Privacy Policy

Last updated: May 21, 2026

How we collect, use, and protect your data — including the Customer Data you process through ARA and our other products.

SYSSOLUTION (“we”, “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the rights you have. By using our Services, you agree to the practices described here.

1. Information We Collect

1.1 Account Information

When you create an Account, we collect your name, work email, company name, phone number, and password. We may verify your email and phone for security and communications purposes.

1.2 Customer Data

When you use our Services, you upload or generate Customer Data — including contact lists, call recordings, chat transcripts, CRM records, invoices, knowledge base documents, and AI training data. You retain ownership; we process it solely to operate the Services.

1.3 Usage & Diagnostic Data

We collect logs of API calls, feature usage, error reports, and performance metrics to operate, monitor, and improve the Services.

1.4 Cookies & Tracking

On our marketing website, we use cookies for analytics (Google Analytics 4) and marketing (Facebook Pixel), but only after you grant consent through our cookie banner. Necessary cookies (session, authentication) operate without consent. See our cookie banner for granular control.

2. How We Use Your Information

  • To provide, maintain, and improve the Services.
  • To authenticate Accounts and prevent fraud or abuse.
  • To process payments and send invoices.
  • To send service-related communications (billing, security alerts, downtime notices).
  • To respond to support requests.
  • To generate aggregated, anonymized analytics about platform usage.
  • To send marketing communications, only if you opted in (with easy unsubscribe).

3. Sub-processors

We engage trusted sub-processors to deliver the Services. They are bound by data protection agreements.

Sub-processorPurposeRegion
AnthropicAI model inference (ARA)USA
Cloudflare R2 / AWS S3Object storage (recordings, attachments)Global
bKash / SSLCommerz / EPSPayments (BD)Bangladesh
StripeInternational paymentsUSA
Resend / PostmarkTransactional email deliveryUSA / EU
Google AnalyticsMarketing site analytics (with consent)USA
Meta (Facebook Pixel)Marketing site advertising (with consent)USA

4. AI Data Processing

ARA uses Anthropic’s Claude family of language models. Conversation data sent to the model is processed under Anthropic’s data policies. We do not permit Anthropic to train models on your data. You can configure your own AI key (BYOK) on supported tiers to keep data flows under your control.

5. Data Sharing

We do not sell your data. We share data only:

  • With sub-processors (above) to provide the Services.
  • With legal authorities when compelled by valid law (subpoenas, court orders).
  • With your explicit consent.
  • In a merger or acquisition — with successor obligated by the same protections.

6. International Data Transfers

Customer Data is primarily hosted in Bangladesh-region servers. Some sub-processors (e.g., Anthropic, Stripe, GA) operate from the USA or EU. Transfers are governed by Standard Contractual Clauses or equivalent safeguards.

7. Data Retention

  • Account data — retained for the lifetime of your Account.
  • Customer Data — retained while your Account is active. 30 days post-cancellation for export, then deleted.
  • Call recordings — retained per your plan’s recording policy (30 days for Basic, 90 days for Pro, configurable for Enterprise).
  • Invoices & tax records — retained 7 years to comply with Bangladesh tax law.
  • Backup snapshots — retained up to 90 days after primary deletion.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion (subject to retention obligations).
  • Portability — receive data in a machine-readable format.
  • Object — object to processing for marketing or analytics.
  • Withdraw consent — at any time via account settings or cookie banner.

To exercise these rights, email [email protected]. We will respond within 30 days.

9. Security

We protect your data with industry-standard practices: TLS 1.2+ in transit, AES-256 at rest, role-based access, 2FA for admin accounts, audit logging, regular backups, and security reviews. See our Security Policy for details.

10. Children’s Privacy

The Services are not directed at children under 16. We do not knowingly collect personal data from children. If we learn we have collected such data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-product notice at least 30 days before they take effect.

12. Contact

Data Protection Officer: [email protected]
Mailing address: SYSSOLUTION, Dhaka, Bangladesh