Privacy Policy

Last updated: April 10, 2026 · Effective: April 10, 2026

This Privacy Policy describes how Innovations24 LLC, doing business as Point of Contact AI ("Point of Contact AI", "we", "our", or "us"), collects, uses, stores, discloses, and protects personal information in connection with (a) our marketing website at pointofcontact.ai (the "Site"), (b) sales and support communications, and (c) the Point of Contact AI managed application that our customers deploy into their own Microsoft Azure subscriptions (the "Service"). Together, the Site and the Service are referred to as the "Offering".

By accessing the Site or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Innovations24 LLC is a United States limited liability company. Point of Contact AI is the trade name under which Innovations24 LLC offers AI-powered customer support software for Microsoft Teams. For privacy questions, you can reach us at [email protected]. Full contact details are provided in Section 16 below.

2. Key Definitions

  • Customer: An organization that licenses the Service and deploys it into its own Microsoft Azure subscription.
  • End User: An individual (such as a website visitor, employee, partner, or customer of a Customer) who interacts with the Service after it has been deployed by a Customer.
  • Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Equivalent to "personal data" under applicable laws.
  • Customer Data: Personal Information and other data that the Service processes on behalf of a Customer inside the Customer's Azure subscription, including chat transcripts, identity tokens, contact form submissions, audit logs, and AI prompts and completions.
  • Sub-processor: A third party that processes Personal Information on our behalf to deliver part of the Offering.

3. Our Role: Business / Controller vs. Service Provider / Processor

Our role under privacy law depends on what part of the Offering is involved:

  • Site, sales, and support (we are the Business / Controller): When you visit pointofcontact.ai, fill out a form, email us, or evaluate the product, Innovations24 LLC determines the purposes and means of processing the Personal Information you provide and is the "business" under the CCPA/CPRA and the equivalent of a "controller" under other privacy frameworks.
  • Deployed Service (we act as a Service Provider / Processor with no data-plane access): When the Service runs inside a Customer's Azure subscription, the Customer is the business/controller for all Customer Data, and we act as a service provider/processor that handles only update and patch operations on the application. By design, we have no access to the chat content, secrets, end-user identities, or any personal information stored by the deployed Service. Customer Data resides exclusively in the Customer's Azure resources (Cosmos DB, Key Vault, App Service, AI Foundry, Communication Services, Application Insights) in the Azure region the Customer chooses, and is protected by Azure RBAC deny assignments and managed-identity authentication that block our publisher principal from data-plane operations.

Because of this architecture, requests from End Users to access, correct, delete, or export Customer Data should be directed to the Customer that operates the relevant deployment of the Service. We will reasonably assist Customers in responding to such requests.

4. Personal Information We Collect (Site, Sales, and Support)

In the twelve (12) months preceding the effective date of this Privacy Policy, we have collected the following categories of Personal Information about visitors to the Site and people who contact us:

  • Identifiers: Name, email address, business phone number, employer name and job title (when you submit a form, request a demo, or email us), IP address, and device identifiers.
  • Internet or other electronic network activity information: Pages viewed, referring URL, time spent on the Site, browser type and version, operating system, screen size, and approximate geographic location derived from IP address.
  • Commercial information: Records of products and services you have inquired about or evaluated, and the contents of sales and support communications.
  • Cookie consent state: Your selection from the cookie consent banner, stored in the poc_cookie_consent first-party cookie. See our Cookie Policy for details.
  • Inferences: Limited inferences drawn from the above to understand which features of the Service may be relevant to you.

We do not collect government identifiers, financial account numbers, precise geolocation, biometric information, information about racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, health data, sex life or sexual orientation data, or any other category of "sensitive personal information" as defined by the CCPA/CPRA.

5. Customer Data Processed by the Deployed Service

When a Customer deploys the Service into its own Azure subscription, the Service processes Customer Data such as:

  • Chat transcripts and message metadata between End Users and AI agents or human agents in Microsoft Teams.
  • End-User identity information when authentication is enabled (for example, OAuth tokens or Entra ID identifiers).
  • Contact details that End Users voluntarily submit through pre-chat forms or escalation forms.
  • AI model prompts and completions generated through Azure AI Foundry within the Customer's tenant.
  • Application audit logs, telemetry, and diagnostics stored in the Customer's Application Insights and Cosmos DB resources.

This Customer Data is stored exclusively in the Customer's Azure subscription, in the Customer's chosen Azure region, under the Customer's access controls. Innovations24 LLC does not receive copies of Customer Data, does not transmit Customer Data to its own infrastructure, and cannot read it. The Customer is solely responsible for the lawful basis, retention, deletion, and security configuration of Customer Data within its tenant.

6. Sources of Personal Information

We collect the Personal Information described in Section 4 from the following sources:

  • Directly from you when you submit a form, email us, request a demo, sign up for product updates, or otherwise interact with us.
  • Automatically from your device and browser when you visit the Site (for example, your IP address and basic technical information about how you reached the Site).
  • From your employer or organization if a colleague refers you or includes your business contact information in a sales conversation.

7. Why We Process Personal Information (Business and Commercial Purposes)

We use the Personal Information described in Section 4 for the following purposes:

  • Operate and secure the Site — including ensuring availability, preventing fraud and abuse, and diagnosing errors.
  • Respond to inquiries and provide sales and customer support — including following up on demo requests, contracting, onboarding, and answering technical questions.
  • Improve the Offering — including understanding which information is most useful to prospective customers and which features they evaluate.
  • Send service and product communications — such as security advisories, terms updates, and (where you have opted in) newsletters and product announcements. You can opt out at any time using the unsubscribe link in any marketing email.
  • Comply with legal obligations — including tax, accounting, anti-fraud, sanctions, export-control, and lawful-process requirements.
  • Enforce our terms and protect our rights — including investigating violations of our terms of service or acceptable use policy.

8. AI and Machine-Learning Disclosure

The Service runs on Azure AI Foundry and is model-agnostic: each Customer chooses which foundation model (for example, models from OpenAI, Mistral, Meta, or other providers available through AI Foundry) to deploy inside its own Azure subscription. We do not host the AI models ourselves.

Innovations24 LLC does not train, fine-tune, evaluate, or improve any AI model using Customer Data, End-User prompts, End-User completions, or any Personal Information collected through the Site. Prompts and completions never leave the Customer's Azure tenant. Whether the underlying model provider trains on Customer Data depends entirely on the terms the Customer accepts directly with that model provider through Azure; the standard Azure AI Foundry deployment options used by the Service do not share inputs or outputs with model providers for training.

We do not make automated decisions that produce legal or similarly significant effects about you on the basis of Personal Information collected through the Site.

9. How We Share Personal Information

We do not sell Personal Information, and we do not share Personal Information for cross-context behavioral advertising. We disclose Personal Information only as follows:

  • Service providers and sub-processors that help us operate the Site and respond to you, bound by written contracts limiting their use of the information to the services they provide to us. See Section 10 for the current list.
  • Affiliates within the Innovations24 LLC corporate group, under terms consistent with this Privacy Policy.
  • Professional advisors such as lawyers, auditors, and accountants under duties of confidentiality.
  • Successors in the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, in which case we will require the recipient to honor this Privacy Policy or notify you of any material change.
  • Government authorities and other third parties when we believe in good faith that disclosure is required by law, legal process, or to protect the rights, property, or safety of Innovations24 LLC, our Customers, our End Users, or the public.

10. Sub-processors

We use the following sub-processors to help us deliver the Offering:

Sub-processor Purpose Location
Cloudflare, Inc. Hosting, content delivery, DNS, and edge security for the marketing Site (pointofcontact.ai). United States, with global edge presence
Microsoft Corporation (Microsoft Azure) Underlying cloud platform on which the Service runs inside each Customer's own Azure subscription. Innovations24 LLC does not directly process Customer Data on Azure; the Customer contracts with Microsoft for its own Azure subscription. Customer-selected Azure region

If we add or replace a sub-processor that processes Personal Information collected through the Site, we will update this list. Customers with a written agreement that requires advance notice will receive notice in accordance with that agreement.

11. Data Retention

We retain Personal Information for only as long as needed for the purposes described in this Privacy Policy and to comply with our legal obligations:

  • Website usage data: Up to 12 months from collection.
  • Contact form submissions and sales correspondence: Up to 24 months after the most recent interaction, unless an active sales or support relationship requires longer retention.
  • Marketing opt-in records: For the duration of your subscription plus 3 years after withdrawal, as proof of consent.
  • Security and audit logs for the Site: Up to 12 months.
  • Customer contracts and billing records: Up to 7 years to satisfy tax, accounting, and audit obligations.

Customer Data processed by the deployed Service is retained according to the Customer's own configuration inside the Customer's Azure subscription. Because we cannot access Customer Data, we are not able to delete it on an End User's behalf; End Users should contact the Customer that operates the relevant deployment.

12. Security

We implement administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction, including:

  • AES-256 encryption at rest and TLS 1.2+ encryption in transit.
  • Azure RBAC deny assignments that block our publisher principal from data-plane operations on Customer resources (including listKeys, regenerateKey, and Communication Services data-plane calls).
  • Azure Managed Identity authentication with no shared secrets or credentials in code; secrets are stored exclusively in the Customer's own Azure Key Vault and accessible only by the Customer's managed identities.
  • Least-privilege access controls and audit logging for our internal systems.
  • Reliance on the security and compliance posture of the Customer's own Microsoft Azure subscription, including Azure's SOC 1, SOC 2, ISO 27001, ISO 27018, HIPAA, PCI DSS, and FedRAMP attestations where the Customer has enabled them.

No method of transmission or storage is perfectly secure. If we become aware of a security incident affecting Personal Information we control, we will notify affected individuals and authorities as required by applicable law.

13. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), gives you the following rights with respect to the Personal Information we collect about you on the Site and in sales and support interactions:

  • Right to know. You can request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete. You can request that we delete Personal Information we have collected from you, subject to legal exceptions.
  • Right to correct. You can request that we correct inaccurate Personal Information we maintain about you.
  • Right to opt out of sale or sharing. Innovations24 LLC does not sell Personal Information and does not share Personal Information for cross-context behavioral advertising, so there is nothing to opt out of. We will continue to honor this commitment.
  • Right to limit use of sensitive personal information. We do not collect "sensitive personal information" as defined by the CCPA and therefore do not use it for any purpose that would trigger a right to limit.
  • Right to non-discrimination. We will not deny you goods or services, charge you a different price, or provide a different level of quality because you exercised any of these rights.

How to exercise your rights. You may submit a verifiable consumer request by emailing [email protected] with the subject line "California Privacy Request" and a description of the right you wish to exercise. We will need to verify your identity, which typically involves matching information you provide with information already in our records. You may use an authorized agent to submit a request on your behalf; the agent must provide written, signed permission and we may still ask you to verify your own identity. We will respond to verifiable requests within 45 days, with one 45-day extension available where reasonably necessary, and will explain any reason we cannot comply.

14. Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other U.S. states with comparable privacy laws have rights similar to those described in Section 13, including the right to access, correct, delete, and port their Personal Information, and to opt out of targeted advertising and sale (neither of which we engage in). Some states also provide an appeal process if we deny a request. To exercise any of these rights, please email [email protected] identifying your state of residence and the right you wish to exercise. We will respond within the timeframe required by applicable law.

15. International Visitors

Innovations24 LLC is based in the United States, and the Personal Information we collect through the Site is stored and processed in the United States. If you access the Site or contact us from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those of your country.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may also have rights under the EU General Data Protection Regulation, the UK GDPR, or the Swiss Federal Act on Data Protection, including rights of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your local supervisory authority. You can exercise these rights by emailing [email protected]. For Customer Data processed by the Service inside a Customer's Azure subscription, the Customer is the controller and your request should be directed to the Customer; we will reasonably assist the Customer in responding.

16. Children's Privacy

The Offering is intended for businesses and is not directed to children under 16. We do not knowingly collect Personal Information from children under 16. If you believe that a child has provided Personal Information to us, please contact [email protected] and we will take steps to delete it.

17. Cookies and Similar Technologies

The Site uses only essential first-party cookies. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. For details about which cookies are set and how to manage them, see our Cookie Policy.

18. Third-Party Links

The Site may contain links to third-party websites, services, or resources that are not operated by Innovations24 LLC. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, the Offering, or applicable law. When we do, we will revise the "Last updated" date at the top of this page and, where the change is material, we will provide additional notice (for example, by a banner on the Site or by email if you have an active relationship with us). Your continued use of the Offering after a change becomes effective constitutes acceptance of the updated Privacy Policy.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Innovations24 LLC (d/b/a Point of Contact AI)
Attn: Privacy
United States
Email: [email protected]