Terms of Service

Last Updated: March 31, 2022

See previous version here

ICONIQ’s Terms of Service (“Terms”) govern your use of Kuki, and the software, content, and services (collectively, “Services”) offered through ICONIQ: our websites www.iconiq.aiwww.kuki.aiwww.kuki.bot , and any subdomains or aliases that redirect (the “Website”), streaming or social media channels (“Social Networking Services”), and any mobile applications including third party Messaging Applications (the “Apps”).

Please read these terms carefully before you start using the Services.

The terms “ICONIQ,” “us” or “we” refers to a brand owned and operated by Pandorabots Inc., a software company who designed and built Kuki, incorporated in Delaware, and operationally headquartered in San Francisco, CA, with various offices internationally.

The term “device” refers to the device which is used to access the Services including but not limited to computers, smartphones and tablets.

The term “you” refers to the user of the Services.

When you sign up for any of the Services or otherwise use or access them, you agree to be bound by these Terms and all applicable laws, rules, and regulations. By using the Services, you indicate that you accept these Terms and that you agree to abide by them. If you do not agree to these Terms, please refrain from using the services.

Our contact email address is support@iconiq.ai . All correspondence to ICONIQ including any queries you may have regarding your use of the Services or these Terms should be sent to this contact email address.

PLEASE NOTE THAT THESE TERMS CONTAIN AN ARBITRATION CLAUSE. EXCEPT FOR CERTAIN TYPES OF DISPUTES MENTIONED IN THE ARBITRATION CLAUSE, YOU AND ICONIQ AGREE THAT DISPUTES RELATING TO THESE TERMS OR YOUR USE OF THE SERVICES WILL BE RESOLVED BY MANDATORY BINDING ARBITRATION, AND YOU AND ICONIQ WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION.

1. OUR SERVICES

ICONIQ offers an interactive chatbot, or “Conversational Artificial Intelligence,” called Kuki, accessible through text, voice, and a conversational avatar on various channels including web, SMS, social media, OTT messaging apps, and native apps.

1.1. Medical disclaimer

ICONIQ is a provider of software, and not a healthcare or medical device provider, nor should our Services be considered medical care, mental health services or other professional services. Only your physician or other healthcare providers can do that. While there is third party evidence from research that certain conversation techniques implemented in ICONIQ can assist in the recovery process for a wide array of conditions, ICONIQ makes no claims, representations or guarantees that the Services provide a therapeutic benefit.

1.2. Emergencies

Use of the Services is not for emergencies. If you think you have a medical or mental health emergency, call 911 or your local emergency services or go to the nearest open clinic or emergency room.

If you are considering committing suicide or feel that you are a danger to yourself or others, you must discontinue use of the Services immediately, call 911 or notify appropriate police or emergency medical personnel as applicable to your location.

1.3. Modifications to the Services

We reserve the right to modify or discontinue, temporarily or permanently, the Services (or any part thereof) with or without notice. You agree that ICONIQ will not be liable to you or to any third party for any modification, suspension or discontinuance of any of the Services.

2. MEMBERSHIP

2.1. Becoming a member

You will be required to register (“create an account”) with ICONIQ and become a ICONIQ Member in order to access and use some of the Services. If you choose to register for the Services, you agree to provide and maintain true, accurate, current and complete information about yourself as prompted by the registration forms. Registration data and certain other information about you are governed by our Privacy Policy.

2.2. Once a member

You are responsible for maintaining the confidentiality of your password and account, if any, and are fully responsible for any and all activities that occur under your password or account. You agree to immediately notify ICONIQ of any unauthorized use of your password or account or any other breach of security. ICONIQ will not be liable for any loss or damage arising from your failure to comply with this Section.

2.3. Your membership

As a ICONIQ Member, you will receive access to content, features, and functions of the Services that are not available to non-members.

By agreeing to become a Member you opt-in to receive occasional special offers, marketing, survey, and Services-based communication emails or texts. You can easily unsubscribe from ICONIQ commercial communications by following the opt-out instruction in these messages. ICONIQ memberships are not transferable and therefore cannot be sold or exchanged or transferred in any way whatsoever.

2.4. Payments

Your ICONIQ Membership is free by default, but Members may optionally make one-time or recurring payments through the ICONIQ apps. All payments unless otherwise noted are securely processed through a third-party partner, Stripe, and subject to their terms.

Any recurring payments (“Subscriptions”) shall be paid in monthly installments unless otherwise noted. Failure to pay within seven days after a due date may result in seizure or suspension of the purchased items or services. Members may cancel recurring payments at any time, but we do not prorate or offer refunds for partial-months. 

All sales are final, including for one-time purchases, and refunds will not be provided.

2.5. Device requirements

To enjoy ICONIQ via your smartphone or other Device, your Device must satisfy certain system requirements. We do not guarantee that the Services will work universally on all Devices. Support for Devices may change, and we may remove Device compatibility at any time.

3. CANCELLATION OF SERVICES

3.1. Cancellation by you

You may cancel your Membership at any time by deleting your account. This action is irreversible. As soon as you delete your account, all the data associated with your use of the Services may be removed permanently with no guarantee of being restored.

3.2. Cancellation by us

We may suspend or terminate your use of the Services as a result of your fraud or breach of any obligation under these Terms. Such termination or suspension may be immediate and without notice.

4. GENERAL PRACTICES REGARDING USE AND STORAGE

You acknowledge that we may establish general practices and limits concerning use of the Services, including without limitation the maximum period of time that data or other content will be retained by the Services and the maximum storage space that will be allotted on our servers on your behalf. You agree that ICONIQ has no responsibility or liability for the deletion or failure to store any data or other content maintained or uploaded by the Services. You acknowledge that we reserve the right to terminate accounts that are inactive for an extended period of time. You further acknowledge that we reserve the right to change these general practices and limits at any time, in its sole discretion, with or without notice.

5. MOBILE SERVICES

Some of our Services are available via a mobile device, including (i) the ability to upload content to the Services via a mobile device, (ii) the ability to browse the Services and the Website from a mobile device and (iii) the ability to access certain features through an application downloaded and installed on a mobile device and (iv) the ability to access certain content and features on social media or OTT messaging channels (collectively, the “Mobile Services”). To the extent you access the Services through a mobile device, your wireless service carrier’s standard charges, data rates, and other fees may apply.

In addition, downloading, installing, or using certain Mobile Services may be prohibited or restricted by your carrier, and not all Mobile Services may work with all carriers or devices. By using the Mobile Services, you agree that we may communicate with you regarding ICONIQ and other entities by SMS, MMS, text message or other electronic means to your mobile device and that certain information about your usage of the Mobile Services may be communicated to us.

In the event you change or deactivate your mobile telephone number, you agree to promptly update your ICONIQ account information to ensure that your messages are not sent to the person that acquires your old number.

6. CONDITIONS OF USE

6.1. User conduct

You are solely responsible for all code, video, images, information, data, text, software, music, sound, photographs, graphics, messages or other materials (“content”) that you upload, post, publish or display (hereinafter, “upload”) or email or otherwise use via the Services. The following are examples of the kind of content and/or use that is illegal or prohibited by ICONIQ. We reserve the right to investigate and take appropriate legal action against anyone who, in our sole discretion, violates this provision, including without limitation, removing the offending content from the Services, suspending or terminating the account of such violators and reporting you to the law enforcement authorities. You agree to not use the Services to:

  • Email or otherwise upload any content that (i) infringes any intellectual property or other proprietary rights of any party; (ii) you do not have a right to upload under any law or under contractual or fiduciary relationships; (iii) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (iv) poses or creates a privacy or security risk to any person; (v) constitutes unsolicited or unauthorized advertising, promotional materials, commercial activities and/or sales, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” “contests,” “sweepstakes,” or any other form of solicitation; (vi) is unlawful, harmful, threatening, abusive, harassing, tortious, excessively violent, defamatory, vulgar, obscene, pornographic, libelous, invasive of another’s privacy, hateful racially, ethnically or otherwise objectionable; or (vii) in the sole judgment of ICONIQ, is objectionable or which restricts or inhibits any other person from using or enjoying the Services, or which may expose ICONIQ or its users to any harm or liability of any type;

  • Interfere with or disrupt the Services or servers or networks connected to the Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Services; or

  • Violate any applicable local, state, national or international law, or any regulations having the force of law;

  • Impersonate any person or entity, or falsely state or otherwise misrepresent your affiliation with a person or entity;

  • Solicit personal information from anyone under the age of 18;

  • Harvest or collect email addresses or other contact information of other users from the Services by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications;

  • Advertise or offer to sell or buy any goods or services for any business purpose that is not specifically authorized;

  • Further or promote any criminal activity or enterprise or provide instructional information about illegal activities; or

  • Obtain or attempt to access or otherwise obtain any materials or information through any means not intentionally made available or provided for through the Services.

6.2. Special notice for international use; Export controls

Software (defined below) available in connection with the Services and the transmission of applicable data, if any, is subject to United States export controls. No Software may be downloaded from the Services or otherwise exported or re-exported in violation of U.S. export laws. Downloading or using the Software is at your sole risk. Recognizing the global nature of the Internet, you agree to comply with all local rules and laws regarding your use of the Service, including as it concerns online conduct and acceptable content.

6.3. Commercial use

The Service is for your personal use only. Unless otherwise expressly authorized herein or in the Services, you agree not to display, distribute, license, perform, publish, reproduce, duplicate, copy, create derivative works from, modify, sell, resell, exploit, transfer or upload for any commercial purposes, any portion of the Services, use of the Services, or access to the Services.

6.4. Use of ICONIQ by minors

If you are under 13 years of age, you are not authorized to use the Services, with or without registering. In addition, if you are under 18 years old, you may use the Services, with or without registering, only with the approval of your parent or guardian.

7. THIRD PARTY LEGAL INFORMATION

These Terms apply to your use of all the Services, including any services delivered over Third Party owned applications such as Instagram, Facebook, Telegram, Whatsapp, WeChat, Kik, or others, but the following additional terms also apply to the Applications:

  • Both you and ICONIQ acknowledge that these Terms are exclusive to between you and ICONIQ only, and not with any Third Parties, and that Third Parties are not responsible for the Services or the Content;

  • You acknowledge and agree that Third Parties have no obligation whatsoever to furnish any maintenance and support services with respect to the Services;

  • You acknowledge and agree that ICONIQ has no obligation whatsoever to furnish any maintenance and support services with respect to Third Party Applications, or maintain the availability of the Services on Third Party Applications, given that Third Party terms change from time to time and including updates that may prohibit, discourage, or otherwise cause ICONIQ to remove the Services;

  • Both you and ICONIQ acknowledge and agree that, in your use of the Services, you will comply with any applicable Third Party terms which may affect or be affected by such use.

8. INTELLECTUAL PROPERTY RIGHTS

8.1. Service content, software, and trademarks

You acknowledge and agree that the Services may contain content or features (“Service Content”) that are protected by copyright, patent, trademark, trade secret or other proprietary rights and laws. Except as expressly authorized by ICONIQ, you agree not to modify, copy, frame, scrape, rent, lease, loan, sell, distribute or create derivative works based on the Services or the Service Content, in whole or in part, except that the foregoing does not apply to your own User Content (as defined below) that you legally upload to the Services. In connection with your use of the Services, you will not engage in or use any data mining, robots, scraping or similar data gathering or extraction methods. If you are blocked by ICONIQ from accessing the Services (including by blocking your IP address), you agree not to implement any measures to circumvent such blocking (e.g., by masking your IP address or using a proxy IP address). Any use of the Services or the Service Content other than as specifically authorized herein is strictly prohibited. The technology and software underlying the Services or distributed in connection therewith are the property of ICONIQ, our affiliates and our partners (the “Software”). You agree not to copy, modify, create a derivative work of, reverse engineer, reverse assemble or otherwise attempt to discover any source code, sell, assign, sublicense, or otherwise transfer any right in the Software. Any rights not expressly granted herein are reserved by ICONIQ.

The Kuki and ICONIQ names and logos are trademarks and service marks of ICONIQ (collectively the “ICONIQ Trademarks”). Other company, product, and service names and logos used and displayed via the Services may be trademarks or service marks of their respective owners who may or may not endorse or be affiliated with or connected to ICONIQ. Nothing in these Terms of Service or the Services should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any of ICONIQ Trademarks displayed on the Services, without our prior written permission in each instance. All goodwill generated from the use of ICONIQ Trademarks will inure to our exclusive benefit.

8.2. Third party material

Under no circumstances will ICONIQ be liable in any way for any content or materials of any third parties (including users), including, but not limited to, for any errors or omissions in any content, or for any loss or damage of any kind incurred as a result of the use of any such content. You acknowledge that ICONIQ does not pre-screen content, but that ICONIQ and its designees will have the right (but not the obligation) in their sole discretion to refuse or remove any content that is available via the Services. Without limiting the foregoing, ICONIQ and its designees will have the right to remove any content that violates these Terms of Service or is deemed by ICONIQ, in its sole discretion, to be otherwise objectionable. You agree that you must evaluate, and bear all risks associated with, the use of any content, including any reliance on the accuracy, completeness, or usefulness of such content.

8.3. User content transmitted through the Services

With respect to the content or other materials you upload through the Services or share with other users or recipients (collectively, “User Content”), you represent and warrant that you own all right, title and interest in and to such User Content, including, without limitation, all copyrights and rights of publicity contained therein. By uploading or generating any User Content you hereby grant and will grant ICONIQ and its affiliated companies a nonexclusive, worldwide, royalty-free, fully paid up, transferable, sublicensable, perpetual, irrevocable license to copy, display, upload, perform, distribute, store, modify and otherwise use your User Content in connection with the operation of the Services or the promotion, advertising or marketing thereof in any form, medium or technology now known or later developed.

You acknowledge and agree that any questions, comments, suggestions, ideas, feedback or other information about the Services (“Submissions”), provided by you to ICONIQ are non-confidential and ICONIQ will be entitled to the unrestricted use and dissemination of these Submissions for any purpose, commercial or otherwise, without acknowledgment or compensation to you.

You acknowledge and agree that ICONIQ may preserve content and may also disclose content if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal process, applicable laws or government requests; (b) enforce these Terms of Service; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of ICONIQ, our users and the public. You understand that the technical processing and transmission of the Services, including your content, may involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.

8.4. Copyright complaints

ICONIQ respects the intellectual property of others, and we ask our users to do the same. If you believe that your work has been copied in a way that constitutes copyright infringement, or that your intellectual property rights have been otherwise violated, you should notify ICONIQ of your infringement claim in accordance with the procedure set forth below.

We will process and investigate notices of alleged infringement and will take appropriate actions under the Digital Millennium Copyright Act (“DMCA”) and other applicable intellectual property laws with respect to any alleged or actual infringement. A notification of claimed copyright infringement should be emailed to ICONIQ’s Copyright Agent at legal@iconiq.ai (Subject line: “DMCA Takedown Request”).

To be effective, the notification must be in writing and contain the following information:

  • an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright or other intellectual property interest;

  • a description of the copyrighted work or other intellectual property that you claim has been infringed;

  • a description of where the material that you claim is infringing is located on the Services, with enough detail that we may find it on the Services;

  • your address, telephone number, and email address;

  • a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright or intellectual property owner, its agent, or the law;

  • a statement by you, made under penalty of perjury, that the above information in your Notice is accurate and that you are the copyright or intellectual property owner or authorized to act on the copyright or intellectual property owner’s behalf.

8.5. Counter-notice

If you believe that your User Content that was removed (or to which access was disabled) is not infringing, or that you have the authorization from the copyright owner, the copyright owner’s agent, or pursuant to the law, to upload and use the content in your User Content, you may send a written counter-notice containing the following information to the Copyright Agent:

  • your physical or electronic signature;

  • identification of the content that has been removed or to which access has been disabled and the location at which the content appeared before it was removed or disabled;

  • a statement that you have a good faith belief that the content was removed or disabled as a result of mistake or a misidentification of the content; and

  • your name, address, telephone number, and email address, a statement that you consent to the jurisdiction of the federal court located within the Northern District of California and a statement that you will accept service of process from the person who provided notification of the alleged infringement.

If a counter-notice is received by the Copyright Agent, ICONIQ will send a copy of the counter-notice to the original complaining party via email informing that person that it may replace the removed content or cease disabling it in 10 business days. Unless the copyright owner files an action seeking a court order against the content provider, member or user, the removed content may be replaced, or access to it restored, in 10 to 14 business days or more after receipt of the counter-notice, at our sole discretion.

Repeat Infringer Policy: In accordance with the DMCA and other applicable law, ICONIQ has adopted a policy of terminating, in appropriate circumstances and at ICONIQ’s sole discretion, users who are deemed to be repeat infringers. ICONIQ may also at its sole discretion limit access to the Services and/or terminate the memberships of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

9. THIRD PARTY WEBSITES

The Services may provide, or third parties may provide, links or other access to other sites and resources on the Internet. We have no control over such sites and resources and we are not responsible for and do not endorse such sites and resources. You further acknowledge and agree that ICONIQ will not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, events, goods or services available on or through any such site or resource. Any dealings you have with third parties found while using the Services are between you and the third party, and you agree that ICONIQ is not liable for any loss or claim that you may have against any such third party.

10. SOCIAL NETWORKING SERVICES

You may enable, connect or log in to the Services via various online third party services, such as social media and social networking services like Facebook, Instagram or Twitter (“Social Networking Services”). By logging in or directly integrating these Social Networking Services into the Services, we make your online experiences richer and more personalized. To take advantage of this feature and capabilities, we may ask you to authenticate, register for or log into Social Networking Services on the websites of their respective providers. As part of such integration, the Social Networking Services will provide us with access to certain information that you have provided to such Social Networking Services, and we will use, store and disclose such information in accordance with our Privacy Policy. However, please remember that the manner in which Social Networking Services use, store and disclose your information is governed solely by the policies of such third parties, and ICONIQ shall have no liability or responsibility for the privacy practices or other actions of any third party site or service that may be enabled within the Service or through which the Service may be accessible.

In addition, ICONIQ is not responsible for the accuracy, availability or reliability of any information, content, goods, data, opinions, advice or statements made available in connection with Social Networking Services. As such, ICONIQ is not liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Social Networking Services. ICONIQ enables these features merely as a convenience and the integration or inclusion of such features does not imply an endorsement or recommendation.

11. WARRANTY, INDEMNITY AND LIABILITY

11.1. Indemnity and release

You agree to release, indemnify and hold ICONIQ and its affiliates and their officers, employees, directors and agents (collectively, “Indemnitees”) harmless from any from any and all losses, damages, expenses, including reasonable attorneys’ fees, rights, claims, actions of any kind and injury (including death) arising out of or relating to your use of the Services, any User Content, your connection to the Services, your violation of these Terms of Service or your violation of any rights of another. Notwithstanding the foregoing, you will have no obligation to indemnify or hold harmless any Indemnitee from or against any liability, losses, damages or expenses incurred as a result of any action or inaction of such Indemnitee. If you are a California resident, you waive California Civil Code Section 1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.” If you are a resident of another jurisdiction, you waive any comparable statute or doctrine.

11.2. Disclaimer of warranties

YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.

ICONIQ MAKES NO WARRANTY THAT (I) THE SERVICE WILL MEET YOUR REQUIREMENTS, (II) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (III) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE WILL BE ACCURATE OR RELIABLE, OR (IV) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY YOU THROUGH THE SERVICE WILL MEET YOUR EXPECTATIONS.

11.3. Limitation of liability

YOU EXPRESSLY UNDERSTAND AND AGREE THAT ICONIQ WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY DAMAGES, OR DAMAGES FOR LOSS OF PROFITS INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, RESULTING FROM: (I) THE USE OR THE INABILITY TO USE THE SERVICE; (II) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE SERVICE; (III) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (IV) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICE; OR (V) ANY OTHER MATTER RELATING TO THE SERVICE. IN NO EVENT WILL ICONIQ’S TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES OR CAUSES OF ACTION EXCEED THE AMOUNT YOU HAVE PAID COMPANY IN THE LAST SIX (6) MONTHS, OR, IF GREATER, ONE HUNDRED DOLLARS ($100).

SOME JURISDICTIONS DO NOT ALLOW THE DISCLAIMER OR EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS SET FORTH ABOVE MAY NOT APPLY TO YOU OR BE ENFORCEABLE WITH RESPECT TO YOU. IF YOU ARE DISSATISFIED WITH ANY PORTION OF THE SERVICES OR WITH THESE TERMS OF SERVICE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USE OF THE SERVICES.

IF YOU ARE A USER FROM NEW JERSEY, THE FOREGOING SECTIONS TITLED “DISCLAIMER OF WARRANTIES” AND “LIMITATION OF LIABILITY” ARE INTENDED TO BE ONLY AS BROAD AS IS PERMITTED UNDER THE LAWS OF THE STATE OF NEW JERSEY. IF ANY PORTION OF THESE SECTIONS IS HELD TO BE INVALID UNDER THE LAWS OF THE STATE OF NEW JERSEY, THE INVALIDITY OF SUCH PORTION SHALL NOT AFFECT THE VALIDITY OF THE REMAINING PORTIONS OF THE APPLICABLE SECTIONS.

12. DISPUTE RESOLUTION BY BINDING ARBITRATION

12.1. Agreement to arbitrate

This Dispute Resolution by Binding Arbitration section is referred to in these Terms of Service as the “Arbitration Agreement.” You agree that any and all disputes or claims that have arisen or may arise between you and ICONIQ, whether arising out of or relating to these Terms of Service (including any alleged breach thereof), the Services, any advertising, any aspect of the relationship or transactions between us, shall be resolved exclusively through final and binding arbitration, rather than a court, in accordance with the terms of this Arbitration Agreement, except that you may assert individual claims in small claims court, if your claims qualify. Further, this Arbitration Agreement does not preclude you from bringing issues to the attention of federal, state, or local agencies, and such agencies can, if the law allows, seek relief against us on your behalf. You agree that, by entering into these Terms of Service, you and ICONIQ are each waiving the right to a trial by jury or to participate in a class action. Your rights will be determined by a neutral arbitrator, not a judge or jury. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement.

12.2. Prohibition of class and representative actions and non-individualized relief

YOU AND ICONIQ AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. UNLESS BOTH YOU AND ICONIQ AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON’S OR PARTY’S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S).

12.3. Pre-arbitration dispute resolution

ICONIQ is always interested in resolving disputes amicably and efficiently, and most customer concerns can be resolved quickly and to the customer’s satisfaction by emailing customer support at support@iconiq.ai . If such efforts prove unsuccessful, a party who intends to seek arbitration must first send to the other, by certified mail, a written Notice of Dispute (“Notice”). The Notice to ICONIQ should be sent to legal@iconiq.ai  (“Notice Address”). The Notice must (i) describe the nature and basis of the claim or dispute and (ii) set forth the specific relief sought. If ICONIQ and you do not resolve the claim within sixty (60) calendar days after the Notice is received, you or ICONIQ may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by ICONIQ or you shall not be disclosed to the arbitrator until after the arbitrator determines the amount, if any, to which you or ICONIQ is entitled.

12.4. Arbitration procedures

Arbitration will be conducted by a neutral arbitrator in accordance with the American Arbitration Association’s (“AAA”) rules and procedures, including the AAA’s Supplementary Procedures for Consumer-Related Disputes (collectively, the “AAA Rules”), as modified by this Arbitration Agreement. For information on the AAA, please visit its website, http://www.adr.org. Information about the AAA Rules and fees for consumer disputes can be found at the AAA’s consumer arbitration page, http://www.adr.org/consumer_arbitration. If there is any inconsistency between any term of the AAA Rules and any term of this Arbitration Agreement, the applicable terms of this Arbitration Agreement will control unless the arbitrator determines that the application of the inconsistent Arbitration Agreement terms would not result in a fundamentally fair arbitration. The arbitrator must also follow the provisions of these Terms of Service as a court would. All issues are for the arbitrator to decide, including, but not limited to, issues relating to the scope, enforceability, and arbitrability of this Arbitration Agreement. Although arbitration proceedings are usually simpler and more streamlined than trials and other judicial proceedings, the arbitrator can award the same damages and relief on an individual basis that a court can award to an individual under the Terms of Service and applicable law. Decisions by the arbitrator are enforceable in court and may be overturned by a court only for very limited reasons.

Unless ICONIQ and you agree otherwise, any arbitration hearings will take place in Northern California. If the parties are unable to agree on a location, the determination shall be made by AAA. If your claim is for $10,000 or less, ICONIQ agrees that you may choose whether the arbitration will be conducted solely on the basis of documents submitted to the arbitrator, through a telephonic hearing, or by an in-person hearing as established by the AAA Rules. If your claim exceeds $10,000, the right to a hearing will be determined by the AAA Rules. Regardless of the manner in which the arbitration is conducted, the arbitrator shall issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the award is based.

12.5. Costs of arbitration

Payment of all filing, administration, and arbitrator fees (collectively, the “Arbitration Fees”) will be governed by the AAA Rules.

12.6. Confidentiality

All aspects of the arbitration proceeding, and any ruling, decision, or award by the arbitrator, will be strictly confidential for the benefit of all parties.

12.7. Severability

If a court or the arbitrator decides that any term or provision of this Arbitration Agreement (other than the subsection titled “Prohibition of class and representative actions and non-individualized relief” above) is invalid or unenforceable, the parties agree to replace such term or provision with a term or provision that is valid and enforceable and that comes closest to expressing the intention of the invalid or unenforceable term or provision, and this Arbitration Agreement shall be enforceable as so modified. If a court or the arbitrator decides that any of the provisions of the subsection titled “Prohibition of class and representative actions and non-individualized relief” are invalid or unenforceable, then the entirety of this Arbitration Agreement shall be null and void. The remainder of the Terms of Service will continue to apply.

12.8. Future changes to the arbitration agreement

Notwithstanding any provision in these Terms of Service to the contrary, ICONIQ agrees that if it makes any future change to this Arbitration Agreement (other than a change to the Notice Address) while you are a user of the Services, you may reject any such change by sending ICONIQ written notice within thirty (30) calendar days of the change to the Notice Address provided above. By rejecting any future change, you are agreeing that you will arbitrate any dispute between us in accordance with the language of this Arbitration Agreement as of the date you first accepted these Terms of Service (or accepted any subsequent changes to these Terms of Service).

13. GENERAL CONDITIONS

13.1. Termination

You agree that ICONIQ, in its sole discretion, may suspend or terminate your account (or any part thereof) or use of the Service and remove and discard any content within the Service, for any reason, including, without limitation, for lack of use or if ICONIQ believes that you have violated or acted inconsistently with the letter or spirit of these Terms of Service. Any suspected fraudulent, abusive or illegal activity that may be grounds for termination of your use of Service, may be referred to appropriate law enforcement authorities. ICONIQ may also in its sole discretion and at any time discontinue providing the Service, or any part thereof, with or without notice. You agree that any termination of your access to the Service under any provision of these Terms of Service may be effected without prior notice, and acknowledge and agree that ICONIQ may immediately deactivate or delete your account and all related information and files in your account and/or bar any further access to such files or the Service. Further, you agree that ICONIQ will not be liable to you or any third party for any termination of your access to the Service.

13.2. User disputes

You agree that you are solely responsible for your interactions with any other user in connection with the Service and ICONIQ will have no liability or responsibility with respect thereto. ICONIQ reserves the right but has no obligation to become involved in any way with disputes between you and any other user of the Service.

13.3. Entire agreement

These Terms of Service constitute the entire agreement between you and ICONIQ and govern your use of the Service, superseding any prior agreements between you and ICONIQ with respect to the Services. You also may be subject to additional terms and conditions that may apply when you use affiliate or third-party services, third-party content or third-party software.

13.4. Choice of law

These Terms of Service will be governed by the laws of the State of California without regard to its conflict of law provisions. With respect to any disputes or claims not subject to arbitration, as set forth above, you and ICONIQ agree to submit to the personal and exclusive jurisdiction of the state and federal courts located within San Francisco County, California. The failure of ICONIQ to exercise or enforce any right or provision of these Terms of Service will not constitute a waiver of such right or provision. If any provision of these Terms of Service is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision, and the other provisions of these Terms of Service remain in full force and effect. You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of the Services or these Terms of Service must be filed within one (1) year after such claim or cause of action arose or be forever barred. A printed version of this agreement and of any notice given in electronic form will be admissible in judicial or administrative proceedings based upon or relating to this agreement to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. You may not assign these Terms of Service without the prior written consent of ICONIQ, but ICONIQ may assign or transfer these Terms of Service, in whole or in part, without restriction. The section titles in these Terms of Service are for convenience only and have no legal or contractual effect. Notices to you may be made via either email or regular mail. The Service may also provide notices to you of changes to these Terms of Service or other matters by displaying notices or links to notices generally on the Service.

14. YOUR PRIVACY

At ICONIQ, we respect the privacy of our users. For details please see our Privacy Policy . By using the Service, you consent to our collection and use of personal data as outlined therein.

QUESTIONS? Please email legal@iconiq.ai  to report any violations of these Terms of Service or to ask us any questions regarding these Terms of Service or our Services.

Privacy Policy

Last Updated: September 24, 2020

ICONIQ (“ICONIQ”, “we”, “us” and/or “our”), a Pandorabots, Inc. brand, operates the website www.ICONIQ.aiwww.kuki.ai , www.kuki.bot and its subdomains (the “Website”), the Conversational Artificial Intelligence Kuki ( “Kuki”) and other related services (collectively, the “Services”).

We are committed to protecting your privacy. This Privacy Policy describes how we collect, store, use and distribute information through our Services in terms of the General Data Protection Regulation (GDPR). Please read this Privacy Policy carefully. By starting to use our Services, you consent to this Privacy Policy.

We care about the protection and confidentiality of your data. We therefore only process your data to the extent that:

  • It is necessary to provide the ICONIQ services you are requesting,

  • You have given your consent to the processing, or

  • We are otherwise authorized to do so under the data protection laws.

By using or accessing the services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you at this moment consent that we will collect, use, and share your information in the following ways.

Remember that your use of ICONIQ’s services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in Terms of Service .

1. Information we collect and process

Here we list all the types of personal information we collect and store throughout your experience with Kuki. Some of this information may be shared with service providers who help us deliver your experience with Kuki, each of such service is explained below.



We DO NOT knowingly store or collect special categories of personal data under General Data Protection Regulation (EU GDPR) or medical information or Protected Health Information (PHI), defined under the US law  as any information about the health status, the physical and psychological development of individuals, as well as any other information contained in medical prescriptions, recipes, records, certificates and other medical documentation . We discourage you from communicating this information to Kuki through conversation so that this information doesn’t become part of your chat history.

We collect information you intentionally provide through the Services (such as your profile information that you provide upon registration, in conversation, or other profile modifications), as well as some technical information coming from your mobile device or web browser.



1.1. What personal data you provide

When you start using Kuki and throughout your experience with our Services we may collect, and you may provide, your personal data. The following table covers the types of personal data that you may provide and we may collect:

Personal information

Why we need the data

When it is collected

Name

To enable Kuki to personalize your conversation by addressing you by name.

In text chat with Kuki, when you create an account or when you edit your profile.

Other profile information

To personalize conversations with Kuki. This may include your age, gender, location, etc., or other information you have chosen to provide to a third party messaging application that makes it available to us as permitted by their policies.

When you create or edit your profile

Email

To enable you to log in using your email and restore your password in case you forget it.

When you create an account

Information that you provide during your conversations with Kuki

To personalize your conversations with Kuki. This could be things like details of your family, pets, hobbies, favorite food, music, colour etc. None of this is mandatory.

In conversations with Kuki

Messages you send to Kuki

To improve Kuki’s responses and the quality of your chat experience.

In conversations with Kuki

Usage data

We collect and store your usage data, such as button clicks or search queries, to track and analyze product metrics and to better understand and serve the users of the Services.

When you interact with the Kuki or the Website

1.2. Sharing of conversations with other parties

In the course of promoting, marketing, or demonstrating Kuki or the Services, or in the course of research being conducted with third party partners such as academic institutions, ICONIQ may produce and distribute incidental depictions, including screenshots or other content such as anonymized extracts of conversations. Any Personally Identifying Information (“PII”) will be excluded or redacted from such materials..

1.3. Device information

As described below, we collect certain information from and about the computers, phones, and other web-connected devices that you access Kuki from. We combine this information across different devices you use.

The device information also helps us conduct user research across our customer demographics, interests and behavior. We use this information to aggregate user statistics in order to improve our services and to describe our services to current and prospective business partners, and to other third parties for other lawful purposes. None of these aggregated statistics may identify you personally.

Device information

Description

Device attributes

Information such as the operating system, hardware, and software versions, browser type.

Identifiers

Unique identifiers, such as your device ID.

Data from device settings

Information you allow us to receive through device settings you turn on, such as access to your camera or photos.

Network and connections

Information such as the name of your mobile operator or ISP, language, time zone.

Cookie data

Data from cookies stored on your device, including cookie IDs and settings (only for the Website). Learn more about how we use cookies in the “Cookies” section.

1.4. Cookies

In operating the Services, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services.

Our cookies help provide additional functionality to the Services and help us analyze Services usage more accurately. For instance, our Site may set a cookie on your browser that allows you to access the Services without needing to login more than once during a visit to the Site.

We may also allow third party service providers to use cookies or similar technologies to collect information about your activities on our website or in our mobile apps following your use of the Services.

In all cases in which we use cookies, we will not collect Personal Data except with your permission. I n addition, you may restrict the cookies from the settings of your web browser.  We recommend that you leave cookies turned on, as they allow you to take advantage of some of the Service features.

2. With whom we share your personal information

We may redact or anonymize your personal data so that you are not individually identified to improve our services or provide that information to our partners. We also may combine your de-identified information with that of other users to create aggregate de-identified data that may be disclosed to third parties who may use such information to understand how often and in what ways people use our services, so that they, too, can provide you with an optimal experience.

For the purposes of complying with legislative requirements, court acts or other public authorities instructions, we may need to access, read, preserve, and disclose any information; we can do that if we reasonably find it necessary to apply our Terms of Service and other agreements; or protect the rights, property, or safety of Kuki, ICONIQ, our employees, our users, or others. Subject to applicable law, you will be duly notified of such processing activities.

Personal Data is collected for the following purposes and using the following services:

2.1. Third party tracking and analytics

The services contained in this section help us monitor and analyze online traffic and can be used to keep track of User behavior.

Service

Description

Data used

Additional links

Google Analytics

Online analytics service provided by Google.

Cookies, Usage data, Device information, Demographic data, Retention

Privacy Policy

Facebook Analytics

Online analytics service provided by Facebook for Instagram and other properties

Cookies, Usage data, Device information, Demographic data, Retention

Data Policy

2.2. Marketing and communication services

Users who provide their email and/or phone number might be contacted for commercial or promotional purposes related to ICONIQ, as well as for fulfilling support requests. Users that have accessed Kuki via text messaging (SMS) and accepted the Terms of Service  will have automatically provided their phone number as part of this process.

2.3. Hosting and Backend infrastructure

This type of service has the purpose of hosting data and files that enable our Services to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of the Services.

Service

Description

Data used

Additional links

Amazon Web Services

Amazon Web Services is a hosting service provided by Amazon.com, Inc.

Various types of Data as specified in the privacy policy of the service.

Privacy Policy

2.4. Protection of ICONIQ and others

We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of ICONIQ, our employees, our users, or others.

3. How we use and protect your information

We use a variety of industry-standard security technologies and procedures to help protect your data from unauthorized access, use, or disclosure. Please see our Security Policy  for details. While we use reasonable commercial efforts to protect the data, no technology, data transmission or system can be guaranteed to be 100% secure. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your data, we will notify you as soon as possible.

4. Where we store your data

We store all your data on a secure Cloud server which is fully encrypted. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.  If you are located in another jurisdiction, please be aware that the information you provide to us may be transferred to, stored and processed in the United States of America. By using our services or providing us with any information, you consent to this transfer, processing, and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen.

5. Data retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

6. Your data protection rights

As a Kuki user, you have the following data protection rights, depending on the circumstances of the specific case:

  • Disclosure To receive information about your personal data processed by us and to request access to your personal data and/or copies of these data. This includes information on the purpose of use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.

  • Correction, deletion or limitation of processing To request the correction, deletion or limitation of the processing of your personal data, e.g. by sending us an email. If (i) the data are incomplete or incorrect, (ii) they are no longer necessary for the purposes for which they were collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully exercised your right to object to data processing; in cases where data is processed by third parties, we will forward your requests for correction, deletion or limitation of the processing to these third parties, unless this proves impossible or involves a disproportionate effort.

  • Opposition to the processing To object to the processing for reasons arising from your particular situation.

  • Refusal and revocation of consent To refuse your consent or – without affecting the legality of data processing prior to the revocation – to revoke your consent to the processing of your personal data at any time.

  • Automatic decisions To require that you be subject to a decision based exclusively on automated processing only in the exceptional cases provided by law, if that decision has legal effect against you or significantly affects you in a similar manner; should such an automated decision take place in exceptional cases, you have the right to obtain information on the logic involved and the scope of the intended effects.

  • Right of appeal Communicate with and, if necessary, complain to the data protection supervisory authority.

Contact us at legal@iconiq.ai with any data protection requests. We may require materials to show that you are the individual associated with the data.

7. How to delete your data

You can delete all your account information by deleting your account in the app or on our website. Contact us at legal@iconiq.ai  for any data deletion requests. We may require materials to show that you are the individual associated with the account.

8. Use of Services by children

We do not knowingly collect Personal Data from children under the age of 13 and do not target our Services to children under 13. If you are under thirteen, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data through any of our Services without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us, and we will endeavor to delete that information from our databases.

9. Changes to Privacy Policy

The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. We encourage you to periodically review this page for the latest information on our privacy practices. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

Security Policy

Last Updated: September 24, 2020


At ICONIQ the security of our platform, your data, and your customers’ data is critically important to us. We adhere to industry standard policies, outlined below. For any questions, concerns, or to report a vulnerability, please email us at support@iconiq.com.

Information Security Management Program

ICONIQ maintains a comprehensive Information Security Management Program. Internal policies include:

  • Incident Response Plan

  • Information Security Roles and Responsibilities

  • Clean Desk Policy

  • Computer and Email Usage Policy

  • Internet Usage Policy

  • Password Protection Policy

  • Social Media Usage Policy

All ICONIQ personnel undergo background checks, and privacy and security training with respect to these policies, including training on the OWASP Top 10  application security risks. The NIST CyberSecurity Framework (NIST CSF), developed by the U.S National Institute of Standards and Technology, is used to guide and manage our cybersecurity-related risks.

Infrastructure and Network Security

Servers

ICONIQ hosts all of our production services on Amazon Web Services (AWS). The AWS data centers are equipped with multiple levels of physical access barriers, that include:

  • Alarms

  • Outer Perimeter Fencing that is crash-rated for vehicles

  • Electronic Access Cards

  • Video Surveillance

  • Internal Trip-Lights

Please refer to Amazon’s AWS Security Whitepaper  for more details. ICONIQ staff do not have physical access to AWS services, nor do we run our own production servers, DNS servers, data centers, network equipment, storage, databases, autoscalers, or load balancers.

The TLS certificates for our production servers are 2048 bit RSA, signed with SHA256. We use firewalls, security groups, and IP address whitelisting to limit access to servers and databases. We implement Distributed Denial of Service (DDoS) mitigation by conforming to AWS resilient reference architectures through the use of AWS Shield, Route53, auto scaling, and load balancers. We follow industry best practices by using strong cipher suites on our servers.

The physical location (region) of AWS servers depends on where Kuki and any associated chatbot network instances are deployed. Amazon does not disclose the precise address of their data centers for security purposes. Generally, data is processed and stored in the US, but we can run on AWS instances in the EU if deemed necessary.

We run currently active LTS Ubuntu on all our servers and use a combination of automated and manual inspection to determine if new vulnerabilities are introduced in the software packages on our systems. We use AWS Inspector on a weekly scanning routine to automatically alert to new security vulnerabilities. Our platform team ingests these alerts and prioritizes remediation according to our internal Security Vulnerability Identification documentation.

Logical Access Control

ICONIQ maintains full control over its AWS infrastructure, and only authorized personnel have access to configure infrastructure for incident response or adding new functionality as needed, according to principles of least privilege.

Penetration Testing

ICONIQ undergoes regular penetration testing by independent third parties provided with an overview of the application architecture and system endpoints. Results are reported to ICONIQ senior management, and used to set mitigation and remediation priorities. Select Enterprise Clients may be permitted contractually to access the results of routine penetration tests, or commission their own independent third party tests.

Third-Party Audits

Amazon Web Services undergoes third-party independent audits and can provide verification of compliance controls, including but not limited, to: ISO 270001 , SOC 2 , and PCI .

Intrusion Detection

ICONIQ employs industry standard intrusion detection and prevention systems which alert us to any suspicious activity. All activity is closely monitored via AWS tools and Zabbix monitoring software. Any alerts are then investigated, escalated, and responded to accordingly.

Backup and Disaster Recovery Procedures

Uptime and Service Levels

ICONIQ uses properly-provisioned, redundant servers (i.e., multiple load balancers, web services, replica databases) to ensure appropriate failover and backup mechanisms are in place. Maintenance is conducted during the published routine window, and advance notice is provided for any planned non-routine maintenance. Enterprise Customers may contractually specify alternate routine maintenance windows optimized for their volumes and time zones, and can be provided uptime guarantees of +99.9% under a separate Service Level Agreement.

Backups

ICONIQ creates routine backups of our databases, and critical logs and files, enabling the easy and seamless restoration of the system in the event of data corruption or loss.

Disaster Recovery

ICONIQ maintains a comprehensive Disaster Recovery Plan policy to ensure that any disruption or damage to critical IT services or equipment are recoverable to the right level and within the right timeframe to return to normal operations with a minimal business impact. Our Disaster Recovery Plan can be made available to Enterprise Customers upon written request.

Data Flow

Data into System

ICONIQ provides a RESTful API that can only be accessed via HTTPS to prevent eavesdropping or man-in-the-middle attacks. API access requires an account specific user key. We also provide a public bot key to prevent exposure of user secrets when passed over the network (or viewed in a browser) and support domain whitelisting via the use of referrer filters.

Data through System

Data from end-user chat platforms is sent to the ICONIQ Platform via TLS 1.2. Data is AES-256 encrypted at rest.

Data out of System

ICONIQ maintains intelligent network firewall rules at the infrastructure level that limit the surface for data extraction. We vet preferred partners and integrations to ensure they comply with necessary security regulations (GDPR, PCI, etc.), before transferring data for processing.

Data Security and Privacy

Data Encryption

Data in ICONIQ servers is automatically encrypted at rest using AWS EBS Encryption via our master encryption key stored in AWS Key Management Service. Volumes are encrypted in AWS using the industry-standard AES-256 algorithm. ICONIQ only sends data over TLS 1.2 or greater, and never downgrades connections to insecure TLS methods (SSLv3 or TLS 1.0).

Data Removal

Data may be retained after termination of service unless otherwise specified in an Enterprise Contract or GDPR request. If data is kept after termination of service for purposes of making platform improvements, ICONIQ will scrub all personally identifiable information (PII) to the extent possible, including data like usernames, emails, phone numbers, etc.

Personally Identifying Information (PII)

The types of personally identifying information (PII) that ICONIQ receives is often dictated by third-parties beyond our control, including, for example: (a) what an end-user chooses to disclose to a bot during a conversation and (b) what a messaging or voice platform makes available about its end-users for purposes of providing or personalizing its services.

ICONIQ discourages and in some cases prohibits sending certain types of PII to our servers; however, ICONIQ can support the redaction or deletion of PII as needed.

Application Security

Website and Login

ICONIQ supports Single Sign On via OAuth 2  and email login with industry standard password requirements. Additional SSO methods can be supported as required. Passwords are stored in our databases using a secure one-way salted hash. Account sign in attempts are rate limited to counter brute force password attacks. We log successful and unsuccessful login attempts in order to identify anomalous activity. We enforce HTTPS for our website pages.

Secure Application Development

ICONIQ practices continuous delivery, which means all code changes are committed, tested, shipped, and iterated on in rapid sequence. A continuous delivery methodology, complemented by pull request reviews, continuous integration (CI), security scanning, and error tracking, decreases the likelihood of security issues and improves response times to security vulnerabilities. Internally, ICONIQ enforces at least one authorized reviewer for all code changes, and deployments to our production environment are gated under condition that all code is reviewed.

Compliance and Certification

PCI DSS

All payment and credit card information is processed by Braintree , a validated Level 1 PCI DSS compliant service provider. ICONIQ does not process or store any payment details.

GDPR

ICONIQ is GDPR compliant; please see Section 9 of our Privacy Policy  for more details. In the event of a data breach affected customers will be notified within 72 hours where feasible.