Privacy Policy

We are committed to maintaining the accuracy, confidentiality, and security of your personally identifiable information (“Personal Information”). As part of this commitment, our privacy policy governs our actions as they relate to the collection, use and disclosure of Personal Information. Our privacy policy is based upon the values set by the Canadian Standards Association’s Model Code for the Protection of Personal Information and Canada’s Personal Information Protection and Electronic Documents Act.

1. Introduction

We are responsible for maintaining and protecting the Personal Information under our control. We have designated an individual or individuals who is/are responsible for compliance with our privacy policy.

2. Identifying Purposes

We collect, use and disclose Personal Information to provide you with the product or service you have requested and to offer you additional products and services we believe you might be interested in. The purposes for which we collect Personal Information will be identified before or at the time we collect the information. In certain circumstances, the purposes for which information is collected may be clear, and consent may be implied, such as where your name, address and payment information is provided as part of the order process.

3. Consent

Knowledge and consent are required for the collection, use or disclosure of Personal Information except where required or permitted by law. Providing us with your Personal Information is always your choice. However, your decision not to provide certain information may limit our ability to provide you with our products or services. We will not require you to consent to the collection, use, or disclosure of information as a condition to the supply of a product or service, except as required to be able to supply the product or service.

4. Limiting Collection

The Personal Information collected will be limited to those details necessary for the purposes identified by us. With your consent, we may collect Personal Information from you in person, over the telephone or by corresponding with you via mail, facsimile, or the Internet.

5. Limiting Use, Disclosure and Retention

Personal Information may only be used or disclosed for the purpose for which it was collected unless you have otherwise consented, or when it is required or permitted by law. Personal Information will only be retained for the period of time required to fulfil the purpose for which we collected it or as may be required by law. We use this information to provide features to our service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and/or a Service Provider’s server or it may be simply stored on Your device. We are saving employees’ current locations to track employees are available for work or not and check employee work progress.

6. Accuracy

Personal Information will be maintained in as accurate, complete and up-to-date form as is necessary to fulfill the purposes for which it is to be used.

7. Safeguarding Customer Information

Personal Information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your Personal Information from any loss or unauthorized use, access or disclosure.

8. Openness

We will make information available to you about our policies and practices with respect to the management of your Personal Information.

9. Customer Access

Upon request, you will be informed of the existence, use and disclosure of your Personal Information, and will be given access to it. You may verify the accuracy and completeness of your Personal Information and may request that it be amended, if appropriate. However, in certain circumstances permitted by law, we will not disclose certain information to you. For example, we may not disclose information relating to you if other individuals are referenced or if there are legal, security or commercial proprietary restrictions.

10. Information regarding your location

We use this information to provide features to our service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and/or a Service Provider’s server or it may be simply stored on Your device. We are saving employees’ current locations to track employees are available for work or not and check employee work progress.

11. Limited Use requirements

We use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The Limited Use requirements have four elements: 1.Allowed Use: Developers are only allowed to use restricted scope data to provide or improve user-facing features that are prominent from the requesting app’s user interface. It should be clear to your users why and how you use the restricted scope data they’ve chosen to share with you. 2.Allowed Transfer: Developers are only allowed to transfer restricted scope data to others if that transfer is (a) necessary to provide or improve user-facing features that are prominent from the requesting app’s user interface, (b) to comply with applicable laws, or (c) a part of a merger, acquisition. 3.Prohibited Advertising: Developers are never allowed to use or transfer restricted scope data to serve users advertisements. 4. Prohibited Human Interaction: Developers cannot allow humans to read restricted scope user data. For example, a developer with access to a user’s data is not allowed to have one of its employees read through a user’s emails. There are four limited exceptions to this rule: (a) the developer obtains a user’s consent to read specific messages (for example, for tech support), (b) it’s necessary for security purposes (for example, investigating abuse), (c) to comply with applicable laws, and (d) the developer aggregates and anonymizes the data and only uses it for internal operations (for example, reporting aggregate statistics in an internal dashboard).

12. Stores or shares Google user data

We use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Store all user data in a safe server and we do not share user data with any third-party user.

13.Third-Party External Services (Yaraa AI WordPress Plugin)

The Yaraa AI Sales Agent WordPress plugin relies on the following third-party and external services to function. By using our plugin, you acknowledge and consent to the transmission of data to these services as described below.

13.1 Yaraa AI Backend Service

Service Provider: Yaraa AI (https://yaraai.com)
Service API URL: https://aiservice.yaraamanager.com
What it is: This is the core AI service that powers chatbot conversations, lead capture, AI agent training, conversation storage, visitor analytics, and reporting. AI processing and conversation management are performed on external servers and cannot be done locally by the plugin.

Data transmitted and when it is sent:

– During admin setup: Administrator email address, name, and website URL are sent for account creation and authentication.
– During AI agent training: URLs of website pages selected by the administrator are sent when the admin initiates AI training.
– During visitor chat interactions: Visitor chat messages, name, email, and phone number (only if voluntarily provided by the visitor), IP address, browser type, operating system, and approximate geographic location (country, region, city) are sent in real-time during each chat message exchange.
– During widget loading: The frontend chat widget fetches AI agent configuration and avatar settings from the service each time a page with the widget is loaded.
– During voice interactions: Voice audio data is sent when a visitor uses voice chat features.
– During reporting and analytics: Domain ID and date range filters are sent when administrators view reports and analytics.
– During settings updates: Chatbot configuration, lead form settings, widget appearance settings, and domain configuration are sent when administrators update settings.

No data is transmitted until the administrator accepts the consent page and configures the plugin.

13.2 Yaraa Authentication Service (Keycloak)

Service Provider: Yaraa AI (https://yaraai.com)
Service URL: https://auth.yaraamanager.com
Purpose: This is a Keycloak-based authentication service used for secure user login, session management, and account creation. This service is required for administrators to log in to and manage their Yaraa AI account within the plugin.

Data transmitted and when it is sent:
– Login credentials (email and password) are sent when the site owner logs in or signs up via POST to the Keycloak token endpoint at auth.yaraamanager.com.
– Refresh tokens are sent when the session token needs to be refreshed via POST to the Keycloak token endpoint at auth.yaraamanager.com.
– Access tokens are sent when the plugin retrieves the authenticated user profile via GET to the Keycloak userinfo endpoint at auth.yaraamanager.com.
– A browser redirect occurs when the user clicks “Forgot Password” (redirect to the Keycloak password reset page at auth.yaraamanager.com).
– All authentication endpoints are hosted under auth.yaraamanager.com.

OpenID Connect scopes requested and their purpose:
– openid: Required base scope for OpenID Connect authentication; returns a unique user identifier (sub claim).
– profile: Read access to basic user profile information (name, preferred username).
– email: Read access to the user’s email address and email verification status.

13.3 GoHighLevel (GHL) CRM Integration (Optional)

This integration is entirely optional and is only activated if the site administrator manually connects their GoHighLevel account from the Integrations settings page within the plugin. This integration uses two external domains, both owned and operated by HighLevel Inc.

13.3.1 GoHighLevel Marketplace (marketplace.gohighlevel.com)

Service Provider: HighLevel Inc. (https://www.gohighlevel.com)
Service URL: https://marketplace.gohighlevel.com
What it is: GoHighLevel Marketplace is the OAuth 2.0 authorization portal where the site owner authorizes the connection between Yaraa AI and their GoHighLevel account.

Data transmitted and when it is sent:
– OAuth client ID, redirect URI, requested scopes, and a CSRF state parameter are sent only when the site owner clicks “Connect” on the Integrations page — the browser is redirected to this URL for authorization.

Terms of Service: https://www.gohighlevel.com/terms-of-service
Privacy Policy: https://www.gohighlevel.com/privacy-policy

13.3.2 LeadConnector API (services.leadconnectorhq.com)

Service Provider: HighLevel Inc. / LeadConnector LLC (https://www.gohighlevel.com) — LeadConnector is a subsidiary of HighLevel Inc. and services.leadconnectorhq.com is their API domain for OAuth token exchange.
Service URL: https://services.leadconnectorhq.com
What it is: LeadConnector API is the OAuth 2.0 token exchange endpoint used to convert the authorization code into an access token after the site owner authorizes via GoHighLevel Marketplace.

Data transmitted and when it is sent:
– OAuth client credentials (client ID and secret), authorization code, grant type, and redirect URI are sent via a single server-side POST request immediately after the site owner completes OAuth authorization at marketplace.gohighlevel.com.
– After connection is established: Lead and conversation data may be synced to GoHighLevel for CRM and marketing automation purposes.

Terms of Service: https://www.gohighlevel.com/terms-of-service
Privacy Policy: https://www.gohighlevel.com/privacy-policy

OAuth scopes requested and their purpose:
– contacts.readonly: Read access to contacts in GoHighLevel to check for existing leads.
– contacts.write: Write access to create or update contacts in GoHighLevel when new leads are captured.
– locations.readonly: Read access to GoHighLevel location/account information to identify the connected account.
– conversations.write: Write access to create new conversations in GoHighLevel for synced leads.
– conversations/message.write: Write access to send messages within GoHighLevel conversations.

13.4 Data Transmission Security

All data transmitted to the above services is sent over HTTPS (encrypted in transit). No data is transmitted to any external service until the site administrator explicitly reviews and accepts the terms, privacy policy, and data transmission consent within the plugin. The frontend chat widget does not load until the administrator has completed setup and deployment. Visitor data is only collected when visitors actively interact with the chatbot widget.

14. Handling Customer Complaints and Suggestions

You may direct any questions or enquiries with respect to our privacy policy or our practices by contacting: A 206, Shapath Hexa, Opp. Sola High Court, S G Road, Ahmedabad India E-mail: yaraa.bizsuite@gmail.com