berto.ai logo
Sign in

Your Privacy, Our Responsibility

How berto.ai collects, uses, and protects your information when you use our platform.

Privacy Policy

Our Commitment to You

At berto.ai, we take the privacy and security of your data seriously. This Policy explains what information we collect, how we use it, and the choices you have. Please read it carefully.

1. Introduction

This Privacy Policy describes how berto.ai ("berto.ai", "we", "us", or "our") collects, uses, and discloses information when you use our website, our customer relationship management platform, and any related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

We collect several types of information to provide and improve the Service for you and your organization. The categories below cover what we collect, how each category is collected, and the purposes it is used for — including processing by our third-party AI provider when the AI assistant is used (see Section 7).

Berto collects the following categories of data: (a) Account Information, (b) CRM Content, (c) Device Information, (d) Usage Analytics, and (e) Crash and Diagnostic Logs. Each is described below.

(a) Account Information (Personal Data)

Collected directly from you when you sign up, request a demo, contact us, or update your profile. Used to create and authenticate your account, communicate with you about the Service, process billing, and provide support. Includes:

  • Email address
  • First name and last name
  • Phone number
  • Company name and job title
  • Business address, city, state, country, and postal code
  • Billing and payment details (processed by our payment provider; we do not store full card numbers)
  • Basic organization profile: organization name, industry, website, timezone, currency, company size, and location

(b) CRM Content (Customer Data)

Collected when you (or members of your organization) create, import, sync, or upload records into the platform. Used to operate the CRM features you have configured — storing and displaying your companies, contacts, deals, tasks, notes, activities, emails, and any images or files you choose to upload. You are the controller of this Customer Data; berto.ai processes it on your behalf in accordance with your instructions and our agreement with you. CRM Content is also the source material referenced by the AI assistant when you opt in to use it (see Section 7).

(c) Device Information

Collected automatically when you access the Service. Used to deliver a working experience across devices, secure your account, and diagnose compatibility issues. Includes IP address, browser type and version, operating system, device model and identifiers, language and locale settings, and screen/viewport information.

(d) Usage Analytics

Collected automatically as you interact with the Service. Used to monitor performance, understand which features are used, improve reliability and the user experience, and detect abuse. Includes the pages and features you visit, the time and date of your visit, the time spent on each, in-app events (e.g., record created, AI prompt submitted), and pseudonymous organization and user identifiers with timestamps.

(e) Crash and Diagnostic Logs

Collected automatically when the application encounters an error, crash, or other unexpected condition. Used solely to diagnose and fix bugs, restore service, and improve stability. May include stack traces, the action being performed at the time of the crash, device and OS version, app version, and a pseudonymous identifier so we can correlate reports.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on the Service and hold certain information. The cookies we use fall into three broad categories:

  • Session Cookies — used to operate the Service and keep you signed in.
  • Preference Cookies — used to remember your preferences and settings.
  • Security Cookies — used to support security features and detect malicious activity.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and operate the Service.
  • To create and manage your account and authenticate users.
  • To process transactions and send related information, including confirmations and invoices.
  • To notify you about changes to the Service, new features, and security updates.
  • To allow you to participate in interactive features when you choose to do so.
  • To provide customer support and respond to your requests.
  • To monitor usage of the Service and improve performance, reliability, and the user experience.
  • To diagnose crashes and other defects through automated diagnostic logs.
  • To generate responses through our AI assistant when you have opted in to that feature, by sending the relevant inputs to our third-party AI sub-processor as described in Section 7.
  • To detect, prevent, and address technical issues, fraud, and abuse.
  • To comply with legal obligations and enforce our terms.

4. Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. In particular, data may be processed in the United Arab Emirates and other countries where our service providers operate.

By using the Service or providing us with your information, you consent to this transfer. berto.ai will take reasonable steps to ensure that your data is treated securely and in accordance with this Policy.

5. Disclosure of Data

We may disclose your Personal Data in good faith if such action is necessary to:

  • Comply with a legal obligation, court order, or governmental request.
  • Protect and defend the rights or property of berto.ai or our affiliates.
  • Prevent or investigate possible wrongdoing in connection with the Service.
  • Protect the personal safety of users of the Service or the public.
  • Protect against legal liability.

6. Service Providers

We may employ third-party companies and individuals to facilitate the Service ("Service Providers"), provide the Service on our behalf, perform Service-related functions, or help us analyze how the Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Examples include cloud hosting providers, analytics providers, payment processors, email delivery services, and customer support tooling.

7. Use of Third-Party AI Services

Berto offers an optional AI assistant. When you (or a user in your organization) choose to use this assistant, certain data is sent to a third-party AI provider acting as our sub-processor so the assistant can generate a response. This section explains who that provider is, exactly what is and is not sent, how that provider may use the data, and the controls you have. We disclose this here — not only in our Terms of Service — so that it is part of the public privacy policy as required by applicable App Store rules (including Apple App Store Review Guideline 5.1.2(i)).

AI Provider

Our AI sub-processor is OpenAI, L.L.C., a United States company ("OpenAI"). OpenAI's privacy policy is available at https://openai.com/policies/privacy-policy. Requests to OpenAI are made from our servers over the OpenAI API using TLS-encrypted connections.

Data We Send to OpenAI When the AI Assistant Is Used

When you invoke the AI assistant, we send only the data needed to answer your prompt. Specifically:

  • The text of the prompt you submit to the assistant.
  • The CRM records you (or the assistant on your behalf) reference in the prompt — including companies, contacts, deals, tasks, notes, activities, and emails — scoped strictly to your own organization.
  • Your basic organization profile: organization name, industry, website, timezone, currency, company size, and location, used to help the assistant produce contextually appropriate responses.
  • The current conversation history with the assistant, so it can maintain context across turns in the same conversation.
  • Pseudonymous organization and user identifiers and timestamps, used for rate limiting, abuse prevention, and operational logging.

Data We Do NOT Send to OpenAI

We do not send the following to OpenAI under any circumstance:

  • Account passwords or any authentication tokens, API keys, or secrets.
  • Payment information, including card numbers and billing details.
  • Advertising identifiers or tracking identifiers used for cross-app or cross-site profiling.
  • Data belonging to any other organization on the platform — every AI request is strictly scoped to the requesting user's own organization.

How OpenAI Uses This Data

OpenAI receives the inputs described above solely to generate the response that is returned to you through the assistant. OpenAI acts as our sub-processor for this purpose. Data is transmitted to OpenAI over TLS-encrypted connections. Under OpenAI's API and business terms applicable to our account, OpenAI does not use API inputs or outputs to train its models. OpenAI is contractually required to provide the same or equivalent level of protection for this data as described in this Privacy Policy.

Consent and Control

Use of the AI assistant is opt-in. Before any data is sent to OpenAI:

  • On the iOS app, an in-app consent screen is shown the first time you attempt to use the AI assistant, and no data is sent to OpenAI unless you accept it.
  • On the web app, you must enable the AI assistant from AI settings before any data is sent.
  • You can revoke consent at any time. On mobile, open the user menu and disable the AI assistant. On the web, open AI settings and turn it off. Once revoked, no further data is sent to OpenAI, and the assistant becomes unavailable in your account until re-enabled.

8. Security of Data

The security of your data is important to us. We use commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Data and Customer Data against unauthorized access, alteration, disclosure, or destruction.

However, please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. Data Retention

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, to provide the Service to you, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Customer Data is retained for the duration of your subscription and may be deleted after termination in accordance with your agreement with us.

10. Your Rights

Depending on your jurisdiction, you may have certain rights regarding the Personal Data we hold about you, including the right to access, correct, update, port, or request deletion of your Personal Data. You may also have the right to object to or restrict certain types of processing, or to withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us using the details below. We will respond to your request in accordance with applicable law.

12. Children's Privacy

Our Service is intended for use by businesses and is not directed to anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and you become aware that your child has provided us with Personal Data, please contact us. If we discover that we have collected Personal Data from a child without verified parental consent, we will take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Policy. For material changes, we will provide a more prominent notice or send you an email notification. Changes are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: zunair@happytenant.ae
  • By visiting our contact page: /contact