GDPR Compliance Statement

Last Updated: 02 August 2025

IntelLink AI Assistant ("IntelLink," "we," "us," or "our") is committed to compliance with the General Data Protection Regulation (GDPR). This page outlines our approach to GDPR and explains the rights of individuals residing in the European Economic Area (EEA).

1. Data Controller and Data Processor

Understanding the roles of Data Controller and Data Processor is key to GDPR compliance.

• IntelLink as Data Controller: When you register for an account, subscribe to our service, or communicate with us, we act as the Data Controller for your personal data (e.g., your name, email address, billing information).
• You as Data Controller: You are the Data Controller for the content you upload to train your chatbot ("Knowledge Base Content") and for the personal data of your end-users who interact with your chatbot.
• IntelLink as Data Processor: When we process the Knowledge Base Content or the chat interaction data on your behalf to provide the Service, we act as the Data Processor. Our processing is governed by our Terms of Service and your instructions.

2. Legal Basis for Processing

We process personal data on the following legal bases:

• Contractual Necessity: To fulfill our contract with you as outlined in our Terms of Service. This includes creating your account, processing payments, and providing the core chatbot functionality.
• Legitimate Interest: For purposes such as improving our Platform, providing analytics, and ensuring the security of our services, where our interests are not overridden by your data protection rights.
• Consent: Where required, such as for sending non-essential marketing communications, we will ask for your explicit consent.

3. Your Rights Under GDPR

If you are an individual in the EEA, you have the following rights concerning your personal data:

• The Right to Access: You can request a copy of the personal information we hold about you.
• The Right to Rectification: You can request that we correct any inaccurate or incomplete data.
• The Right to Erasure (The "Right to be Forgotten"): You can request the deletion of your personal data under certain conditions.
• The Right to Restrict Processing: You can request that we limit the way we use your personal data.
• The Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
• The Right to Object: You can object to our processing of your personal data where it is based on legitimate interests.

You can exercise most of these rights through your account settings. For any other requests, please contact us at support@intellink.ai.

4. Data Transfers Outside the EEA

To provide our Service, we may transfer your data to service providers located outside the EEA (e.g., AWS for hosting, OpenAI for AI processing). We ensure such transfers are lawful by relying on adequacy decisions, Standard Contractual Clauses (SCCs), or other approved legal mechanisms to safeguard the data.

5. Data Processing Addendum (DPA)

For customers who are Data Controllers, we offer a Data Processing Addendum (DPA) that governs our role as a Data Processor. The DPA is an extension of our Terms of Service and Privacy Policy and meets GDPR requirements. To request and sign our DPA, please contact us at support@intellink.ai.

6. Data Security

We are dedicated to data security. As detailed in our Privacy Policy, we use technical and organizational measures like encryption (SSL/TLS), access controls, and secure infrastructure to protect the data we process.

7. Contact & Supervisory Authority

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact our data privacy team at support@intellink.ai. You also have the right to lodge a complaint with your local data protection supervisory authority.