Privacy Policy

This is the Privacy Policy for the Faithbase software-as-a-service platform (“Platform”), your interactions with us through usefaithbase.com or servant.io (collectively, the “Site”), or our other related products or services (collectively, the “Services”) provided by Servus Consulting Partners, LLC dba Servant (“Servant,” “us,” or “we”). By using or accessing our Services in any manner, you acknowledge and consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, do not use our Services. Any terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms of Service. We may provide additional notices about our privacy practices, each of which will be considered to form part of this Privacy Policy. Please read this Privacy Policy carefully to understand our privacy practices.

1. What is “Personal Data”?

When we say, “Personal Data,” we mean information that meets the statutory definition of Personal Data, personal data, or personally identifiable information under applicable data protection laws, or information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or household. Below are examples of categories and types of Personal Data by category:

• Identifiers (e.g., name, address, telephone number, email address, username);

• Internet or other similar activity (e.g., IP address, geolocation, browsing history);

• Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);

• Employment-related information (e.g., current or past employment);

• Protected classification information (e.g., race, ethnicity, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);

• Sensitive Personal Data (e.g., birthdate, government ID, health data);

• Non-public educational information, including information protected under FERPA; and

• Inferences drawn from the Personal Data collected to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.

Not all information about a person is protected as their “Personal Data.” Privacy laws sometimes exclude certain information from privacy protections, for example: (i) publicly available information, such as information in government records or information that is lawfully made available to the general public, (ii) aggregated information, meaning data about a group or category of services or users from which individual identities and other Personal Data has been removed, or (iii) deidentified information that cannot be easily linked back to the individual.

2. Our Privacy Practices

Servant only collects, uses, retains, and discloses Personal Data through the Services as reasonably necessary and proportionate to provide the Services or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Data.

The Services process Personal Data as described below:

1. Client Registration. When an organization registers to use Platform or our related Services as a Client of Servant:

   • Contact information for the Client, including name, email address, and other identifiers for the Client’s point of contact.

   • Name and other organization details about the Client.

   • Payments for subscription fees are processed through a third-party payment processor in compliance with PCI DSS standards, such as Stripe. Servant does not collect, store, or process credit card numbers or full payment card details on our servers.

2. Clients Use of Platform. Platform is provided to our subscribing clients (“Clients”) on a business-to-business basis. Servant has no direct relationship with the end users that access or use Platform via our Clients (“End Users”). Clients use Platform to deploy conversational experiences on their websites and digital properties using artificial intelligence, machine learning, or similar technologies (“AI”). Servant processes Client Data as a data processor or service provider to the Client and Servant is in no way responsible for the privacy practices related to processing Client Data:

   • Data submitted or generated through Platform (e.g., AI Inputs, Outputs, Client Content, etc., each as defined in the Terms of Service) by Client or its End Users (“Client Data”) belongs to the Client and is processed on Platform by the Client according to its own terms of use and privacy policies.

   • Platform ingests the Client’s website content via URL as instructed and provided by the Client. The Client can also upload documents, articles, transcripts, media files, and other data to Platform. This data is used to configure the AI Agent or otherwise customize the user experience and Services functionality. The Client determines which Client Data is made available to End Users and whether or how the Client Data is used to generate Outputs through the AI Agent.

   • The Client configures the AI Agent and other Platform features by selecting and saving prompts, rules, and other settings.

3. End Users on the Client Website. End Users may encounter Platform or other Services features through the Client’s website.

   • The End User might interact with the AI Agent on the Client’s website by asking a question through an Input and receiving a response in the form of an Output. Any Personal Data included in the End User’s Input is Client Data and will be processed by Platform according to the Client’s configurations and other instructions.

   • Platform will process all Personal Data included in the End User’s Inputs as instructed by the Client through settings on the Services. For example, an End User might include in their chat messages details about their religious beliefs, personal circumstances, or health information. The Client is responsible for establishing appropriate use of Platform by its End Users through the Client’s operation of the website.

   • Any sensitive Personal Data submitted to the Services by a Client or its End Users will be processed by Servant as a service provider or processor to Client.

   • Servant does not control and has no responsibility for End User Personal Data collected or processed through the Client’s website in any manner. For example, a Client allows its End Users to register on the website, the Client determines what Personal Data to collect for registration and whether that Personal Data is transmitted to Servant through Platform or other means.

   • The Client may use Platform to implement and manage outreach efforts like fundraisers or marketing campaigns. The Client is responsible for the content of these outreach efforts and for using the Services in compliance with marketing, consumer protection, and other applicable laws.

   • The Client must provide its End Users with privacy notices and collect consent as required by law.

   • Servant processes this information as a service provider or processor to the Client. The Client, not Servant, uses settings on the Services to determine (and is responsible for) how Personal Data is collected, processed, and handled through Platform.

   • End Users with questions about Platform should contact the Client using Platform on its website.

4. Site Visitors. If you visit the Site or contact Servant online, by email or otherwise:

• We will collect Personal Data including identifiers like your name and email address or username, along with any other Personal Data that you choose to include in your message to us.

• If you submit a review of the Services, we may post your review (and any Personal Data you choose to include) on the Site or our third-party channels.

• We collect this information with your consent, and we use it to provide the Services, respond to your inquiries, and communicate with you about the Services.

• Servant may use your contact information to send you marketing messages according to your stated communication preferences and applicable law. You may opt-out of marketing messages at any time by clicking the Unsubscribe link in any email from us or by contacting legal@servant.io with a subject line “Opt-out of marketing communications.”

  1. Technical Data. The Services may automatically collect technical data from a user’s visit or session:

• The Services collect technical data like IP address, browser type, device type, referring URL, and log data.

• End User content interaction data and AI Agent conversation metadata (session timestamp; duration) and performance data (response time; errors) are collected through Platform.

• We use this data to analyze usage patterns and improve functionality.

• The Services use cookies, both on the Site and through Platform, that are strictly necessary for the Services to function, such as for authentication and session management purposes.

• Servant also uses a cookieless analytics tool to collect aggregated (non-identifying) usage metrics from the Services.

In addition to the specific uses above, Servant might also use Personal Data submitted to the Services to provide or improve the Services, provide Client support, monitor compliance with our terms and conditions, enforce this Privacy Policy, as necessary to bring legal action or defend our company, for legal compliance purposes, or for any other purpose with Client instruction or consent from the individual.

3. Children’s Privacy

Servant requires all point of contact individuals for Clients to be at least 18 years old. If we discover that a child under age 18 has provided us with Personal Data without parent or guardian consent, we will promptly delete the information from our systems. If you believe we might have any information collected online from a child under 18, or if you become aware of any unauthorized submission of information to us, please contact us at legal@servant.io.

Servant cannot control the privacy practices of its Clients. If a Client permits a child under the age of 18 to interact with Platform or our other Services through the Client’s website or any other means, this is done under the Client’s privacy practices, not ours. We are not responsible for any Client’s or other party’s compliance or noncompliance with laws or regulations. Please contact the Client directly if you have questions about their privacy practices.

4. Retention Periods

Servant retains the Personal Data we process for the period necessary to provide Platform to the Client, meet our legal obligations, and maintain our internal business records. When we no longer have a business need for your Personal Data, we will either delete, de-identify, or anonymize it whenever feasible. All Client Data is permanently deleted 30 days after termination of the Client’s subscription. Additionally, a Client may request that Servant delete its Client Data at any time during or following the Subscription Term. Where not feasible (such as data in our backup archives), we will securely store the data and keep it isolated from further processing until it can be permanently deleted. Servant reserves the right to retain Personal Data for longer periods to comply with legal obligations, resolve disputes, enforce our agreements, or other lawful purposes.

Each Client will also retain Personal Data processed through Platform according to the Client’s own retention schedule. Please contact the Client with any questions.

5. Disclosures of Personal Data

Servant does not sell Personal Data to third parties or share Personal Data for cross-context behavioral advertising purposes. Servant may disclose any of the Personal Data we process to the recipients described below, or to other recipients with the Client’s or consumer’s permission or as required by law:

• The Client. Client Data is owned by the Client. All Personal Data included in Client Data is accessible and readily available to the Client. Servant provides the Client with access to the Client Data as a data processor or service provider to the Client.

• AI Agent. The AI Agent feature on the Services is made possible through our relationship with a third-party AI service provider. Chat messages and other Inputs to the AI Agent may be accessible simultaneously and in real-time by that third-party service provider. By initiating or continuing a conversation with an AI Agent, you consent to our third-party service provider accessing your chats. If you do not consent to such access to your chats, you should not initiate or participate in a chat on the Services.

• Our Service Providers. Servant uses a variety of service providers such as data hosting companies, AI technology providers, third-party chat services, and payment processors. The type of information that we share with a service provider will depend on the service that the service provider provides to Servant. Our service providers are subject to contractual agreements that protect your Personal Data, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Data and to use Personal Data only for the specific purposes for which it was disclosed.

• Business Transitions. Under specific circumstances, we may disclose Personal Data to certain third parties as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or asset sale); to comply with a legal requirement or a court order; when we believe it is appropriate to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.

• Legal Requirements. Occasionally we may be required by law enforcement or judicial authorities to provide Personal Data to governmental authorities. We fully cooperate with law enforcement agencies in identifying those who use our Services for illegal activities. Servant reserves the right to disclose Personal Data to law enforcement and other governmental agencies at our sole discretion in connection with an investigation of any matter that is illegal or that could expose us or our affiliates to liability.

• No Sale, Sharing, or AI Training. Servant will never sell Personal Data or share it with third parties for cross-contextual behavioral advertising purposes. Servant does not permit its AI technology providers to use Client Data to train AI technologies, nor do we work with any service providers that sell or share the Personal Data we process.

• Aggregated and Deidentified Information. We reserve the right to use and disclose to third parties fully anonymized, deidentified, or aggregated data generated using Personal Data to assist with our research, marketing, advertising, or other purposes. For example, we may share reports showing trends about the general use of our Services without identifying an individual.

6. Owned & Operated in the United States

Servant is owned and operated in the United States and provides the Services subject to United States law. However, it is possible that Clients or their End Users located outside the United States may choose to use the Services. If you access the Services from outside the United States, you understand and agree that your Personal Data will be transferred to, processed, stored, and used in the United States. When data is moved from your home country to another country, the laws that protect Personal Data in the country to which your information is transferred may be different from those of the country where you live. For example, if your Personal Data is in the United States, it may be accessed by government authorities under United States law. When transferring Personal Data across jurisdictional borders, we take measures to comply with applicable data protection laws related to such transfer, such as Standard Contractual Clauses approved by the European Commission or another applicable legally sufficient transfer mechanism.

7. Privacy Controls

This section describes your options to directly control how we collect and use your Personal Data:

• Discontinue Using Platform on the Client Website. End Users can prevent processing of their Personal Data via Platform by discontinuing use of the AI Agent and other Platform features on the Client’s website. End Users should contact the Client for support.

• Servant Emails. If you provide Servant with your email address, we may send you informational or support emails or, if you opt-in, marketing emails about our Services. If you do not wish to receive our marketing emails, you can use the Unsubscribe link in any email from Servant or send an opt-out request to legal@servant.io to be removed from our email list. Please note, however, Client points of contact cannot opt out of emails relating to the Client’s subscription, transactions, or changes to our terms and conditions or policies that may relate to the Client’s use of the Services.

• Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Our Services do not use tracking technology and do not recognize browser “do-not-track” requests.

• Privacy Requests. Depending on where you reside, you may be entitled to additional controls over your Personal Data.

Client’s End Users must contact the Client to exercise privacy rights related to the AI Agent or other Platform features that might be available through the Client’s website. Please contact the CLIENT with any questions about those privacy practices or your privacy rights.

If you are not a Client’s End User and you wish to exercise your privacy rights with Servant, or if you want to express concerns, lodge a complaint, or request information, please submit a request via our Privacy Request by email to legal@servant.io. We can only legally fulfill a Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so, such as requests that are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We endeavor to respond to privacy requests in accordance with the requirements of the law applicable to your jurisdiction. If we do not fulfill your request within the legally required timeline, you can appeal our response by contacting legal@servant.io. Additionally, residents of the United Kingdom, European Union or European Economic Area have the right to lodge a complaint with their local supervisory authority.

8. Notice of Privacy Rights

This section provides informational notices under privacy laws that require companies to inform consumers about their privacy rights. Your privacy rights depend on the country and/or state or province where you reside and how you use our Services. Depending on where you reside, you may be entitled to some or all the privacy rights listed below:

• Right to know. You have the right to know how we collect and process Personal Data. We provide the required information for a consumer’s right to know in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Data on our Site, through Platform, or via email.

• Right to reasonable expectations. You can expect us to collect, use or disclose Personal Data responsibly and not for any purpose other than what is described in this Privacy Policy. We process Personal Data with your consent, to provide Services to our Clients, or for other lawful bases as described in this Privacy Policy.

• Right to accuracy, and the right to correct your Personal Data. Some privacy laws provide a right to the accuracy of Personal Data stored on information systems. If you become aware that the Personal Data that we have on file about you is incorrect, or if your information changes, please inform us and we will update our records.

• Right to access your Personal Data. You may have the right to request confirmation that we have collected Personal Data about you and that we provide you with access to that Personal Data. Certain laws may prohibit us from disclosing specific pieces of Personal Data or we may be limited in the number or frequency of requests we must fulfill.

• Right to deletion. You may have the right to request that we delete or dispose of your Personal Data on our systems, with certain exceptions. If you request deletion of your Personal Data, we will relay the request to the applicable Client or, if Servant is the data controller, we will permanently delete, deidentify, or aggregate your Personal Data to fulfill your request.

• Right to data portability. In some cases, upon your request, we must provide your Personal Data to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.

• No selling or sharing Personal Data. Some jurisdictions entitle consumers to opt out of the sale or sharing of their Personal Data or targeted advertising practices. Servant does not sell any Personal Data or share Personal Data with third parties for cross-contextual behavioral advertising purposes in relation to the Services. Servant does not control its Client’s privacy practices. Please contact the Client to inquire about any sale or sharing of Personal Data by the Client.

• No automated decision-making or profiling. We do not use automated decision-making or any form of automated processing of Personal Data to evaluate, analyze, or predict your performance, preferences, choices, or behavior. Servant does not control its Client’s privacy practices. Please contact the Client to inquire about any automated decision-making the Client may conduct through Platform or otherwise.

• Limited use and disclosure of sensitive Personal Data. Servant does not intend to collect any sensitive Personal Data. Clients may permit their End Users to submit sensitive Personal Data to the Services via the Client website. In any case, Servant will not use or disclose sensitive Personal Data to infer characteristics about a consumer. Please contact the Client with questions about how the Client uses your sensitive Personal Data.

• Right to object. You may have the right to request, under certain circumstances and where we are required to do so by law, that we limit our processing of your Personal Data as you request.

• Right to restrict processing. You may have the right to request that Servant restricts the processing of your Personal Data if (i) the data is inaccurate, (ii) the processing is unlawful, (iii) we no longer need the Personal Data, or (iv) you exercise your right to object. Note that, under some laws, your right to restrict processing may be limited to Personal Data that is sensitive in nature, or that is sold or shared for certain purposes.

• Right to non-discrimination. If you reside in a jurisdiction that extends a right to non-discrimination related to the exercise of privacy rights, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, (iv) retaliate against you as an employee, applicant for employment, or independent contractor; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised your statutory right unless permitted by law.

• Health Data Rights. The Services are not designed to process health data. The Client or End Users may choose to include health data in the Client Data, which Servant then processes as a data processor or service provider to the Client. Some laws entitle consumers to certain details about health data collected about them, including (i) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (ii) a method to withdraw consent related to use of health data, and (iii) the right to have their health data be deleted.

• Right to disclosure. You may request that we provide you with certain details about our collection and use of your Personal Data, such as: (i) the categories of Personal Data we have collected about you; (ii) the categories of sources for the Personal Data we have collected about you; (iii) categories of our team members who have access to your Personal Data and our business purpose for collecting, using, processing, sharing or selling that Personal Data, as applicable; (iv) the categories of third parties with whom we share that Personal Data; and (v) if we sold or shared your Personal Data under a privacy law that governs those transactions, two separate lists stating: (y) sales or sharing, identifying the Personal Data categories that each category of recipient purchased; and (z) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.

• Right to marketing information. If you are a resident of the State of California, California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California consumers to request certain disclosures regarding Personal Data sharing with affiliates and/or third parties for marketing purposes.

Please direct any questions or requests to exercise these rights related to your use of Platform or our other Services to legal@servant.io. Note that we do not have access to or any control over your Personal Data processed by a Client. Please contact the Client with any questions about those privacy practices or the exercise of your privacy rights.

9. Data Security

Servant implements reasonable and appropriate security procedures and practices to help protect Personal Data on our systems from unauthorized or illegal access, destruction, use, modification, or disclosure. We employ a series of security measures, including, but not limited to, TLS encryption at rest, access controls, authentication requirements, formalized incident response procedures, and regular security assessments. Servant personnel only have access to Personal Data on our systems as needed to perform their job duties, and we ensure that all personnel who are responsible for handling Personal Data and privacy inquiries are informed of applicable privacy law requirements.

Please note, however, that the security of your Personal Data largely rests with the Client and no data transmission or storage of data is 100% secure. Servant cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Data for improper purposes. It is the Client’s responsibility to keep Client Data secure from unauthorized access. We encourage Clients and End Users to take steps to protect against unauthorized access to Client Data, such as choosing a robust password, not sharing login credentials with others, and signing off after completing a session. If you suspect a security incident or vulnerability related to the Services, please contact legal@servant.io.

10. Third Party Websites

This Privacy Policy only applies to Servant’s Services. No website operated by a third party is covered by this Privacy Policy, even websites of our Clients or other websites that may be accessible via a link on our Services. If you click a link on the Services, you may be redirected to a third-party website with privacy practices that differ from ours. If you submit Personal Data to any third-party websites, your information is governed by the privacy policies of those third parties and Servant has no control over their privacy practices. You are encouraged to familiarize yourself with the privacy practices of these third parties before submitting your Personal Data.

11. Changes & Updates

Servant may periodically update this Privacy Policy. If we make any material changes, we will notify you by updating this posting or by posting notice in the Services. Your continued use of the Services after the “Last Updated” date above will constitute your acceptance of and agreement to be bound by the posted version of this Privacy Policy. For material changes that require consent under applicable law, we will obtain your consent before the changes take effect. You are responsible for periodically checking this Privacy Policy for changes. If you do not agree to our privacy practices as described in the current version of this Privacy Policy, you should not use the Services.

12. Contact Servant

If you have questions about our privacy practices or would like to make a complaint, please contact Servant at legal@servant.io or by mail at Servus Consulting Partners, LLC dba Servant, 108 Fourth Ave South, Suite 207, Franklin, TN 37064.