Chính sách quyền riêng tư

1. Introduction

SpeedGrowth AI ("SpeedGrowth") is a conversational AI platform for sales, customer support, and user engagement automation. SpeedGrowth is developed and operated by Elastic Labs Company Limited ("Elastic Labs", "we", "our", or "us"), a company incorporated and headquartered in Vietnam.

This Privacy & Personal Data Protection Policy describes how Elastic Labs, as the data controller for SpeedGrowth AI, collects, uses, stores, and protects personal data when you use our platform.

Consent to this policy must be given actively and explicitly, including by checking the consent box presented during account registration, before personal data is collected or processed.

Elastic Labs may update this policy from time to time. Registered users will be notified of material changes by email and through the website at least 14 days before those changes take effect.

2. Definitions

Elastic Labs Company Limited: The legal entity that develops and operates SpeedGrowth AI, including its affiliates, branches, representative offices, and business locations, if any.
SpeedGrowth AI: The conversational AI software product available at https://speedgrowth.ai, developed and operated by Elastic Labs Company Limited.
Customer: Any individual or organization that registers, accesses, or uses SpeedGrowth products or services, or participates in SpeedGrowth programs or events.
Vietnamese Customer: Any customer whose registered business address or primary place of use is within the territory of the Socialist Republic of Vietnam.
Global Customer: Any customer whose registered business address or primary place of use is outside the territory of Vietnam.
End-User: Natural persons whose personal data is processed through the SpeedGrowth platform on behalf of a customer, such as the customer's own customers or contacts.
Personal Data: Any information relating to an identified or identifiable natural person in the form of symbols, text, numbers, images, audio, or similar formats in an electronic environment, including basic personal data and sensitive personal data.
Processing of Personal Data: Any operation performed on personal data, including collection, recording, analysis, verification, storage, modification, disclosure, combination, access, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, or destruction.
Data Controller: Elastic Labs Company Limited, which determines the purposes and means of processing personal data in connection with SpeedGrowth AI.
Data Processor: Any third party that processes personal data on behalf of and under the instruction of Elastic Labs.

3. Categories of Personal Data We Process

3.1 Basic Personal Data: Depending on how you interact with SpeedGrowth, we may process full name, nationality, phone number, email address, job title, employer name, work address, work phone number, account credentials, and subscription or billing details. Passwords are hashed and never stored in plaintext, and payment card data is handled exclusively by third-party PCI-DSS compliant processors.
3.2 Sensitive Personal Data: Elastic Labs generally does not require customers to submit sensitive personal data and asks customers not to do so unless expressly agreed in writing. If sensitive personal data is submitted, you consent to processing under this policy and may withdraw consent as described below.
3.3 Technical and Usage Data: When you visit the website or use the platform, we automatically collect data such as IP address, country or region level location, browser type, operating system, device identifiers, pages visited, features accessed, time spent, referring URLs, search queries, log files, error reports, cookie identifiers, and similar tracking signals.
3.4 AI Interaction Data: SpeedGrowth processes conversation content between deployed AI agents and end-users, customer-uploaded configuration data, training documents, knowledge bases, agent performance metrics, and response quality signals. Conversation data is used solely to deliver requested responses through retrieval-augmented generation and not to train or improve any general AI or machine learning model.

4. How We Collect Personal Data

When clients use SpeedGrowth to process data belonging to their own customers or end-users, that processing is governed by the data processing agreement between Elastic Labs and the client. In that scenario, the client is the data controller for their end-users and Elastic Labs acts as a data processor.

Direct interactions such as creating an account, subscribing to a plan, completing forms, contacting support, answering surveys, or communicating with us by email, phone, live chat, or social media.
Platform usage, where our systems automatically record technical and usage data while you access or use SpeedGrowth.
Third-party sign-in, including Google or other authorized OAuth providers, limited to the data you authorize them to share.
Data your organization uploads to configure an AI agent, including knowledge bases, documents, FAQs, and website conversations with deployed AI agents.
Third-party integrations that you authorize, such as CRM systems and messaging platforms.
Cookies and similar tracking technologies.

5. Purposes of Processing Personal Data

SpeedGrowth does not use your data, your uploaded knowledge base, or your end-users' conversation content to train, fine-tune, benchmark, or improve any AI or machine learning model. AI responses are generated exclusively through retrieval-augmented generation using your defined knowledge base at request time.

Conversation data may be processed in aggregated and anonymized form to generate analytics such as confidence scores, escalation trends, and question frequency patterns for the client's own dashboard.

Providing, operating, and maintaining the SpeedGrowth platform and service features.
Authenticating identity and managing user accounts.
Processing payments and managing subscriptions through third-party processors.
Communicating about accounts, service updates, security alerts, and support requests.
Sending marketing communications, promotional offers, and product news only where you have opted in.
Personalizing user experience and improving platform features based on usage analytics.
Measuring performance and conducting business analytics to develop services.
Detecting and preventing fraud, unauthorized access, and terms violations.
Fulfilling legal obligations and responding to lawful requests from competent authorities.
Carrying out any other specific purpose for which you have given explicit consent.

6. Who Processes Your Personal Data

Elastic Labs processes personal data through authorized employees and personnel with specific data processing responsibilities. Personnel with access to personal data are bound by confidentiality obligations and receive data protection training.

Elastic Labs may also share personal data, only as necessary and under binding processing agreements, with cloud infrastructure providers, payment processors, customer communication and support tools, analytics and product performance providers, legal counsel, auditors, compliance consultants, and competent authorities when required by law.

Elastic Labs does not sell personal data to any third party. A current list of sub-processors is available at trust.speedgrowth.ai/subprocessors.

7. Data Storage: Vietnamese Customers vs. Global Customers

Elastic Labs maintains separate storage environments for Vietnamese customers and global customers.

Vietnamese customer data, including account information, AI conversation content, uploaded knowledge bases, and backups, is stored exclusively within Vietnam unless a specific lawful exception applies.

Global customer data is stored on infrastructure in us-east-1 (N. Virginia, USA), managed via Supabase and Vercel, with encryption at rest and in transit, role-based access controls, and audit logging.

Customer segment	Data type	Storage provider	Location	Notes
Vietnamese Customers	Account, profile, subscription data	Self-hosted / Vietnam-based cloud	Vietnam (Ho Chi Minh City region)	Complies with Decree 356 data localization.
Vietnamese Customers	AI conversation and knowledge base	Self-hosted / Vietnam-based cloud	Vietnam (Ho Chi Minh City region)	Data never leaves Vietnamese jurisdiction.
Vietnamese Customers	Backups and disaster recovery	Vietnam-based cloud provider	Vietnam	Encrypted and retained per the retention section.
Global Customers	Account, profile, subscription data	AWS / Supabase	us-east-1 (N. Virginia, USA)	Encrypted at rest and in transit.
Global Customers	AI conversation and knowledge base	AWS / Vercel / Supabase	us-east-1 (N. Virginia, USA)	RAG-only; no model training.
Global Customers	Backups and disaster recovery	AWS S3	us-east-1 (N. Virginia, USA)	AES-256 encrypted and geo-redundant.

8. Data Storage and Retention

Upon a verified erasure request, Elastic Labs will delete or anonymize personal data within 2 working days of confirming identity, except where retention is required by law, necessary to prevent fraud, or needed to protect Elastic Labs legal interests.

Account and service data is retained for the duration of the active subscription plus a reasonable period thereafter to meet legal obligations, prevent fraud, or resolve disputes.
AI conversation and interaction data is retained according to the configurable retention settings available in the account dashboard.
Marketing and prospect data is retained until it is no longer commercially relevant or until consent is withdrawn.
Legal, tax, and compliance records are retained for the periods mandated by law.

9. Your Rights as a Data Subject

To exercise these rights, contact admin@elasticlabs.org. Elastic Labs may require identity verification before processing the request.

9.1 Right to Be Informed: You have the right to receive clear and transparent information about how your personal data is collected, processed, and used.
9.2 Right of Access: You may request confirmation of whether Elastic Labs holds personal data about you and request access to that data. Elastic Labs will respond within 2 business days of a verified request.
9.3 Right to Rectification: You may request correction of inaccurate or incomplete personal data held about you. Verified rectification requests will be processed within 2 business days.
9.4 Right to Erasure: You may request deletion of your personal data. Verified erasure requests will be processed within 72 hours unless retention is required by law.
9.5 Right to Restrict Processing: You may request that Elastic Labs restrict processing of your personal data in certain circumstances. Verified restrictions will be implemented within 72 hours unless law provides otherwise.
9.6 Right to Data Portability: Where technically feasible, you may request your personal data in a structured, commonly used, machine-readable format.
9.7 Right to Object: You may object to processing for direct marketing, profiling, or other purposes not strictly necessary to provide the service.
9.8 Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without penalty.
9.9 Right to Self-Protection: You have the right to self-protect in accordance with the Vietnamese Civil Code, including demanding cessation of infringing conduct, public correction, and compensation for harm where applicable.

10. Consent and Withdrawal of Consent

Elastic Labs processes personal data only with prior, verifiable consent except where otherwise permitted by law. Consent is never implied, pre-ticked, or bundled without a clear, distinct opt-in action.

Consent may be obtained when you actively check the box confirming that you have read, understood, and agree to SpeedGrowth Terms of Service and Privacy Policy, or when you sign a written service agreement that expressly incorporates this policy.

You may withdraw consent at any time by submitting a written request to admin@elasticlabs.org. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Elastic Labs may process personal data without prior consent only where permitted by applicable law, including emergencies, mandatory legal disclosures, national security or law enforcement requests, performance of a contract, or compliance with legal obligations.

11. Cookies and Tracking Technologies

When you first visit the website, you will be presented with a cookie consent banner. Non-essential cookies are not placed without your explicit prior consent.

You may manage, change, or withdraw cookie consent through the website footer cookie preferences tool or by adjusting your browser or device settings.

A full cookie policy is available at https://speedgrowth.ai/legal/cookie-policy.

Enable essential platform functionality and maintain authenticated sessions.
Remember user preferences and settings across visits.
Analyze platform usage and improve performance and user experience.
Deliver relevant service communications where consent has been given.

12. Data Security and Protection Measures

If you suspect misuse of your account or credentials, contact privacy@speedgrowth.ai immediately.

Customer data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
Role-based access controls ensure only authorized personnel with a documented need can access personal data, and access events are logged and periodically audited.
Vietnamese customer data is hosted on Vietnam-based infrastructure. Global customer data runs on AWS us-east-1, managed via Supabase and Vercel with security hardening and continuous monitoring.
API endpoints and AI agent interactions are protected by rate limiting to prevent abuse and unauthorized automated access.
Elastic Labs has designated a DPO in accordance with Decree 356/2025/ND-CP to oversee the data protection program.
In the event of a personal data breach, Elastic Labs will notify competent authorities and affected data subjects within the legally required timeframe and will take immediate steps to contain, investigate, and remediate the incident.

13. AI-Specific Data Provisions

Elastic Labs will never use customer data or end-user conversation content to train, benchmark, evaluate, or improve any general-purpose AI or machine learning model.
SpeedGrowth uses retrieval-augmented generation so uploaded data is retrieved contextually at inference time and never incorporated into the underlying model.
Data accessed through Google Workspace APIs is used solely to deliver the specific functionality requested and is not used for AI model development, improvement, or evaluation.
Where SpeedGrowth processes personal data within AI systems or cloud environments covered by Decree 356/2025/ND-CP, Elastic Labs applies the required data minimization, purpose limitation, auditability, encryption, access control, and contractual protections.

14. Age Restriction

SpeedGrowth services are intended solely for users aged 18 and above. Elastic Labs does not knowingly collect or solicit personal data from individuals under 18.

If a minor under 18 wishes to use SpeedGrowth services, verifiable consent from a legal guardian is required before account creation or platform use.

If Elastic Labs becomes aware that it has collected personal data from a minor without appropriate guardian consent, it will delete that data promptly.

15. Customer Obligations Regarding End-User Data

Elastic Labs has no direct contractual relationship with end-users. End-users who want to exercise rights over data processed through a customer deployment must contact that customer directly.

Customers must obtain all necessary prior consents and have a lawful basis to provide end-user data to Elastic Labs for processing.
Customers must inform their end-users that their data may be processed by SpeedGrowth AI under this policy.
Customers must ensure the data they provide is accurate, complete, and current.
Customers must promptly notify Elastic Labs of any withdrawal of consent by an end-user.
Customers must comply with all data protection laws applicable to their collection and use of end-user data in their own jurisdiction.

16. Consequences of Not Providing Personal Data

Elastic Labs will not be liable for losses arising from limitations or terminations resulting from refusal to provide, or withdrawal of consent for, the processing of necessary personal data.

The relevant processing purpose may not be fully fulfilled.
Provision of the SpeedGrowth service may be interrupted, limited, suspended, or terminated.
The action may be treated as a unilateral termination of the service relationship by the user and may constitute a breach of obligations under the Terms of Service.

17. Changes to This Policy

Elastic Labs may update this policy at any time to reflect changes in applicable law, regulatory guidance, or data practices.

Registered customers will be notified of material changes by email and by posting the updated policy on the website at least 14 days before the changes take effect.

The current version is always available at https://speedgrowth.ai/legal/privacy.

18. Contact Information

Legal entity: Elastic Labs Company Limited
Product: SpeedGrowth
Website: https://speedgrowth.ai
Privacy email: admin@elasticlabs.org
DPO contact: admin@elasticlabs.org
Support hours: Monday to Friday, 09:00 to 18:00 (GMT+7, Vietnam)