Policy | StreamAssist

Privacy Policy

Effective Date: March 14, 2026 | Last Updated: March 14, 2026

1. Introduction

Global BI LLC (“StreamAssist,” “Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through this Privacy Policy. This Privacy Policy explains how we collect, use, store, share, and protect information when you visit our website or use the StreamAssist platform.

By accessing or using StreamAssist, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Account and Business Information

We may collect personal information that you voluntarily provide when creating an account or contacting us, including:

Name
Email address
Phone number
Business name and website URL
Billing and payment information (processed by our payment provider; we do not store full card numbers)

2.2 Customer Inquiry Information (Collected on Behalf of Client Businesses)

When StreamAssist is installed on a client's website, website visitors may submit information through conversations with the StreamAssist system. This information is collected on behalf of the client business and may include:

Name
Email address
Phone number
Inquiry details or messages submitted during the conversation

StreamAssist acts as a data processor for this information; the client business is the data controller and is responsible for ensuring lawful collection and appropriate privacy notice to website visitors.

2.3 Usage Data

We may automatically collect certain technical information about how users interact with our website, dashboard, or the StreamAssist widget installed on client websites. This may include:

IP address
Browser type and version
Device type and operating system
Pages or features visited within the StreamAssist dashboard
Timestamps of interactions
Referring URLs

This usage data is collected from both client businesses using the StreamAssist dashboard and from website visitors interacting with StreamAssist widgets embedded on client websites.

3. Legal Basis for Processing (GDPR)

Where the EU General Data Protection Regulation (GDPR) applies, we process personal data on the following legal bases:

Contract performance: to provide the StreamAssist Service to client businesses who have agreed to our Terms of Service.
Legitimate interests: to improve our Service, maintain security, and prevent fraud, where such interests are not overridden by your rights.
Legal obligation: to comply with applicable laws and regulations.
Consent: where we have obtained your explicit consent for specific processing activities.

Client businesses processing personal data of EU residents through StreamAssist should refer to the Data Processing Agreement for their respective obligations.

4. How We Use Information

StreamAssist may use collected information to:

provide, operate, and maintain the StreamAssist platform;
transmit customer inquiries to client businesses;
notify businesses when new leads are captured;
process billing and manage accounts;
improve product performance and reliability;
analyze aggregated, de-identified usage patterns to enhance the Service;
maintain system security and prevent misuse;
comply with legal obligations;
communicate with you about updates, features, and support.

We do not use personally identifiable Customer Data (collected on behalf of client businesses) for our own marketing purposes.

5. Information Sharing

StreamAssist does not sell personal information. Information may be shared only in the following circumstances:

5.1 With Client Businesses

Information submitted through StreamAssist conversations is shared with the business that installed StreamAssist on its website. This is the primary purpose of the Service.

5.2 With Service Providers and Subprocessors

We engage trusted third-party technology providers — including hosting, infrastructure, analytics, payment processing, and AI model providers — to help operate the StreamAssist platform. These providers are permitted to process personal data only as necessary to perform services for us and are contractually required to maintain appropriate security safeguards. A current list of our principal subprocessors is available upon request.

5.3 Legal Compliance and Protection

We may disclose information if required to do so by law, regulation, or legal process, or if we believe disclosure is necessary to protect the rights, safety, or security of StreamAssist, its users, or others.

5.4 Business Transfers

If StreamAssist is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

StreamAssist uses cookies and similar technologies on our website and within the StreamAssist widget. We use the following categories of cookies:

Strictly Necessary Cookies: required for the Service to function and cannot be disabled.
Analytics Cookies: help us understand how users interact with the Service (e.g., pages visited, session duration). These may use third-party analytics services such as Google Analytics.
Functional Cookies: enable enhanced functionality and personalization.

Where required by applicable law (including GDPR and the ePrivacy Directive), we will obtain your consent before placing non-essential cookies. You may manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

If you are a website visitor interacting with a StreamAssist widget embedded on a third-party website, please refer to that website's own cookie and privacy policy, as cookie consent is the responsibility of the client business.

7. Data Subject Rights

Depending on your location, you may have the following rights with respect to your personal information:

Right to Access: request a copy of the personal information we hold about you.
Right to Correction: request correction of inaccurate or incomplete information.
Right to Deletion: request deletion of your personal information, subject to certain legal exceptions.
Right to Portability: request a structured, machine-readable copy of your data where technically feasible.
Right to Object: object to certain types of processing, including processing based on legitimate interests.
Right to Restrict Processing: request that we limit processing of your data in certain circumstances.
Right to Withdraw Consent: where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact us at contact@stream-assist.com. We will respond within thirty (30) days. Please note that some requests may be subject to verification of identity. If you are a website visitor who submitted information through a StreamAssist widget on a third-party website, please direct your request to the client business that operates that website, as they are the data controller for that information.

8. California Residents — CCPA/CPRA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: the categories and specific pieces of personal information we collect, use, disclose, and sell.
Right to Delete: request deletion of personal information we have collected, subject to certain exceptions.
Right to Correct: request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: StreamAssist does not sell or share personal information for cross-context behavioral advertising purposes.
Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at contact@stream-assist.com. We will verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf.

9. International Data Transfers

StreamAssist is based in the United States. If you are located outside the United States, please be aware that information you provide may be transferred to, stored, and processed in the United States or other countries where our service providers operate. Where such transfers involve personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure adequate protection of your data.

10. Data Security

We implement reasonable technical and organizational measures designed to protect personal information from unauthorized access, misuse, alteration, or disclosure. These measures include encryption of data in transit, access controls, and regular security assessments. However, no system can guarantee absolute security, and we cannot warrant that information will never be accessed, disclosed, altered, or destroyed by a breach of any of our safeguards.

11. Data Retention

We retain different categories of information for different periods:

Account information: retained for the duration of the account and for up to three (3) years after account closure, unless a longer period is required by law.
Customer inquiry data (collected on behalf of client businesses): retained for up to twelve (12) months from collection, unless the client business exports or deletes the data earlier, or requests earlier deletion.
Usage and technical data: retained for up to twenty-four (24) months.
Billing records: retained for seven (7) years as required for tax and accounting compliance.

Client businesses may export or delete captured customer inquiry data within their account settings at any time.

12. Children's Privacy

StreamAssist is not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child has provided personal information through our Service, please contact us at contact@stream-assist.com.

13. Third-Party Services and Links

StreamAssist may integrate with third-party services such as email platforms, analytics tools, and customer relationship management (CRM) software. These services operate under their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third parties.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. For material changes, we will provide at least thirty (30) days' prior notice via email or a prominent notice within the Service. The revised policy will be posted on this page with an updated effective date. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Global BI LLC
Email: contact@stream-assist.com
Website: https://www.stream-assist.com

Data Processing Policy

Effective Date: March 14, 2026 | Last Updated: March 14, 2026

This Data Processing Policy (“Agreement” or “DPA”) forms part of the StreamAssist Terms of Service between Global BI LLC (“Processor”) and the client business using the StreamAssist service (“Controller”). This Agreement governs the processing of personal data by StreamAssist on behalf of the Controller and supplements the Terms of Service.

By creating an account or clicking to accept the Terms of Service, the Controller agrees to the terms of this DPA. This DPA is incorporated into and made part of the Terms of Service by reference.

1. Definitions

For the purposes of this Agreement:

“Personal Data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws.
“Processing” means any operation or set of operations performed on Personal Data.
“Controller” means the client business that determines the purposes and means of processing Personal Data collected through its website using the StreamAssist service.
“Processor” means Global BI LLC, which processes Personal Data on behalf of the Controller to provide the StreamAssist service.
“Subprocessor” means any third party engaged by the Processor to process Personal Data on behalf of the Controller.
“Data Subject” means the individual to whom Personal Data relates (e.g., a website visitor).
“Applicable Data Protection Law” means any applicable data protection or privacy law, including but not limited to the GDPR, CCPA/CPRA, and applicable U.S. state privacy laws.

2. Roles and Responsibilities

The parties acknowledge that:

the Controller is solely responsible for the lawfulness of collecting Personal Data from website visitors through the StreamAssist widget;
the Processor will process Personal Data solely on documented instructions from the Controller, as set out in this Agreement and the Terms of Service;
each party will comply with its respective obligations under Applicable Data Protection Law.

3. Scope and Nature of Processing

3.1 Purpose

The Processor processes Personal Data solely to provide the StreamAssist AI reception service to the Controller, including:

receiving and storing visitor inquiries submitted through the StreamAssist widget;
transmitting visitor information and inquiry details to the Controller;
temporarily storing conversation data to support service delivery;
generating notifications to the Controller when new leads are captured.

3.2 Categories of Data Subjects

Website visitors interacting with StreamAssist widgets embedded on the Controller's website.

3.3 Categories of Personal Data

Personal Data processed may include: name, email address, phone number, and free-text inquiry messages submitted by website visitors. The Processor does not intentionally process sensitive categories of personal data (as defined under GDPR Article 9), and the Controller must not configure StreamAssist to collect such data.

4. Controller Responsibilities

The Controller is responsible for:

collecting Personal Data from website visitors on a lawful legal basis (e.g., consent, legitimate interests, contractual necessity);
providing website visitors with a clear and compliant privacy notice disclosing the use of StreamAssist and the processing of their data;
disclosing to website visitors that they are interacting with an automated AI system;
obtaining any required consents from website visitors, including for cookie usage where required;
ensuring that its instructions to the Processor comply with Applicable Data Protection Law;
not configuring StreamAssist to collect sensitive categories of Personal Data.

5. Processor Obligations

The Processor agrees to:

process Personal Data only to provide the Service and only in accordance with the Controller's documented instructions as set out in this Agreement;
immediately notify the Controller if, in the Processor's opinion, an instruction infringes Applicable Data Protection Law;
implement and maintain the technical and organizational security measures described in Section 8;
ensure that personnel authorized to process Personal Data are subject to appropriate confidentiality obligations;
assist the Controller in responding to Data Subject rights requests as described in Section 9;
not engage Subprocessors without meeting the requirements of Section 7;
make available to the Controller information reasonably necessary to demonstrate compliance with this Agreement.

6. Prohibition on Use for AI Training

The Processor will not use personally identifiable Personal Data submitted through the Controller's StreamAssist widget for the purpose of training, fine-tuning, or improving AI or machine learning models without the Controller's prior written consent. Aggregated, de-identified data that cannot reasonably be used to identify any individual may be used for service improvement purposes.

7. Subprocessors

7.1 Authorization

The Controller provides general authorization for the Processor to engage Subprocessors to assist in delivering the Service, subject to the requirements of this Section.

7.2 Subprocessor Requirements

The Processor will:

enter into written agreements with each Subprocessor imposing data protection obligations equivalent to those in this Agreement;
remain liable to the Controller for the acts and omissions of its Subprocessors to the same extent as if the Processor performed the services directly.

7.3 Subprocessor List

The Processor will maintain and make available upon request a current list of Subprocessors, including their names, locations, and the nature of processing they perform. The Processor will provide thirty (30) days' advance written notice to the Controller before adding or replacing any Subprocessor that processes Personal Data. If the Controller objects to a new Subprocessor, the parties will work in good faith to resolve the objection; if no resolution is possible, the Controller may terminate the Service without penalty.

8. Data Security

The Processor will implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

encryption of Personal Data in transit using industry-standard protocols (e.g., TLS);
access controls limiting personnel access to Personal Data on a need-to-know basis;
regular security assessments and vulnerability management;
documented incident response procedures.

The Processor does not guarantee absolute security and acknowledges that no system is impenetrable. The Controller is responsible for ensuring secure access to and storage of Personal Data within the Controller's own systems.

9. Data Subject Rights

The Processor will assist the Controller in fulfilling its obligations to respond to Data Subject rights requests under Applicable Data Protection Law. Upon receipt of a Data Subject rights request directed to the Processor, the Processor will promptly — and in any event within five (5) business days — forward the request to the Controller. The Processor will provide reasonable technical and administrative assistance to enable the Controller to respond to such requests within applicable legal deadlines (generally thirty (30) days under GDPR and forty-five (45) days under CCPA).

10. Data Breach Notification

In the event of a confirmed security breach affecting Personal Data processed by the Processor on behalf of the Controller (a “Data Breach”), the Processor will:

notify the Controller without undue delay and in any event within seventy-two (72) hours of becoming aware of the confirmed Data Breach;
provide, to the extent then known: (a) a description of the nature of the breach; (b) the categories and approximate number of Data Subjects and Personal Data records affected; (c) the likely consequences of the breach; and (d) measures taken or proposed to address the breach and mitigate its effects.

The Controller is responsible for determining its own notification obligations to supervisory authorities and affected Data Subjects under Applicable Data Protection Law. The Processor's notification does not constitute an admission of fault or liability.

11. Data Retention and Deletion

11.1 Retention During Service

The Processor will retain Personal Data only for as long as necessary to provide the Service, as described in the Privacy Policy.

11.2 Deletion Upon Termination

Upon termination or expiration of the Service agreement, the Processor will, at the Controller's election: (a) securely delete all Personal Data processed on behalf of the Controller within sixty (60) days of the termination date; or (b) return all Personal Data to the Controller in a commonly used, machine-readable format, after which the Processor will securely delete its copies. The Processor may retain Personal Data to the extent required by Applicable Data Protection Law, provided that such retained data is kept confidential and not processed for any other purpose.

11.3 Self-Service Export

Client businesses may export captured Customer Data from their StreamAssist account dashboard at any time during the term of the Service.

12. Audit Rights

The Controller may, upon reasonable advance written notice of at least thirty (30) days, request written information and documentation to verify the Processor's compliance with this Agreement (an “Audit Request”). The Processor will respond to Audit Requests within a reasonable timeframe and will provide documentation such as security certifications, audit reports, or summaries of relevant policies.

In-person audits at the Processor's facilities may be conducted by the Controller or an independent third-party auditor not more than once per calendar year, at the Controller's expense, subject to reasonable confidentiality obligations. The parties will coordinate to minimize disruption to the Processor's operations.

13. International Data Transfers

If the Processor transfers Personal Data originating from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, such transfers will be made pursuant to appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission. The Processor will provide the Controller with access to applicable SCCs or other transfer mechanisms upon request.

14. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania, United States, without regard to its conflict of law provisions, except where mandatory provisions of Applicable Data Protection Law (including GDPR) require otherwise.

15. Order of Precedence

In the event of a conflict between this DPA and the Terms of Service, this DPA shall take precedence with respect to matters relating to the processing of Personal Data. In all other matters, the Terms of Service shall control.

16. Contact

Global BI LLC
Email: contact@stream-assist.com
Website: https://www.stream-assist.com

AI Transparency Policy

Effective Date: March 14, 2026 | Last Updated: March 14, 2026

1. Introduction

Global BI LLC (“StreamAssist,” “we,” “our,” or “us”) is committed to transparency regarding the use of artificial intelligence within our platform. This AI Transparency Policy explains how StreamAssist uses AI technologies, the role those systems play in customer interactions, and the safeguards we implement to promote responsible use.

This Policy applies to all client businesses using StreamAssist and to website visitors who interact with the StreamAssist system on a client's website.

2. How StreamAssist Uses AI

StreamAssist provides an automated digital reception system designed to assist businesses in responding to website visitors. The platform uses artificial intelligence, including large language model (LLM) technology, to:

respond to visitor questions and guide conversations;
collect contact information from interested website visitors;
route inquiries to the appropriate business contact;
provide general information about a business's services based on configurations set by the client.

StreamAssist may use AI services provided by third-party technology providers, including but not limited to large language model providers. These providers process conversation data solely to generate responses and are subject to appropriate data processing agreements.

3. AI Is an Automated System

StreamAssist uses automated systems to generate responses. These systems are not human and do not possess human judgment, professional expertise, or real-time knowledge beyond what the client has configured.

AI-generated responses may occasionally be incomplete, inaccurate, or factually incorrect due to inherent limitations of automated technologies. In particular, AI systems can sometimes produce plausible-sounding but incorrect information — a phenomenon commonly referred to as “hallucination.” Client businesses should not rely solely on StreamAssist for critical customer communications and should review AI responses regularly.

Businesses using StreamAssist are responsible for reviewing and configuring the system appropriately for their specific services and policies.

4. Mandatory Disclosure to Website Visitors

StreamAssist believes businesses and website visitors should clearly understand when they are interacting with an automated AI system rather than a human representative. Transparency with website visitors is both an ethical obligation and, in many jurisdictions, a legal requirement.

Client businesses are required — as a condition of using the StreamAssist service — to:

clearly disclose to website visitors that they are interacting with an automated AI system before or at the start of any conversation;
not represent or imply that StreamAssist is a human representative;
include a visible disclosure notice on any webpage or interface where StreamAssist is active.

Failure to comply with this requirement constitutes a violation of StreamAssist's Acceptable Use Policy and may result in suspension or termination of service. This requirement is independent of and in addition to any applicable legal obligations, such as California's Bolstering Online Transparency (BOT) Disclosure Act or similar laws.

5. Human Oversight

StreamAssist is designed to assist businesses, not replace them. Client businesses retain full control over their customer relationships and communications. Businesses may:

review all captured inquiries and conversation summaries;
follow up directly with website visitors;
adjust the information and responses the system provides;
disable or configure the system at any time through account settings.

6. AI Limitations and Scope

StreamAssist is a general-purpose reception and lead capture tool. The system is not designed or authorized to:

provide legal advice or legal interpretations;
provide medical advice, diagnoses, or treatment recommendations;
make financial decisions, recommendations, or investment advice;
replace the professional judgment of licensed practitioners;
process sensitive personal data categories such as health, financial, or government-issued identification information.

Client businesses must ensure StreamAssist is not configured or used in a manner that solicits or processes such sensitive data from website visitors.

7. Data Usage for AI Improvement

StreamAssist may use aggregated, de-identified interaction data to improve the performance, accuracy, and reliability of its AI systems. We will not use personally identifiable conversation data submitted by website visitors for AI model training without the explicit consent of the relevant client business, as governed by the applicable Data Processing Agreement.

8. Continuous Improvement

We regularly evaluate StreamAssist's AI systems for accuracy, fairness, and potential for harm. Updates may include improvements to underlying AI models, response quality, safety filters, user interface changes, and additional features designed to improve customer communication.

Significant changes to how AI is used within the platform will be communicated to client businesses in advance.

9. Reporting AI Errors

If a website visitor receives a response from StreamAssist that appears harmful, incorrect, or inappropriate, they may report it to the client business directly. Client businesses are encouraged to report systematic AI errors or concerns to:

Email: contact@stream-assist.com

StreamAssist will investigate reported issues and take corrective action where appropriate.

10. Contact

If you have questions about this policy or how StreamAssist uses artificial intelligence, please contact:

Global BI LLC
Email: contact@stream-assist.com
Website: https://www.stream-assist.com