1. Introduction

Proactifi, Inc. (together with its subsidiaries, divisions, and brands, collectively, the “Company,” “us,” “we,” or “our,” as the context may require) operates and provides the websites located at www.realtalk.tech, www.bellagent.ai, and all other websites that link to this Privacy Policy (collectively, the “Websites”) and services provided through the Websites or otherwise provided by the Company [and their product suite]1, including subscription-based technology products, consulting services, and specialty add-on services that you may request (referred to collectively as the “Services”)

This Privacy Policy (this “Policy”) describes our privacy practices for the Services, including the types of information we may collect from you when you visit, access, or otherwise use the Services, and our practices for collecting, using, maintaining, protecting, and disclosing that information. We respect the privacy of the visitors and users of the Services (“you” or “your,” as the context may require) and we are committed to protecting your privacy and the security of your personal information through compliance with this Policy.

Please read this Policy carefully to understand our practices regarding your personal information. By accessing or using the Services, you agree to this Policy and any other applicable terms and conditions posted on the Services. If you do not agree with our policies and practices, please do not visit, access, use, or otherwise interact with the Services.

This Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Policy periodically for updates.

2. The Interactions this Policy Covers

This Policy describes and applies exclusively to personal information (as defined below) that we collect on or in connection with the Services and in texts, emails, and other electronic communications sent through or in connection with the Services, including when you interact with our advertising or applications on third-party websites and services, if those applications or advertising include links to this Policy. Except as otherwise provided in this Policy or as required by applicable law, this Policy does not apply to information that is collected by us offline or through any other means, or by any app, website, or third party other than the Services, including through any application or content that may access, be linked to, or otherwise be accessible through the Services. If you visit any other app, website, or third party that we mention or link to, be sure to review its privacy policy before providing it with any information, as that privacy policy will apply to your interactions with that app, website, or third party.

This Policy does not apply to personal information that we process on behalf of our clients. When we act as a service provider for our clients, our clients determine and control what personal information we collect on their behalf and the purposes for which we process that personal information. Accordingly, please review the relevant clients’ privacy policies to review the personal information we collect and process on their behalf.

Except as otherwise provided in this Policy, “personal information” is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you. “Personal information” does not include information which is generally not considered “personal information” under applicable law or is otherwise exempted under applicable law, such as information which is publicly available or subject to special data privacy laws and/or regulations, or information not otherwise considered “personal information” under applicable law.

3. Information We Collect²

We collect several types of information from and about you as a result of your use of the Services and as a result of your communication with us. This information may include:

• Various categories of personal information, such as:
  o Identifiers, including your name, email address, address, phone number, job title, login credentials (such as username and password), and other similar identifiers;
  o Financial information, such as your credit card and debit card information; o Commercial information regarding records of your transactions with us, such as your purchasing history;
  o Internet or other electronic network activity information, such as information about your internet connection and the equipment you use to access the Services, IP address and other unique device identifiers, your activity on the Services, and other usage details collected through your use of the Services;
  o Geolocation; and
  o Inferences drawn from any of the above.
• Information that is about you but individually does not identify you, such as information which has been de-identified or aggregated in a manner where it can no longer be used to identify you.
• Any other information, including personal information, which you disclose or share.

4. How We Collect Personal Information

We may collect personal information directly from you when you provide it to us; automatically when you use or access the Services, such as through cookies, web beacons, and other tracking technologies; or from third parties, such as our service providers.

Google OAuth (Google User Data)

If you choose to sign in or connect your account using Google, we use Google OAuth to authenticate you. When you authorize Google OAuth, we may receive limited Google user data such as your email address and basic profile information (for example, your name and profile image), depending on the permissions (scopes) you grant.

We use this Google user data only to:

• Create or authenticate your Bellagent account.
• Maintain account access and security (for example, preventing fraud and unauthorized access).
• Communicate with you about your account or support requests.

We do not sell Google user data. We do not use Google user data for targeted advertising. We do not request access to sensitive or restricted Google scopes unless explicitly needed for a feature and disclosed to you at the time of authorization.

You can revoke our access at any time from your Google Account settings (Security → Third-party access), and you may also contact us at support@bellagent.ai for assistance.

Google Workspace / Gmail Integration (Email Channel)

Bellagent AI offers an optional Gmail-based Email Channel that allows customers to connect a designated support mailbox to enable email-based conversations with their configured AI Agents. This integration is enabled only at the customer’s direction and consent.

Email data accessed. When this integration is enabled, we may access and process limited Gmail message data from the connected mailbox, including the sender address, message body, and related thread context. We do not modify, delete, label, move, or mark emails as read in the user’s mailbox.

Automated processing and AI usage. Email content retrieved through the Email Channel may be processed automatically in the background by customer-configured AI Agents to generate suggested or automated responses and to maintain conversation context. This processing occurs as part of the Services and is not used for advertising purposes.

Third-party processing. To generate AI-assisted responses, email content may be transmitted to third-party AI service providers (for example, large language model providers such as OpenAI) acting as subprocessors on our behalf. Such providers process the data solely to return responses requested by the Services and are not permitted to use the data for their own purposes.

Storage, retention, and audit. Email conversation data processed through the Email Channel may be stored within the Services for customer visibility, troubleshooting, debugging, and audit purposes. We retain this data in accordance with our retention policies and applicable legal obligations and delete or anonymize it upon a valid deletion request or after the applicable retention period.

User controls. Customers may revoke Gmail access at any time through their Google Account security settings. Until in-product disconnection controls are available, customers may also request disconnection and deletion of stored email data by contactingsupport@bellagent.ai.

Information We Collect Directly

The personal information we collect directly from you when you use or access the Services includes information that you provide by filling in forms, creating an account, searching for products or making a purchase, submitting or posting content on the Services (including product reviews and other user-generated content), responding to a survey, signing up for marketing communications, requesting customer support, or otherwise communicating with us. 

Information We Collect Automatically

As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Usage details. When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, approximate location data, logs, and other communication data and the resources that you access and use on or through the Services.
• Device information. We may collect information about your computer or mobile device and internet connection, including the device’s unique device identifier, IP address, and other information such as operating system and browser type.3 

The information we collect automatically may include personal information. This information helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to estimate our audience size and usage patterns, store information about your preferences, and recognize you when you return to the Services.

The technologies we use for automatic information collection on the Services may include cookies. A cookie is a small file containing a string of characters that is sent to your browser when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store unique identifiers, user preferences, and other information, such as what pages you visit, your IP address, or how you arrived on the website. Cookie information allows us to enable certain functions of the Services, to store your preferences and settings, and to analyze your use of the Services and improve your experience on the Services. Ultimately, a cookie allows us or a third party to recognize you and make the Services more useful to you. Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your browser. You can refuse to accept cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of the Services, and overall functionality of the Services may be impaired. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you direct your browser to our Services.

Pages of our Services and our emails may also contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We may also utilize third-party cookies and other third-party tracking technologies from third-party analytics providers to help us market, troubleshoot, and provide information about our products and services.45

From Third Parties

We may also receive personal information or draw inferences about you from other sources, including, without limitation, service providers who collect or process information on our behalf, social media sites and similar third-party services, or publicly available sources. 

5. How We Use Your Personal Information⁶

We use the information that we collect about you or that you provide to us, including any personal information, to:

• Provide you with the Services, related content, and any other information, products, or services that you request from us.
• Communicate with you, process your requests, and complete transactions, such as delivering the products and services that you request or purchase.
• Provide customer and account services, such as notices regarding products and services.
• Market our products and services to you and notify you about changes to the Services or any products or services we offer or provide though it.
• Monitor and analyze trends, usage, and activities in connection with our products and services, including for testing, research, analysis, and product development, and to understand our audience, develop and improve the Services, as well as our customer service, products, and services.
• Detect, investigate, and help prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and help maintain the safety, security, and integrity of the Services, as well as our products, services, databases, and other technology assets.
• Comply with our legal and financial obligations, including to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, such as for billing and collection.
• Respond to law enforcement requests and, as required by applicable law, court order or governmental regulations.
• Evaluate, negotiate, or conduct a merger, divestiture, restructuring, reorganization, dissolution, other sale or transfer of some or all of our assets, or the negotiation thereof, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users and customers is among the assets transferred.
• Fulfill any other purpose for which you provide it, or for any other purpose with your consent.

6. Disclosure of Your Information ⁷

We may disclose personal information that we collect or that you provide as described in this Policy to:

• Our subsidiaries and affiliates.
• Our service providers, contractors, consultants, advisors, and other third parties we use to support our business, such as companies that assist us with Internet service, web hosting, data and cloud storage, shipping and delivery, payment processing, fraud prevention, research and data analytics, and marketing.
• Provide you with relevant advertising on third-party websites or other online sources, or to provide you with and to measure relevant third-party advertising on the Services.
• An actual or prospective buyer or other successor in the event of an actual or proposed merger, divestiture, restructuring, reorganization, dissolution, other sale or transfer of some or all of our assets, or other corporate transaction, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
• Comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• Enforce our rights arising from any contracts entered into between you and us, and for billing and collection.
• Protect the rights, property, or safety of the Company, our customers, or others, including if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of the Company, our customers, the public, or others.
• Fulfill the purpose for which you provide it, for any other purpose disclosed by us when you provide the information, or otherwise with your consent.

We also disclose aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. We process, maintain, and use this information only in an aggregated, anonymized, or de-identified fashion and will not attempt to re-identify such information, except as permitted by law.

We do not sell personal information or use your personal information for targeted advertising except as disclosed in this Policy.8

7. Privacy Choices

We strive to provide you with choices regarding the personal information you provide to us. We offer the following mechanisms to provide you with control over your information:

• Accessing, Correcting, and Updating Your Information. To access and update certain information, you can login and edit your profile,9 or you can contact us as provided in Section 15 (How to Contact Us). Note that we may not accommodate a request to change information if we believe that the change would violate any law or legal requirement or cause the information to be incorrect.
• Tracking Technologies; Device Permissions. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. If you refuse cookies, some parts of the Services may then be inaccessible or not function properly. Mobile devices offer permission systems for specific types of device data and notifications, such as phone contacts, pictures, location, and push notifications. You can change your settings on your device to either consent to or refuse the collection or processing of the corresponding information or the display of the corresponding notifications. If you disable or refuse certain permissions, the Services may then be inaccessible or not function properly. Note that the Services do not respond to “do not track” (DNT) signals.10
• Promotional Offers from Us. If you do not wish to have your contact information used by us for promotions, you can opt-out by unsubscribing from any emails you receive from us. Additionally, you can also always opt-out by contacting us as provided in Section 15 (How to Contact Us). This opt-out does not apply to information provided to the Company because of a registration or other transaction.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt-out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website, https://thenai.org/opt-out. Similarly, you can opt-out of receiving targeted ads from members of the Digital Advertising Alliance (“DAA”) on the DAA’s website, https://www.privacyrights.info.

8. Security

We implement various physical, administrative, and technical safeguards to protect the security of your personal information both online and offline. The safety and security of your information also depends on you. Where you have a password for access to certain parts of the Services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

9. Retention of Personal Information

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws or until you withdraw your consent (where applicable).

To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

10. International Data Transfers

The Services are operated and managed on servers located and operated in the United States.11 Any information collected through the Services as described in this Policy is stored in the United States. If you are located outside of the United States, please note that we may transfer information, including personal information, to the United States, which may not have the same data protection laws as your jurisdiction, and you consent to the transfer of your personal information to, and the storage and further processing of your personal information in, the United States.

11. Children’s Privacy

The Services are not directed to nor intended for use by anyone under 18 years old (“Child” or “Children”). We do not knowingly collect personal information from Children. If you are a Child, please do not use the Services or provide any personal information on the Services. If we learn we have collected or received personal information from a Child, we will delete that information. If you believe we might have any information from or about a Child, please contact us as provided in Section 15 (How to Contact Us).

12. Notice for Individuals Located in California

This Section 12 (Notice for Individuals Located in California) applies exclusively to visitors and users of the Services who reside in the state of California. California’s Shine the Light law permits California residents to request certain details about how their information is disclosed to third parties for direct marketing purposes. We do not currently disclose personal information to third parties for their direct marketing purposes.12

13. Notice for Individuals Located in Nevada

This Section 13 (Notice for Individuals Located in Nevada) applies exclusively to visitors and users of the Services who reside in the state of Nevada. Nevada provides its residents with a limited right to opt-out of certain personal information sales. Nevada residents who wish to exercise this sale opt-out right may email us at legal@realtalk.tech or legal@bellagent.ai. Please include “Nevada” in your email subject line and include the following information in your email: (i) your name, (ii) Nevada resident address, and (iii) email address. However, please know we do not currently sell data triggering that statute’s opt-out requirements.13

14. Changes to this Policy

We reserve the right to review and revise this Policy from time to time, without prior notice, subject to applicable legal requirements. The date this Policy was last reviewed and/or revised is noted at the top of the page. You are responsible for periodically visiting this Policy to check for any changes. Your continued use of the Services following the posting of changes constitutes your acceptance of such changes.

15. GDPR Notice for Individuals in the EEA, UK, and Switzerland

For individuals located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), Company processes “personal data” in accordance with the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and all applicable data protection laws.

Lawful Bases for Processing. Company processes personal data on the following lawful bases: (a) performance of a contract (for example, to provide and support the Services); (b) compliance with legal obligations; (c) Company’s legitimate interests (for example, to secure and improve the Services, prevent fraud, and analyze usage); and (d) consent, where required by law (for example, certain marketing communications).

Controller and Processor Roles. For Customer Personal Data that you or your organization submit to the Services, your organization is the data controller and Company is the data processor. Company processes Customer Personal Data only on documented instructions from the controller, as set out in these Terms, this Policy, any applicable data processing addendum, and your configuration of the Services.

Data Protection Addendum. Upon request or where required by law, Company will enter into a data processing addendum (“DPA”) that governs the processing of personal data on your behalf. In the event of a conflict between this Policy and a DPA, the DPA will control with respect to personal data processing.

International Transfers. Company is headquartered in the United States and may transfer personal data to the United States or other countries that may not provide the same level of data protection as the EEA, UK, or Switzerland. Where required, Company uses appropriate safeguards, such as the EU Standard Contractual Clauses, the UK Addendum, or other approved transfer mechanisms.

Data Subject Rights. Individuals in the EEA, UK, or Switzerland have certain rights, including the right to request access to personal data, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interests or direct marketing. Individuals also have the right to withdraw consent at any time where consent is the basis of processing. Requests relating to Customer Personal Data should be directed to the relevant controller (for example, your employer or service provider). Company will assist controllers in responding to such requests, as required by applicable law and any DPA.

Retention. Personal data is retained only for as long as reasonably necessary to fulfill the purposes for which it was collected or as required by applicable law, including the three (3) year post-termination retention period applicable to certain annual subscription partners, as described in the Terms of Service.

16. Additional Security and Compliance Disclosures

Security Program. Company maintains an information security program including administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Company’s security controls are aligned with industry standards and SOC 2 Type II principles.

Layered Security Strategy. The Data Processor implements a comprehensive, layered security strategy incorporating both Security Information and Event Management (SIEM) for broad network visibility and Endpoint Detection and Response (EDR) solutions for focused, granular protection at the device level. These measures enable real-time monitoring, threat detection, and automated incident response capabilities across the processing environment.

Penetration Testing and Assessments. Company conducts penetration testing following any significant release of code or major platform update and, in addition, performs penetration testing at least once per calendar quarter. Company also engages an independent auditor to review its cybersecurity program annually, including controls relevant to CCPA, GDPR, and other privacy regulations, and to verify adherence to documented policies.

Third-Party Integrations and Platforms. For integrations with Google Workspace, Microsoft 365, Azure Active Directory, and similar platforms, Company adheres to the applicable OAuth, authorization, and security requirements published by those providers and monitors for policy changes on an ongoing basis. If Company determines that a particular integration or custom configuration requested by a customer would meaningfully weaken or circumvent Company’s security controls, Company may decline or disable such integration.

Incident Response. In the event of a security incident involving personal information within Company’s environment, Company will follow its incident response procedures, including investigation, containment, remediation, and, where required by law, notification to affected controllers and/or individuals. Where the incident originates from or is caused by a third-party system or vendor integrated by a customer, Company will take reasonable steps to protect its own systems and cooperate with the customer, but the customer remains responsible for managing its own vendors and systems.

17. How to Contact Us

To ask questions or comment about your personal information, this Policy, or our privacy practices, you may contact us:

Proactifi, Inc. (Bellagent)
Mail: 220 N Green Street, Unit 365 Chicago, IL 60607
Phone: (847) 409-0762
Email: support@bellagent.ai