Skip to content
Dendrites AI
Start free

LEGAL

Privacy Policy.

What we collect, why we collect it, who we share it with, and how to exercise your rights.

Last updated: 17 May 2026

This Privacy Policy explains how Dendrites Technologies Co. ("we", "us") collects, uses, and shares personal data in connection with the services described in our Terms of Service, including AxiomAI and FaceActions.

1. Scope

This Policy applies to dendritesai.com, app.dendritesai.com, axiombot.dendritesai.com, faceactions.dendritesai.com, docs.dendritesai.com, and any other domain we operate under the Dendrites AI brand. It also applies to AxiomAI widgets embedded on customer websites with respect to the data we process on behalf of those customers.

2. Data we collect

  • Account data: name, email, company, billing address, payment method tokens (via Stripe).
  • Customer Content: credentials, records, transcripts, recordings, documents, and other content you provide.
  • End-user data: messages, voice clips, names, emails from visitors interacting with your AxiomAI bots; faces and metadata from videos analyzed by FaceActions (with subject-consent attestation).
  • Technical data: IP address, browser, device identifiers, timestamps, cookies and similar technologies (see our Cookie Policy).

3. Why we collect it

  • To provide and operate the Services
  • To process payments (via Stripe)
  • To communicate with you about your account, the Services, and security
  • To prevent abuse and respond to incidents
  • To comply with legal obligations

4. Controller / processor distinction

For end-user data collected via your AxiomAI bots, you are the data controller and we are the processor. For account data of customers who interact directly with us, we are the controller.

5. Legal basis (GDPR)

We rely on: (a) contract performance for account data and Service delivery; (b) legitimate interests for product analytics, security, and abuse prevention; (c) consent for non-essential cookies and marketing emails; (d) legal obligation for tax and accounting records.

6. Sharing and sub-processors

We share data with the sub-processors listed at /security#subprocessors, which include OpenAI, Anthropic, Google, Groq, AWS, Cloudflare, Stripe, Twilio, Microsoft, and HubSpot. We do not sell your personal data.

7. Your rights

Under GDPR, UK GDPR, CCPA / CPRA, and similar applicable data protection laws, you may have rights including access, correction, deletion, portability, restriction, and objection. We respond to requests within 30 days. Contact privacy@dendritesai.com.

8. Retention

  • Account data: life of account + 7 years for tax / audit
  • Customer Content: deleted on request or within 30 days after account closure
  • Server logs: 90 days
  • Backups: rolling 30 days

9. International transfers

For data from the EEA / UK, we rely on Standard Contractual Clauses and other appropriate safeguards when data is transferred to the US or other third countries.

10. Special categories and biometrics (FaceActions)

FaceActions processes facial geometry and inferred emotion data, which may constitute special-category personal data under GDPR Art. 9. We require explicit subject-consent attestation at upload, and our Acceptable Use Policy prohibits use in workplace surveillance, hiring, educational assessment, and law-enforcement contexts.

11. Children

We do not knowingly collect personal data from children under 13 (or under 16 in the EEA). For educational deployments involving minors, customers must comply with FERPA, COPPA, or applicable local law.

12. Contact

Privacy queries: privacy@dendritesai.com
Mailing address: Dendrites Technologies Co., Dallas, Texas, USA