Privacy Policy

Last Update: 12/06/2025

1. Introduction

We are Airbot Technology Limited, doing business as Airport AI, located at 35-37 Ludgate Hill, EC4M 7JN London, United Kingdom. Our mission is to provide innovative AI-powered solutions.

This Privacy Policy is designed to be comprehensive and transparent. It explains how we collect, use, share, and protect personal information.

2. Our Role: Data Controller vs. Data Processor

It is important to understand our role in handling personal data, as it differs depending on the situation.

• Airport AI as a Data Controller: When you visit our website (https://www.airport.ai), contact us directly for sales or marketing inquiries, we are the Data Controller. This means we determine the purposes and means of processing your personal information for our own business needs, such as managing our website, and improving our services.
• Airport AI as a Data Processor: When you interact with our Chatbot service deployed on one of our client's websites, or via other communication channels our client has contracted, such as WhatsApp or Facebook Messenger, our client is the Data Controller, and we are the Data Processor. In this scenario, we process your personal data solely on behalf of and under the documented instructions of our client.
• Please note: When you use third-party platforms like WhatsApp or Facebook Messenger to interact with our chatbot, your interaction with those platforms (including the collection of data by WhatsApp or Messenger themselves) is governed by their respective privacy policies and terms of service. We are not responsible for the data practices of WhatsApp, Facebook Messenger, or any other third-party communication platform. We only process the conversation content and related technical data that we receive from these platforms on behalf of our clients.
• The collection and use of your data in these contexts are primarily governed by our client's (the Data Controller's) own privacy policy. Our specific obligations as a Data Processor are defined in a Data Processing Agreement (DPA) entered into with each of our clients.

This policy primarily details our activities and responsibilities when we act as a Data Controller. We also outline our responsibilities as a Data Processor to ensure full transparency regarding our data handling practices.

3. What Information We Collect and How We Use It

a. When We Act as a Data Controller (on https://www.airport.ai)

• Information You Provide Voluntarily:
• Type of information:
• Contact Information: Name, email, phone number, company name.
• Financial information: Billing information (tax id, number of the payer VAT)
• Use: To respond to your inquiries, provide information, contract service.
• Lawful Basis for Processing: Performance of a contract, client´s consent, or client´s legitimate interests.

b. When We Act as a Data Processor (e.g., our Chatbot on a Client's Site or other contracted channels):

• Information We Process on Behalf of Our Clients:
• Chatbot Conversations: The content of your conversations with the chatbot, regardless of the channel used (website, WhatsApp, Messenger), including questions asked and information you provide during the conversation.
• Chatbot Usage Data: Technical information about your interaction with the chatbot, and the specific communication channel used (e.g., WhatsApp, Messenger)
• Sensitive Data: We generally do not intend to process sensitive personal data. If sensitive data is input into the chatbot by a user, our clients are responsible for ensuring they have the appropriate lawful basis for its collection and processing.
• Our Use of This Data (as instructed by the Data Controller):
• Service Provision: To provide and maintain the core chatbot service for our client, enabling it to respond to user queries and facilitate interactions.
• Analytics & Reporting: To perform analytics and generate aggregated, anonymized, or pseudonymized reports for our client regarding chatbot performance and user interaction trends.
• Service Improvement & AI Model Training: For continuous improvement of the chatbot's performance and the underlying AI models. For these purposes, we use anonymized or pseudonymized data that cannot be linked back to you as an individual. This processing is strictly governed by our DPA with the client.

4. Who We Share Information With

We do not sell your personal information. We may share information with:

• Service Providers (Sub-processors): We use third-party vendors to help us provide our Services. These are our sub-processors when we are acting as a Data Processor. They are contractually bound to protect your information and only use it for the purposes we specify.
• Google reCAPTCHA: We use Google reCAPTCHA on our Services, including our chatbot, to protect against spam and automated abuse. This service collects hardware and software information, such as device and application data, and sends it to Google for analysis. The use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.
• Legal Authorities: We may disclose information if required by law or in response to a valid legal request, or if we believe it's necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or the public.
• Our Clients (the Data Controllers): When we process data as a Data Processor, we provide our clients (the Data Controllers) with access to the data processed on their behalf through the chatbot service, as stipulated in our DPA with them.

5. Data Security

We have implemented robust technical and organizational security measures designed to protect the personal information we process from unauthorized access, unauthorized alteration, disclosure or destruction. These measures include encryption, access controls, security audits, and staff training. As a Data Processor, we are committed to assisting our Data Controllers in meeting their security obligations.

6. Data Retention

• When acting as a Data Controller: We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
• When acting as a Data Processor: We retain personal data strictly according to the documented instructions of the Data Controller (our client) and the specific terms outlined in our Data Processing Agreement with them.

7. Your Data Protection Rights (GDPR)

When we are the Data Controller for your personal data, you have the following rights under GDPR and similar data protection laws:

• Right to Access: You have the right to request copies of your personal data we hold.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights when we are the Data Controller, please contact us using the details in Section 10. We will respond to your request within the legally required timeframe.

When we are the Data Processor, you should direct any requests to exercise your data protection rights to the Data Controller (the client whose services you are using). We will assist our clients in responding to your requests as required by our DPA and applicable law.

8. International Data Transfers

We store data in EEA(Ireland). If we transfer information outside the EEA, we will ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses, as required by law.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes by posting the updated policy on this page and updating the "Last Update" date at the top of the policy.

10. How to Contact Us

If you have any questions about this Privacy Policy, our data processing practices, or wish to exercise your data protection rights, please contact us:

Data Protection Officer: dpo@airport.ai