features for your organization's tenant.
To exercise any of these rights, contact us at the address below. We will respond within 30 days.
9. International Data Transfers
Our infrastructure and sub-processors are based in the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
10. Children's Privacy
The Service is designed for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Assist Engine
Email: privacy@assistengine.com