Our compliance, data protection, and partnership policies — all in one place.
By accessing, purchasing, subscribing to, embedding, reselling, promoting, testing, or using October AI — including any AI voice agent, AI chat agent, analytics feature, virtual tour integration, website widget, dashboard, API, onboarding material, affiliate link, or related service — you agree to these Terms.
If you use October AI on behalf of a company, hotel, venue, real estate business, agency, Matterport service provider, affiliate, reseller, or other legal entity, you confirm that you have authority to bind that entity to these Terms.
If you do not agree to these Terms, you must not use October AI.
October AI provides AI powered voice and chat agents designed to assist users inside or alongside virtual tours, websites, booking flows, property presentations, hospitality pages, venue pages, real estate listings, showrooms, and similar digital experiences.
The service may include AI generated responses, voice interaction, transcription, structured knowledge retrieval, tour navigation, analytics, booking link activation, lead qualification, and customer provided knowledge integration.
October AI is a software service. October AI is not a human employee, broker, hotel representative, real estate agent, travel agent, financial adviser, lawyer, medical adviser, or regulated professional adviser.
October AI does not guarantee any specific commercial outcome.
We do not guarantee increased bookings, increased leads, increased revenue, higher conversion rates, reduced staff workload, reduced customer service costs, shorter leasing time, more qualified buyers, improved sales performance, improved advertising performance, or any other business result.
Any examples, case studies, demonstrations, estimates, projections, ROI calculations, or marketing statements are illustrative only and depend on the customer’s traffic, offer, data quality, implementation, market, pricing, brand, booking flow, property attractiveness, customer service process, and other factors outside October AI’s control.
The customer understands and accepts that AI systems can misunderstand questions, generate inaccurate answers, omit relevant information, provide outdated information, or respond in a way that does not reflect the customer’s intended commercial position.
The customer is responsible for reviewing, approving, and maintaining the information provided to October AI, including room descriptions, booking rules, prices, availability information, property details, venue capacity, amenities, opening hours, refund terms, check in and check out rules, real estate specifications, lease information, product descriptions, customer specific policies, and any claims made through the agent.
October AI is not responsible for incorrect, incomplete, outdated, misleading, unlawful, or non compliant information supplied by the customer or generated because the customer’s source material was inaccurate, incomplete, outdated, ambiguous, or misleading.
October AI must not be used to provide legal, tax, accounting, medical, financial, insurance, employment, immigration, investment, credit, housing discrimination, safety critical, emergency, or other regulated advice.
The customer must not configure the agent to make binding legal or financial commitments, offer professional advice, approve transactions, determine eligibility, screen protected classes, or make decisions that legally require human review.
The customer agrees to:
The customer must not represent that the AI agent is a human, claim that October AI guarantees business results, remove or hide required disclosures, reverse engineer the service, copy the service, scrape the service, resell the service without authorization, or misuse the service.
Customers must clearly disclose to end users that they are interacting with an AI system and not a human. This disclosure must be presented before or at the start of the interaction and must not be hidden in a general legal page only.
For EU users, this is aligned with EU AI Act transparency principles for AI systems that interact directly with natural persons.
If the agent uses voice, microphone access, transcription, conversation analysis, session analytics, or similar processing, the customer must display a clear consent notice before the user starts the interaction.
The agent must not activate the microphone until the user has taken an affirmative action, such as clicking “Start conversation” or “I agree and start conversation”.
Where legally required, the customer is responsible for obtaining all necessary consent from end users before recording, transcribing, analyzing, or processing conversations. This is especially important in United States states with all party consent rules for certain recordings or confidential communications.
October AI is provided on an “as is” and “as available” basis.
We do not guarantee uninterrupted service, error free operation, constant availability, instant response time, compatibility with all devices, compatibility with all virtual tour platforms, or continued access to third party services.
The service may be affected by hosting providers, AI model providers, browser permissions, microphone permissions, customer websites, Matterport or other virtual tour platforms, payment processors, booking engines, network conditions, and user devices.
October AI may depend on third party providers, including AI model providers, hosting providers, analytics providers, payment providers, communication tools, CRM tools, virtual tour platforms, transcription systems, and booking platforms.
October AI is not responsible for downtime, policy changes, pricing changes, API changes, model behavior, data processing, security incidents, or service limitations caused by third party providers, except where required by applicable law.
The customer grants October AI a limited, non exclusive, worldwide, royalty free license to host, process, transmit, structure, transform, display, and use customer provided data solely to provide, maintain, secure, improve, troubleshoot, and support the service.
The customer confirms that it has all rights, permissions, notices, and consents necessary to provide such data to October AI.
October AI may provide analytics based on interactions with the agent, including conversation themes, user questions, session metadata, intent categories, lead indicators, engagement signals, and other aggregated or structured insights.
Analytics are provided for informational purposes only. October AI does not guarantee that analytics are complete, accurate, representative, statistically significant, or suitable as the sole basis for business decisions.
To the maximum extent permitted by law, October AI shall not be liable for lost revenue, lost profit, lost bookings, lost leads, lost business opportunities, business interruption, reputational harm, loss of goodwill, loss of data, incorrect AI responses, customer provided misinformation, end user misuse, affiliate misconduct, third party platform errors, or indirect, incidental, special, consequential, exemplary, or punitive damages.
To the maximum extent permitted by law, October AI’s total aggregate liability for all claims relating to the service shall not exceed the amount paid by the customer to October AI during the three months immediately before the event giving rise to the claim, or EUR 500, whichever is higher.
The customer agrees to defend, indemnify, and hold harmless October AI, its owners, directors, employees, contractors, affiliates, service providers, and partners from any claims, damages, losses, liabilities, fines, penalties, legal costs, and expenses arising from:
October AI may suspend or terminate access immediately if:
October AI may modify, improve, discontinue, restrict, or replace features at any time. Prices, plans, commission structures, usage limits, supported platforms, AI models, and features may change for future subscriptions or future customers.
Existing customer rights remain subject to the plan, contract, and commercial agreement in place at the time of purchase, unless otherwise agreed.
These Terms are governed by the laws of Denmark, excluding conflict of law rules.
Any dispute shall be brought before the competent courts of Denmark, unless mandatory consumer protection law requires otherwise.
For United States B2B contracts, October AI may include an additional arbitration and class action waiver clause after review by qualified United States counsel.
To the maximum extent permitted by law, disputes must be brought individually and not as part of a class, collective, consolidated, representative, or mass action.
This clause is reviewed by United States counsel before being applied to United States customers or users.
October AI is operated by a company based in Denmark.
This Privacy Policy explains how October AI collects, uses, stores, shares, and protects personal data when users interact with our website, dashboard, AI agents, embedded virtual tour agents, affiliate program, customer onboarding, support, and related services.
Depending on the context, October AI may act as data controller for our own website, sales, billing, affiliate program, support, and account administration.
October AI may act as data processor when we process end user interaction data on behalf of a customer that has embedded or deployed an October AI agent.
The customer may act as controller when the customer decides where the agent is deployed, what data is provided, what purposes the agent is used for, and how end user interactions are used.
Unless specifically stated otherwise, October AI does not store raw audio recordings after processing.
Voice interactions may be temporarily processed to generate transcripts, agent responses, analytics, and technical logs.
If raw audio storage is enabled for a customer, this is clearly disclosed and separately agreed.
We process data to provide the AI agent, transcribe and respond to user questions, navigate virtual tours, open booking or lead links, generate customer analytics, improve agent quality and reliability, maintain security, prevent misuse, provide support, process payments, manage affiliates, comply with legal obligations, debug technical issues, and improve product performance.
Depending on the context, the legal basis may include contract performance, legitimate interests, consent, and legal obligation.
For voice transcription, microphone access, recording style features, analytics, or sensitive contexts, October AI and the customer use clear affirmative consent where appropriate.
For California residents, personal information may include identifiers, internet activity, commercial information, audio or transcript related information, and inferences based on interaction data.
California privacy laws may give consumers rights over personal information, including:
October AI does not sell personal information.
October AI does not knowingly share personal information for cross context behavioral advertising unless expressly stated in a separate notice.
We may share data with trusted service providers that help us provide the service, including AI model providers, transcription providers, hosting providers, database providers, analytics providers, payment processors, email providers, support tools, security providers, and virtual tour or embedding platforms where necessary.
Where October AI acts as processor, subprocessors are governed by the Data Processing Agreement.
Because October AI may use global infrastructure and third party providers, data may be processed outside the user’s country.
Where required, we use appropriate transfer safeguards, such as Standard Contractual Clauses (Commission Decision 2021/914), data processing terms, or other lawful transfer mechanisms. The UK Addendum applies for transfers from the United Kingdom.
We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer period is required by law, contract, accounting rules, tax rules, security needs, or dispute resolution.
Depending on location, users may have rights to access data, correct data, delete data, object to processing, restrict processing, receive data portability, withdraw consent, opt out of certain sharing or selling, and complain to a supervisory authority.
Requests can be sent to our privacy contact via the dashboard or website contact form.
Users should not submit sensitive personal data, including health information, financial account details, government identification numbers, children’s data, political opinions, religious beliefs, biometric information, or other sensitive information.
Customers must not configure October AI to collect sensitive personal data unless separately agreed in writing and legally reviewed.
This Data Processing Agreement applies where October AI processes personal data on behalf of a customer.
Customer is the controller. October AI is the processor.
EU GDPR Article 28 — processor contracts
The subject matter is October AI’s processing of personal data to provide AI agent services, transcription, conversation handling, analytics, support, hosting, security, and related services.
Processing continues for the duration of the customer’s subscription or contract and any additional period required for deletion, return, legal compliance, security, or dispute handling.
Processing includes hosting, structuring, transmitting, analyzing, transcribing, generating AI responses, storing, securing, deleting, retrieving, and supporting customer and end user data.
The purpose is to provide October AI services to the customer.
Categories of data subjects may include end users, website visitors, hotel guests, prospective guests, property viewers, prospective tenants or buyers, customer employees, affiliate contacts, and customer representatives.
Categories of personal data may include names if provided, email addresses if provided, phone numbers if provided, conversation text, voice transcripts, session metadata, device data, IP addresses, booking intent, lead details, customer provided records, support data, and technical logs.
October AI shall:
The customer shall:
Customer gives October AI general authorization to use subprocessors.
October AI shall maintain a list of subprocessors and provide notice of material changes where required.
The customer may object to a new subprocessor on reasonable data protection grounds.
Current subprocessor categories include AI model providers, cloud infrastructure, transcription providers, analytics providers, payment processors, email providers, support tools, and security providers.
October AI maintains appropriate security measures, which may include:
EU Article 32 GDPR — security of processing
October AI shall notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data.
The notification shall include available information about the nature of the breach, affected data, likely consequences, mitigation steps, and contact point.
Where required, October AI will notify the relevant supervisory authority within 72 hours of becoming aware of a breach (Article 33 GDPR), and notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Article 34 GDPR).
Upon termination, October AI shall delete or return customer personal data within a commercially reasonable period unless legal retention is required.
Aggregated, anonymized, or non personal data may be retained.
October AI shall provide reasonable information necessary to demonstrate compliance with this DPA.
On site audits require reasonable notice, confidentiality, scope limitations, security requirements, and may be limited to once per year unless legally required or following a confirmed security incident.
This document establishes the enterprise legal compliance framework governing the October AI voice agent platform. The framework covers data protection, AI transparency, recording compliance, and security obligations across all supported jurisdictions.
The following terms are used throughout this framework in accordance with GDPR Article 4:
October AI implements AI interaction disclosure pursuant to EU AI Act Article 50. The system is classified as a limited-risk AI system, meaning transparency obligations apply but the system does not fall within high-risk or unacceptable-risk categories.
All personal data processing is grounded in one or more of the following legal bases under GDPR Article 6(1):
All processing adheres to the principles set out in Article 5 GDPR, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.
The following categories of data may be processed during voice agent interactions:
Data minimisation is applied in accordance with Article 5(1)(c) GDPR. Only data strictly necessary for the provision and improvement of the service is collected.
Recording transparency is implemented in compliance with the following regulations:
Users are informed about data collection before any recording or transcription takes place. Continued use of the voice agent constitutes informed consent in accordance with applicable laws.
In accordance with the storage limitation principle (Article 5(1)(e) GDPR):
October AI supports the exercise of all data subject rights under GDPR Articles 15–22:
Under the CCPA/CPRA, California residents additionally have the right to access, delete, and opt out of the sale or sharing of personal information.
Technical and organisational measures are implemented in accordance with Article 32 GDPR:
Where personal data is transferred outside the EEA, transfers are conducted in accordance with Chapter V GDPR:
Subprocessor engagements are governed by Article 28(4) GDPR. All subprocessors are contractually bound to equivalent data protection obligations. Current subprocessors include AI model providers, cloud infrastructure, and payment processing services.
In the event of a personal data breach, October AI will:
Where October AI is deployed in educational settings, COPPA (15 U.S.C. § 6501) risk is considered. The customer (as data controller) is responsible for ensuring a lawful basis exists for processing data of minors under 13 years of age.
The standard pre-interaction consent notice presented to end users before the microphone is activated:
You are about to interact with an AI voice agent.
This agent is not a human. Your conversation may be transcribed and processed to answer your questions, guide you through the experience, improve the service, and provide analytics to the business operating this agent.
Please do not share sensitive personal information.
By clicking “Start conversation”, you consent to this processing.
Buttons: Start conversation · No thanks | Links: Privacy Policy · Terms
The reinforced consent notice used where stricter recording consent rules apply (such as California two party consent under Penal Code § 632):
You are about to interact with an AI voice agent.
This is not a human representative. Your voice input may be processed and transcribed so the AI agent can answer your questions, guide you through this experience, and provide analytics to the business operating this agent.
Do not share sensitive personal information.
By clicking “I agree and start conversation”, you confirm that you understand and consent to the processing and transcription of your interaction.
Buttons: I agree and start conversation · Cancel
Every acceptance is stored with the following audit information:
This is important because if someone later claims they were not informed, October AI is able to show what notice was displayed and when consent was given.
Affiliates are independent contractors. Affiliates are not employees, agents, legal representatives, franchisees, partners, or authorized signatories of October AI.
Affiliates may not bind October AI, make commitments on behalf of October AI, sign contracts for October AI, offer discounts unless approved, or represent themselves as part of October AI’s internal team.
Affiliates may receive 25 percent commission on eligible subscription revenue actually received by October AI from referred customers, excluding taxes, refunds, chargebacks, discounts, credits, setup fees, payment processing costs, and non recurring services, unless otherwise agreed in writing.
Lifetime commission means commission for the lifetime of the referred customer’s active paid subscription, subject to these Affiliate Terms, continued compliance, fraud review, payment receipt, and October AI’s right to modify the affiliate program for future referrals.
October AI may modify or discontinue the affiliate program for future referrals at any time. Existing valid commissions will continue according to the terms in effect when the referral was accepted, unless the affiliate breaches these Terms, commits fraud, violates law, or creates legal or reputational risk.
Affiliates may only use marketing claims approved by October AI.
Affiliates must not claim or imply:
See the Approved Claims document for the current list of permitted marketing language.
Affiliates must clearly and conspicuously disclose their financial relationship with October AI whenever promoting October AI.
Examples include:
The disclosure must be easy to notice, easy to understand, and placed near the recommendation or link. It must not be hidden in a footer, terms page, hashtag pile, profile bio only, or behind a link.
Disclosures must be in the same language as the promotional content.
Affiliates must not:
Affiliate agrees to defend, indemnify, and hold harmless October AI from any claims, damages, losses, fines, penalties, legal fees, chargebacks, customer disputes, regulatory actions, platform penalties, or reputational harm arising from:
October AI may suspend or terminate an affiliate immediately if the affiliate:
Upon termination for cause, unpaid commissions may be forfeited to the maximum extent permitted by law.
The affiliate program is discretionary. October AI may change commission rates, eligibility rules, payout methods, attribution windows, cookie periods, approved channels, and program availability for future referrals.
Affiliates are granted a limited, non-exclusive, revocable license to use October AI brand assets (logos, screenshots, and product descriptions) solely for the purpose of promoting the service through their referral link. All intellectual property remains the exclusive property of October AI.
October AI reserves the right to review, suspend, and claw back commissions for referrals determined to be fraudulent. Anti-fraud measures include:
The affiliate program is designed to comply with the following regulatory frameworks:
This is the current bank of approved marketing claims affiliates may use when promoting October AI, alongside the claims that are explicitly not approved. The list aligns with FTC Truth in Advertising and EU Unfair Commercial Practices rules.
Affiliate marketing claims are one of the highest legal risk areas for any AI product. Unsubstantiated guarantees, staff replacement claims, and worldwide compliance claims are the kinds of statements that attract FTC scrutiny in the United States and unfair commercial practice investigations in the EU. Affiliates who use unapproved claims are subject to suspension and forfeiture of unpaid commissions under section 4.7.
You agree not to rely on October AI as the sole source of truth for pricing, availability, legal terms, booking terms, property details, safety information, or commercial decisions.
Customers are responsible for human review of all important information before relying on it or presenting it to end users.
The customer controls where the agent is embedded, what information is provided, what market it targets, and how end users are informed. October AI is not responsible for customer deployment decisions.
October AI must not be used for:
Customers may not use October AI to discriminate based on protected characteristics, including race, religion, sex, gender, age, disability, national origin, family status, or other protected categories. This is especially relevant if October AI is used in real estate, housing, hospitality, employment, insurance, financial, or other sensitive contexts.
The implementation steps that must be completed and reviewed before public launch:
These sources do not replace legal advice. They are included so the website implementation and counsel review can be grounded in the relevant legal areas.
This framework is designed to reduce October AI’s launch risk by making the product position clear, placing responsibility for customer supplied data on the customer, requiring active consent before voice interaction, limiting liability, controlling affiliate claims, and separating privacy, data processing and affiliate obligations into enforceable documents.
The two highest priority implementation points are the active consent screen before microphone access and the affiliate approved claims system. Those are the areas most likely to create avoidable legal risk in the United States.
Our team is here to discuss data protection, security, and regulatory requirements.
Get in touch