1. Who We Are
▢ Moss.inc (“Moss,” “we,” “our”) provides an AI‑powered, in‑app assistant delivered through our JavaScript SDK, Chrome extension and the viamoss.ai website (together, the “Service”).
Privacy questions may be sent to junil@viamoss.ai.
2. Scope
This Policy explains how we collect, use, disclose and safeguard personal data when you:
visit viamoss.ai or any sub‑domain;
embed or interact with the Moss SDK/extension inside a customer’s product; or
communicate with us by email, social media or at events.
End‑user note: when you interact with Moss in someone else’s SaaS product, that provider is the controller of your data; Moss acts only as their processor. Please read the provider’s own privacy notice.
3. Data We Collect
Account data (from you)
• Name, work email, company name, and billing details.
• Retention: billing and audit data are kept for seven years.
Service‑interaction data (from the Moss SDK or extension)
• Serialized DOM snapshots and UI screenshots (we blur or anonymise visible personal information).
• Chat logs between you and Moss.
• Retention: DOM snapshots and screenshots are deleted after 30 days; chat logs after 90 days.
Device and usage data (from cookies or SDK events)
• IP address, browser type, operating system, referrer URL, and time‑stamps.
• Retention: up to 13 months.
Cookie and analytics data (from Google Analytics)
• Anonymous identifiers and page‑view information.
• Retention: up to 13 months.
4. How and Why We Use Data
Provide, secure and maintain the Service – legal basis: performance of a contract.
Improve models and features (using de‑identified or aggregated usage data) – legal basis: our legitimate interests.
Billing, tax and regulatory compliance – legal basis: legal obligations.
Marketing updates and product announcements – legal basis: consent or legitimate interests; you can opt out at any time.
We never train third‑party AI models on identifiable end‑user data.
5. Sub‑Processors
We rely on carefully selected service providers bound by GDPR‑compliant agreements:
Amazon Web Services (us‑west‑2) – primary hosting.
Google Gemini API – large‑language‑model inference.
Supabase – managed Postgres database.
Clerk – OAuth identity management.
Google Analytics – website analytics.
A current list is always available at viamoss.ai/legal/sub‑processors.
6. International Transfers
Personal data may be stored or accessed in the United States. When data originates in the European Economic Area, the United Kingdom or Switzerland, we rely on:
the EU Standard Contractual Clauses (SCCs), and
the UK International Data Transfer Agreement (IDTA).
We also intend to certify to the EU–US Data Privacy Framework once eligible.
7. Your Rights
Where applicable law grants them, you can:
access or download a copy of your personal data;
correct inaccurate data;
request deletion (“right to be forgotten”);
object to or restrict processing;
receive your data in a portable format;
opt out of marketing emails.
Send requests to junil@viamoss.ai. We respond within 30 days. If we process your data purely on behalf of a customer, we will forward your request to that customer.
8. Security
TLS 1.2+ encryption in transit.
AES‑256 encryption at rest.
Role‑based access control and multi‑factor authentication.
Screenshots and DOM captures automatically scanned to blur or remove personal information.
No system is 100 percent secure, and we cannot guarantee absolute protection.
9. Data Retention
DOM snapshots and screenshots: deleted after 30 days.
Chat transcripts: deleted after 90 days.
Billing and audit logs: retained for 7 years.
After each retention period ends, data is either permanently deleted or irreversibly anonymised within 30 days.
10. Cookies and Tracking Choices
The website uses Google Analytics cookies to understand aggregated traffic patterns. You may decline non‑essential cookies via the banner or by adjusting your browser settings.
The Moss SDK sets a first‑party cookie that is essential for secure sessions; it cannot be disabled while you use the Service.
11. Children
The Service is not directed to anyone under 18 years of age. If we learn we have collected personal data from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced by email or an in‑product notice. Continued use of the Service after the effective date means you accept the revised Policy.
13. Contact
Email: junil@viamoss.ai
You may also lodge a complaint with your local data‑protection authority.