Last Updated: May 25, 2025

Introduction and Overview

At Abby, we’re committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you:

  • Use the Abby App (mobile) or Abby Platform (web-based version) as a User,
  • Visit the Abby website,
  • Register for or participate in Abby-sponsored webinars, events, or marketing activities,
  • Interact with Abby’s marketing communications, or
  • Otherwise share your personal information with Abby.

This Privacy Policy applies exclusively to situations where Abby acts as a Data Controller (as defined under applicable privacy laws and regulations) in our direct relationship with individual users. If you are accessing Abby through an organization that has contracted with us (a “Customer“), Abby’s role as a Data Processor is governed by our Data Processing Agreement (“DPA“) with that Customer, available at www.abby.gg/dpa.

Definitions:

  • Inputs: The words, messages, or content you write or upload to the Abby App, Abby Platform, or Abby website.
  • Outputs: The responses, messages, or content generated by Abby’s AI systems in response to your Inputs.
  • User Data: All Inputs, Outputs, and other information you provide directly as an individual user.
  • Customer Data: Information provided by organizations (such as your employer or school) to set up and manage your account, such as your name, email, and admin data. Customer Data is governed by our Data Processing Addendum (DPA), not this Privacy Policy.

Important: Abby is not a covered entity under HIPAA and does not provide medical or clinical services. Please do not include any Protected Health Information (PHI) or sensitive medical information in your interactions with our Service.

By using Abby, you acknowledge this Privacy Policy and consent to the practices described.

Information We Collect

We collect different types of information depending on how you interact with Abby—as a user of the Abby App or Abby Platform, as a website visitor, or as a participant in our marketing activities.

User Data (Inputs and Outputs)

  • Inputs: The words, messages, or content you write or upload to the Abby App, Abby Platform, or website (for example, your questions, messages, or prompts).
  • Outputs: The responses, messages, or content generated by Abby’s AI systems in response to your Inputs.
  • Conversation Data: The content of your interactions with Abby, including both your Inputs and the Outputs generated for you.

Account and Profile Information

  • Account Information: Name, email address, phone number, and payment details when you create an account.
  • Profile Information: Optional demographic information, preferences, and goals you choose to provide.

Service Usage and Device Information

  • Usage Data: How you interact with Abby’s services, including features used, session duration, frequency of use, and engagement patterns.
  • Device Information: Device type, operating system, browser type, IP address, and mobile device identifiers.
  • Location Information: General location based on IP address (not precise GPS location).

Website Visitors and Marketing Activities

  • Contact Information: Name, email address, company, job title, and any information you provide when registering for webinars, downloading resources, or subscribing to marketing communications.
  • Website Analytics: Information about your interactions with our website and emails (such as IP address, browser type, device, and engagement with marketing content).

How We Use Your Information

Service Provision and Improvement

  • Delivering personalized AI conversations and support (generating Outputs in response to your Inputs)
  • Analyzing Inputs, Outputs, and usage patterns to enhance and personalize your experience
  • Developing and training our AI models using anonymized and aggregated Inputs and Outputs to improve service quality
  • Creating and using synthetic data derived from anonymized user interactions
  • Generating aggregated insights to improve our support strategies

Account Management

  • Creating and maintaining your account
  • Processing subscription payments and managing billing
  • Communicating about your account, service updates, and support
  • Providing technical support and responding to your inquiries

Website and Marketing Activities

  • Operating and improving our website and marketing communications
  • Sending you marketing emails or event invitations (if you opt in)
  • Understanding how visitors use our website and marketing materials

Legal and Security Purposes

  • Protecting the security and integrity of our Services
  • Detecting and preventing fraudulent activity
  • Complying with legal obligations
  • Enforcing our Terms and Conditions

Information Sharing and Disclosure

We treat your information with the utmost confidentiality and do not sell your personal information.

We may share your information in the following limited circumstances:

Service Providers (Sub-processors). We work with trusted third-party service providers (“sub-processors”) who perform services on our behalf, such as:

  • Cloud storage and hosting providers
  • Payment processors
  • Analytics services
  • Customer support tools

All service providers are contractually required to use your information only to provide services to Abby and must comply with this Privacy Policy and applicable privacy laws. A current list of our sub-processors is available at www.abby.gg/subprocessors.

Business Transfers. If Abby is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. If this happens, we will notify you by email and/or a prominent notice on our website about any change in ownership or how your information is used.

Legal Requirements and Safety. We may disclose your information if required by law, legal process, or a government request, or if we believe it is necessary to protect our rights, address fraud, or protect your safety or the safety of others.

Your Privacy Rights

These rights apply to your User Data, including your Inputs and Outputs, and to any personal information you provide directly to Abby as a user, website visitor, or marketing contact. Your privacy rights vary based on your location. Below, we outline rights available under major privacy frameworks:

All Users

Regardless of location, you can:

  • Access and review your personal information
  • Update or correct inaccurate information
  • Request deletion of your account and personal information
  • Opt out of marketing communications
  • Download your Inputs and Outputs (where available)
  • Request deletion of your Inputs and Outputs (where available)

European Union, UK, and Switzerland (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Erase your personal data (“right to be forgotten”)
  • Restrict or object to processing of your personal data
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

These rights apply to your Inputs, Outputs, and other User Data.. To exercise these rights, contact us at privacy@abby.gg.

California (CCPA/CPRA)

California residents have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by businesses
  • Opt out of the sale of personal information
  • Non-discrimination for exercising your rights

We do not sell personal information or share your Inputs or Outputs with third parties for advertising purposes. To exercise your rights, contact us at privacy@abby.gg or call 1-800-XXX-XXXX. Please note that some information may be managed by your organization if you use Abby through a school or employer. 

Other U.S. States with Comprehensive Privacy Laws

If you reside in Colorado, Connecticut, Utah, Virginia, or other states with comprehensive privacy laws, you may have similar rights to access, delete, correct, and opt out of certain processing of your personal information. These rights apply to your Inputs, Outputs, and other User Data you provide directly to Abby.

Canada (PIPEDA)

Canadian residents have the right to:

  • Access your personal information
  • Challenge the accuracy of your information
  • Provide consent for collection, use, and disclosure of personal information
  • Withdraw consent

To exercise your rights, contact us at privacy@abby.gg. If you use Abby through an organization, some information may be managed by your organization.

Brazil (LGPD)

Brazilian residents have rights similar to those under GDPR, including access, correction, anonymization, deletion, and information about sharing practices.

China (PIPL)

Chinese residents have rights including:

  • Access and copy personal information
  • Request correction or completion of information
  • Request deletion under certain circumstances
  • Explanation of processing rules
  • Withdraw consent

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@abby.gg. We will respond to your request within the timeframe required by applicable law (typically 30-45 days). For verification purposes, we may request additional information to confirm your identity before fulfilling your request.

These rights apply to your User Data, including your Inputs and Outputs, and to any personal information you provide directly to Abby as a user, website visitor, or marketing contact. 

Data Retention and Deletion

Account Information

  • We retain your account information for as long as your account is active
  • After account termination or subscription cancellation, we will delete your personal information within 30 days. If your account was created through an organization, certain Customer Data may be retained as required by our agreement with your organization.

Conversation Data

  • Active Users: Conversation history is retained to provide personalized service
  • After account termination: Conversation data is deleted within 30 days (subject to restrictions, see below). 
  • You can request deletion of specific conversations at any time through the Abby App
  • Conversation Data includes your Inputs and the Outputs generated by Abby’s AI systems.
    After account termination, your Inputs and Outputs are deleted within 30 days, unless retention is required by law or for legitimate business purposes (such as legal defense or compliance).

Anonymized and Aggregated Data

  • We may retain anonymized and aggregated data indefinitely. Anonymized and aggregated data may include anonymized Inputs and Outputs. 
  • This data cannot be used to identify you personally
  • We use this data for service improvement, research, and analytics

Usage Data

  • Basic usage statistics may be retained for up to 24 months
  • After this period, data is fully anonymized or deleted
  • Anonymized usage patterns may be retained indefinitely for service improvement

Jurisdiction-Specific Retention Requirements

  • EU/UK/Switzerland: Data is retained in accordance with GDPR requirements
  • Other jurisdictions: We comply with local retention requirements where applicable

Deletion Process

When we delete your data:

  • Personal information is permanently removed from our active systems
  • Backups containing your information are cycled out within 90 days
  • Anonymized data derived from your usage may be retained. Anonymized data may include anonymized Inputs and Outputs, which cannot be used to identify you personally.

Requesting Deletion

You may request deletion of your Inputs, Outputs, and other User Data at any time using these methods:

  • Using the in-app deletion tools
  • Contacting us at privacy@abby.gg
  • Terminating your account

Security Measures

We implement robust security measures to protect your information:

Technical Safeguards

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Continuous monitoring for unauthorized access

Organizational Controls

  • Employee training on privacy and security
  • Background checks for employees with data access
  • Documented security policies and procedures
  • Incident response plan for potential data breaches

Third-Party Assessments

  • Regular third-party security assessments
  • Compliance verification with industry standards
  • Vendor security reviews

Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify you in accordance with applicable laws
  • Provide information about the breach and our response
  • Offer guidance on protecting yourself from potential harm

International Data Transfers

As a global service, your information may be transferred to and processed in countries other than your country of residence:

Transfer Mechanisms

  • For transfers from the EU/UK/Switzerland, we use Standard Contractual Clauses
  • For other jurisdictions, we implement appropriate safeguards as required by local law
  • We assess the privacy laws of recipient countries to ensure adequate protection

Data Localization

  • Where required by law, we may store certain data within specific geographic regions.
  • We work with cloud providers that maintain global infrastructure to support regional data storage requirements.

Cross-Border Transfer Safeguards

  • Technical safeguards, including encryption and access controls
  • Contractual commitments from service providers regarding data protection
  • Regular assessment of cross-border transfer risks

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements:

  • Material changes will be notified via email or through the Service
  • Updates will be posted on our website with a revised “Last Updated” date
  • Continued use of the Service after changes constitutes acceptance of the updated policy
  • For significant changes, we may request renewed consent

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email for Privacy Questionsprivacy@abby.gg

Postal Address: Abby Intelligence, Inc. 8605 Santa Monica Blvd PMB 533679, West Hollywood, California 90069-4109 US 

Data Protection Officerdpo@abby.gg

For urgent matters, please contact us at: support@abby.gg

Important Information About Our Service

Non-Medical Nature of Service

  • Abby provides conversational support through an AI chatbot, not medical advice or clinical therapy
  • Our AI is not a licensed therapist, counselor, or healthcare provider
  • The Service is not a substitute for professional advice, diagnosis, or treatment
  • Conversations with Abby are processed automatically by our AI systems, not reviewed by human staff except in limited circumstances for service improvement

Automated Processing

  • Our Service operates primarily through automated processing
  • We do not routinely monitor or review the content of individual conversations
  • Automated systems may analyze conversations to improve the AI’s responses and functionality
  • Any human review of data is conducted on anonymized or aggregated data sets for service improvement purposes

Data Sensitivity

We process this information in accordance with applicable privacy laws

While not classified as medical data under most regulations, we recognize the personal nature of conversations

We implement security measures appropriate to the sensitivity of the information

Get Started