Privacy Policy

This Policy is part of a set of legal documents governing your use of SpeedGrowth AI. It should be read together with our Terms of Service, which governs the contractual relationship between you and Elastic Labs. Where there is any conflict between this Policy and the Terms of Service regarding the processing of personal data, this Policy shall prevail.

1. Introduction

SpeedGrowth AI ("SpeedGrowth") is a conversational AI platform for sales, customer support, and user engagement automation. SpeedGrowth is developed and operated by Elastic Labs Company Limited ("Elastic Labs", "we", "our", or "us"), a company incorporated and headquartered in Vietnam.

Protecting the personal data of our customers, users, and their end-users is a fundamental responsibility. This Privacy & Personal Data Protection Policy ("Policy") describes how Elastic Labs, as the data controller for SpeedGrowth AI, collects, uses, stores, and protects personal data when you use our platform.

This Policy explains:

• What categories of personal data SpeedGrowth collects and processes;
• The purposes for which personal data is processed;
• How personal data is collected;
• Who is authorized to process personal data;
• How data is stored and protected;
• The rights and obligations of data subjects;
• The security measures we apply to protect personal data.

This Policy forms an integral part of our Terms of Service and any service agreements between Elastic Labs and our customers. In compliance with applicable Data Protection Law, Elastic Labs does not rely on implied or automatic consent. Your consent to this Policy must be given actively and explicitly — by checking the consent box presented during account registration — before any personal data is collected or processed. Mere use of the platform does not constitute consent.

This Policy may be updated from time to time in accordance with changes in applicable law or our data practices. We will notify registered users of material changes via email and by posting the updated Policy on our website at least 14 days before any changes take effect. We recommend that you review this page periodically.

2. Definitions

In this Policy, the following terms have the meanings set out below:

• “Elastic Labs”, “we”, “us”, or “our” refers to Elastic Labs Company Limited, the developer and operator of SpeedGrowth AI.
• “SpeedGrowth AI” or “the Platform” refers to the conversational AI software product available at speedgrowth.ai.
• “Customer” or “you” refers to any individual or organization that registers, accesses, or uses SpeedGrowth's services.
• “End-User” refers to natural persons whose data is processed through the SpeedGrowth platform on behalf of a Customer.
• “Personal Data” means any information that identifies or can reasonably identify a natural person, including basic and sensitive personal data as defined under applicable Data Protection Law.

3. Categories of Personal Data We Process

3.1 Basic Personal Data

Depending on the nature and type of your interaction with SpeedGrowth, we may collect and process one or more of the following categories of basic personal data:

• Full name (first name, middle name, and last name);
• Gender;
• Date of birth;
• Nationality;
• Permanent address, temporary address, current residence, hometown, birthplace, or contact address;
• Phone number;
• Email address;
• National ID number, personal identification number, or passport number;
• Job title and employer name;
• Work address and work phone number;
• Account credentials (username; passwords are hashed and never stored in plaintext);
• Subscription and billing details (plan type, billing cycle — payment card data is handled exclusively by third-party PCI-DSS compliant processors);
• Other information that identifies or helps identify a specific individual, as classified under applicable law.

3.2 Sensitive Personal Data

Elastic Labs generally does not require customers to submit sensitive personal data. We ask that you refrain from submitting sensitive personal data unless expressly agreed in writing. Sensitive personal data includes, but is not limited to:

• Banking login credentials, bank account numbers, card numbers, and financial transaction histories (including securities and insurance activity) — as expanded under applicable Data Protection Law;
• Health, medical, or biometric data;
• Racial or ethnic origin, political opinions, religious or philosophical beliefs;
• Records of legal violations by an individual;
• Any other category designated as sensitive personal data under applicable Data Protection Law.

If sensitive personal data is submitted, you hereby consent to its processing under this Policy. You may withdraw consent at any time as described in Section 10. Elastic Labs does not store payment card or banking credential data — such data is handled solely by our third-party payment processors under their own compliance certifications.

3.3 Technical & Usage Data

When you visit our website or use our platform, we automatically collect the following technical data:

• IP address and general geographic location (country or region level);
• Browser type, operating system, and device identifiers;
• Pages visited, features accessed, and time spent on the platform;
• Referring URLs and search queries;
• Log files and error reports.

3.4 AI Interaction Data

As a conversational AI platform, SpeedGrowth processes the following AI-specific data:

• Conversation content between your deployed AI agents and End-Users — used to deliver the requested service response via Retrieval-Augmented Generation (RAG). Where the Client has enabled Agent Learning and End-User consent has been obtained, conversation data may additionally be used to improve that Client's specific AI Agent as described in Section 5;
• Customer-uploaded configuration data, training documents, and knowledge bases;
• Agent performance metrics and response quality signals, used for service optimization only.

4. How We Collect Personal Data

Elastic Labs collects personal data through the following methods, which may be automated or manual, electronic or otherwise:

1. Direct interactions: When you create an account, subscribe to a plan, fill out forms, contact support, complete surveys, or communicate with us by email, phone, live chat, or social media;
2. Platform usage: When you access or use the SpeedGrowth platform, our systems automatically record technical and usage data as described in Section 3.3;
3. Third-party sign-in (OAuth): If you register or log in using Google or another authorized OAuth provider, we receive the personal data that you have authorized that provider to share, consistent with that provider's privacy policy;
4. Customer-uploaded data: Data your organization uploads to configure AI agents, including contact lists, knowledge bases, and End-User conversation histories. You are solely responsible for ensuring you have a lawful basis to provide such data to SpeedGrowth;
5. Public sources: Publicly available information from websites, professional directories, or social media platforms (e.g., LinkedIn), where relevant to our business relationship;
6. Third-party integrations: Data received from integrated tools and platforms you authorize (e.g., CRM systems, messaging platforms).

5. Purposes of Processing Personal Data

Elastic Labs processes personal data only for specific, explicit, and legitimate purposes. These include:

• Providing, operating, and maintaining SpeedGrowth's platform and service features;
• Authenticating your identity and managing your account;
• Processing payments and managing subscriptions (via third-party processors);
• Communicating with you regarding your account, service updates, security alerts, and support requests;
• Sending marketing communications, promotional offers, and product news — only where you have opted in and subject to your right to withdraw consent at any time;
• Personalizing your experience and improving platform features based on usage analytics;
• Measuring performance and conducting business analytics to develop our services;
• Detecting and preventing fraud, unauthorized access, and violations of our Terms of Service;
• Fulfilling legal obligations and responding to lawful requests from competent state authorities;
• Any other specific purpose for which you have given explicit consent.

No general AI training — RAG by default: SpeedGrowth does not use your data, your uploaded knowledge base, or your End-Users' conversation content to train, fine-tune, benchmark, or improve any general-purpose AI or ML model — including any foundational large language model used to power SpeedGrowth. By default, all AI responses are generated exclusively through Retrieval-Augmented Generation (RAG), which retrieves information from your defined knowledge base at the time of each request. Your data never modifies or becomes part of any shared AI model.

Agent Learning (optional, opt-in only): Where a Client has enabled the Agent Learning feature for their deployment, SpeedGrowth may process encrypted End-User conversation data to improve that Client's specific AI Agent — for example, identifying frequently asked questions, improving response relevance, and refining engagement patterns for that Client's End-Users. This processing is: (i) strictly isolated to the enabling Client's account with no cross-client data use under any circumstances; (ii) never used to train or improve SpeedGrowth's general platform or any shared AI model; (iii) applied only to conversations where the End-User has given separate explicit consent for this purpose before the chat session began; and (iv) subject to deletion within 30 days if the Client disables the feature. If you are an End-User and your conversation was processed under Agent Learning, you may request deletion by contacting the Client directly as they are the Data Controller for your data.

De-identified and aggregated data: SpeedGrowth may de-identify or aggregate data collected through the platform such that it can no longer reasonably identify any individual person. De-identified and aggregated information is not personal data and is not subject to this Policy. Elastic Labs may use and disclose such information for any lawful purpose, including platform analytics, performance benchmarking, product development, and internal research — for example, aggregated conversation volume trends, confidence score distributions, and escalation pattern analysis.

Elastic Labs will not use your personal data for any purpose beyond those listed above without notifying you and, where required by law, obtaining your prior consent.

6. Who We Share Your Data With

Elastic Labs does not sell personal data to any third party. We share it only where strictly necessary, with parties bound by data processing agreements, including:

• Cloud infrastructure providers hosting the platform (see Section 7);
• Payment processors (PCI-DSS compliant) — for billing only;
• Customer support and analytics tools;
• Legal counsel and compliance advisors under confidentiality obligations;
• Competent authorities — only as required by applicable law or court order;
• Other third parties you have expressly authorized.

A current list of our sub-processors is available at trust.speedgrowth.ai/subprocessors.

7. Data Storage

Personal data collected through SpeedGrowth AI is stored on AWS infrastructure (ap-southeast-1, Singapore) via Supabase. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access is restricted by role-based controls and subject to periodic audit.

As Elastic Labs grows its infrastructure, data residency options will be made available to clients who require them. For questions about data storage, contact speedgrowth.support@elasticlabs.org.

8. Data Storage and Retention

8.1 Retention Period

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected, consistent with your agreement with us and applicable law:

• Account and service data: retained for the duration of your active subscription, plus a reasonable period thereafter as required to meet legal obligations, prevent fraud, or resolve disputes;
• AI conversation and interaction data: retained per the configurable data retention settings available in your account dashboard;
• Marketing and prospect data: retained until no longer commercially relevant, or until you withdraw consent;
• Legal, tax, and compliance records: retained for the periods mandated by applicable law.

Elastic Labs does not retain personal data beyond what is necessary for the stated purposes.

8.2 Deletion on Request

Upon receipt of a verified erasure request (see Section 9), Elastic Labs will acknowledge the request within 2 working days and complete the deletion of your personal data within 20 days, or within 30 days where the involvement of a third-party data processor is required. Where exceptional circumstances require additional time, Elastic Labs may extend the completion period by a maximum of 20 additional days, provided we notify you of the reason before the original deadline expires.

Deletion may not apply where retention is required or permitted by law, including:

• Legal obligations such as tax, audit, or regulatory record-keeping requirements;
• Prevention of fraud or protection of Elastic Labs' legitimate legal interests;
• Fulfillment of obligations to competent state authorities.

Where full deletion is not possible for these reasons, Elastic Labs will inform you of the specific basis for retention and, where feasible, delete or anonymize the portions of your data that are not subject to the retention requirement.

9. Your Rights

Under applicable Data Protection Law, you have the right to:

• Be informed about how your personal data is collected and used;
• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Request deletion of your personal data;
• Restrict or object to certain processing;
• Receive your data in a portable format where technically feasible;
• Withdraw consent at any time without penalty;
• Lodge a complaint with the competent data protection authority in your jurisdiction;
• Claim compensation for damages from violations of your data protection rights;
• Seek recourse through competent authorities or courts.

To exercise any of these rights, email speedgrowth.support@elasticlabs.org or visit speedgrowth.ai/privacy-request. We will acknowledge your request within 2 working days and respond within the timeframes required by law. All valid requests are handled at no cost to you.

10. Consent

Elastic Labs processes personal data only with your prior, verifiable consent, except where otherwise permitted by law. Consent is never implied, pre-ticked, or bundled — you must actively check the box confirming agreement to this Policy and our Terms of Service when creating an account. We record the time, account identifier, and policy version accepted as evidence of your consent.

You may withdraw consent at any time by contacting speedgrowth.support@elasticlabs.org. Withdrawal does not affect the lawfulness of processing carried out before withdrawal, but may limit your ability to use parts of the service. In some cases, Elastic Labs may process data without consent where required by law, to perform a contract with you, or in genuine emergency situations.

11. Cookies and Tracking Technologies

SpeedGrowth AI does not currently use cookies or tracking technologies on its platform or website. We do not place any tracking pixels, web beacons, or persistent identifiers on your device.

If this changes in the future, we will update this section and publish a dedicated Cookie Policy at speedgrowth.ai/legal/cookie-policy before any cookies are deployed. You will be notified of any such change in accordance with Section 17 of this Policy.

12. Data Security

Elastic Labs implements the following safeguards to protect personal data:

• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Access Control: Role-based access controls ensure only authorized personnel access personal data. Access is logged and audited.
• Infrastructure: All data runs on AWS (ap-southeast-1, Singapore) via Supabase, with continuous security monitoring.
• AI Data Integrity: By default, no customer or End-User data is used to train any AI model. AI responses are generated via RAG within your knowledge base. Where Agent Learning is optionally enabled, encrypted conversation data improves only that Client's specific AI Agent — never shared across clients or used for general model training.
• Rate Limiting: API and AI Agent interactions are rate-limited to prevent abuse.
• Breach Notification: In the event of a data breach, Elastic Labs will notify the relevant authority and affected users within the timeframe required by law.

No system is completely immune to external threats. Elastic Labs is not liable for unauthorized access resulting from actions on your end. If you suspect any misuse, contact speedgrowth.support@elasticlabs.org immediately.

13. Age Restriction

SpeedGrowth is intended for users aged 18 and above. We do not knowingly collect data from minors. If you believe we have done so, please contact us and we will delete it promptly.

14. Customer Obligations Regarding End-User Data

If you process End-User personal data through SpeedGrowth, you represent and warrant that:

• You have a lawful basis and all necessary consents to provide that data to Elastic Labs for processing;
• You have informed your End-Users that their data may be processed by SpeedGrowth AI;
• You will notify Elastic Labs promptly of any End-User consent withdrawal;
• You comply with all applicable data protection laws in your jurisdiction.

Elastic Labs has no direct relationship with End-Users. If an End-User wishes to exercise their data rights over data in your SpeedGrowth deployment, they should contact you directly. You are responsible for facilitating such requests with Elastic Labs' cooperation.

15. Changes to This Policy

We may update this Policy at any time. Material changes will be communicated at least 14 days in advance via email or a website notice. The current version is always at speedgrowth.ai/legal/privacy.

16. Contact Information

For data protection inquiries, rights requests, or concerns, please contact:

Legal reference: This Policy is informed by the laws of the Socialist Republic of Vietnam, including the Personal Data Protection Law No. 91/2025/QH15, Decree No. 356/2025/NĐ-CP, the Cybersecurity Law No. 24/2018/QH14, and other applicable Vietnamese regulations governing data privacy and information security.

© 2026 Elastic Labs Company Limited. All rights reserved.