Privacy Policy

Effective Date: October 22, 2025

Please also review our Terms of Service, which govern your use of the Sponge AI platform.

1. Overview

This Privacy Policy (“Policy”) explains how QDigital Individual Entrepreneur (“Company,” “we,” “our,” or “us”) collects, uses, and protects personal data of individuals and organizations (“you,” “User,” or “Customer”) when using our services available at https://sponge.chat.

This Policy is issued pursuant to Article 387 of the Civil Code of the Republic of Kazakhstan and the Law of the Republic of Kazakhstan “On Personal Data and Their Protection.”

By accessing or using the Sponge AI Service, you acknowledge and agree to the practices described herein.

2. Key Terms

Term	Description
Personal Data	Information identifying or relating to an individual, including names, contacts, messages, or calendar data.
Technical Data	Automatically gathered data such as IP address, browser type, cookies, and device identifiers.
Processing	Any action performed on personal data — such as collection, storage, usage, transmission, or deletion.
Service	The Sponge AI platform enabling automated assistants with integrations such as Google Calendar.
AI Partners	External processors (e.g., Anthropic PBC “Claude” and Google LLC “Gemini”) used to generate responses.
Company	Individual Entrepreneur QDigital, Kazakhstan, Aktau, microregion 12, building 56, office 60.
Cookies	Small text files stored on your device that remember your preferences and login sessions.
IP Address	The numerical label identifying your network connection and approximate region.

3. What This Policy Covers

This Policy governs how we collect, process, and safeguard personal data provided during registration, subscription, API connection, or any interaction with our AI tools and communication channels.

We may collect:

Full name, phone number, and e-mail address;
Message content exchanged through integrated services;
Google Calendar data (availability status, event titles, and times);
Authentication tokens for connected Google accounts;
Technical and usage data (IP address, browser, device info, logs).

4. Why We Process Your Data

We handle data strictly for legitimate business and contractual purposes, including:

Account creation, verification, and contract execution;
Operating and maintaining platform functionality;
Accessing Google Calendar to detect availability and schedule events;
Enabling AI agents to respond or act on your behalf;
Processing payments and providing customer support;
Sending important service notifications and promotional messages;
Conducting anonymized analytics to improve performance and reliability.

We never sell your personal data and only share it when required by law or to provide core functionality (e.g., through our AI processors).

5. User Rights and Controls

You have full control over your data. Specifically, you may:

Access your stored personal data and request a copy;
Correct or update inaccurate or incomplete data;
Withdraw consent for processing by contacting [email protected];
Request deletion of your data when it’s no longer needed;
Disconnect Google integrations, which immediately removes related tokens and data.

We will process such requests in accordance with the Law of the Republic of Kazakhstan and confirm completion within a reasonable timeframe.

6. Data Handling by the Company

We commit to:

Use personal data solely for the purposes stated above;
Secure all information using encryption and limited-access storage;
Prevent unauthorized sharing, sale, or public disclosure;
Observe all applicable laws and industry security practices.

Retention Periods:

Data Type	Retention Time
Message and conversation content	Up to 12 months
Anonymized logs and metrics	Up to 6 months
Google OAuth tokens	Deleted immediately upon disconnection

7. Data Transfers and Third Parties

Our processing may involve third-party providers that comply with comparable data-protection standards. Any transfer outside Kazakhstan is done in accordance with recognized international safeguards.

We are not responsible for the privacy practices of external websites or applications linked through our platform.

8. Policy Updates

We may revise this Policy periodically to reflect legal, technical, or operational changes. The updated version will always be posted at https://sponge.chat with the effective date indicated above. Continued use of the Service after such publication constitutes acceptance of the revised Policy.

9. Contact Information

Data Controller / Operator:
QDigital Individual Entrepreneur
📍 Address: Kazakhstan, Aktau, microregion 12, building 56, office 60
📧 E-mail: [email protected]
🌐 Website: https://sponge.chat

If you have any questions or concerns regarding this Policy or our data processing practices, please contact us by e-mail.