CCAIA
Legal

Privacy Policy

Contact Center AI Association — ccaia.org and the CCAIA ChatGPT App

Effective Date: May 12, 2026 · Last Updated: May 12, 2026

1. Introduction

This Privacy Policy describes how the Contact Center AI Association (“CCAIA,” “we,” “us,” or “our”), a 501(c)(3) nonprofit organization, collects, uses, and discloses personal information when you:

  • visit ccaia.org and related CCAIA websites (the “Website”); and
  • use the CCAIA application available within OpenAI’s ChatGPT service (the “App”), which connects ChatGPT to CCAIA’s knowledge base, member resources, and ticketing system.

CCAIA is the controller of personal information described in this Policy. This Policy is designed to meet our obligations under applicable U.S. state privacy laws and to comply with OpenAI’s Apps SDK submission and developer requirements for ChatGPT apps. It is intended to be read together with the CCAIA MCP Terms of Service, the CCAIA Member Terms, and the CCAIA Code of Conduct.

If you do not agree with this Policy, please do not use the Website or the App.

2. Scope and Defined Terms

In this Policy:

  • “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked with a particular individual.
  • “App” means the CCAIA MCP application available inside ChatGPT.
  • “MCP” means the Model Context Protocol used to integrate the App with ChatGPT.
  • “ProxyLink” means the technology service provider that hosts and operates the MCP server underlying the App on CCAIA’s behalf.
  • “OpenAI” means OpenAI, the operator of ChatGPT. OpenAI is not a party to this Policy.

3. Information We Collect

3.1 Information You Provide Directly

We collect Personal Information you provide directly through the Website or the App, which may include:

  • Account and membership information — such as your name, email address, employer, job title, professional credentials, chapter affiliation, and membership tier (practitioner, vendor, or consultant).
  • Communications and inquiries — the contents of messages, support tickets, registration forms, and similar communications you submit to CCAIA.
  • Member record updates — changes you make to your CCAIA member record or related fields through the App.
  • Event registrations — information you provide to register for CCAIA events, chapter meetings, or programs.
  • Marketing preferences — your subscription, communication, and contact preferences.

3.2 Information Collected Through the App

When you use the App inside ChatGPT, we collect only the information needed to respond to your specific request, including:

  • Search queries and tool inputs — the specific questions, keywords, or parameters you (or ChatGPT acting on your behalf) submit to App tools.
  • Authorized conversation snippets — the limited message snippets that the ChatGPT client or model explicitly passes to the App for a given request. The App is designed to operate only on those intentionally shared snippets and does not pull, reconstruct, or infer your full ChatGPT conversation history.
  • Authentication identifiers — OAuth tokens, bearer tokens, and similar identifiers used to verify your CCAIA account and authorize App access.
  • Session metadata — such as an mcp-session-id used for request tracing, debugging, and MCP connection stability.
  • Coarse geographic signal — if a tool requires location context, we use only the coarse country/state signal provided by the ChatGPT client through controlled metadata channels. We do not request or collect precise location data such as GPS coordinates, street addresses entered for location purposes, or device-derived precise location.

3.3 Information Collected Automatically on the Website

When you visit the Website, we and our service providers may automatically collect:

  • Device and log information — such as IP address, browser type, operating system, referring URLs, pages viewed, and access times.
  • Cookies and similar technologies — used for site administration, analytics, and remembering preferences. You can manage cookies through your browser settings; disabling certain cookies may limit Website functionality.

3.4 Information from Other Sources

We may receive Personal Information from chapter leaders, employers (in the case of group memberships), event partners, and publicly available professional sources, where consistent with applicable law and the original disclosure made to you.

4. Information We Do Not Collect

Consistent with OpenAI’s Apps SDK requirements and our own data minimization commitments, the App does not collect, solicit, or process the following categories of restricted data:

  • Payment card information or other data subject to PCI DSS (the App does not process payments);
  • Protected health information (PHI) within the meaning of HIPAA;
  • Government identifiers such as Social Security numbers, driver’s license numbers, or passport numbers;
  • Access credentials and authentication secrets other than tokens issued for use of the App itself, including third-party passwords, API keys, and multi-factor authentication or one-time passcodes;
  • Precise location data such as GPS coordinates or fine-grained device location;
  • Biometric identifiers or persistent device identifiers used for cross-context tracking; and
  • Your full ChatGPT conversation history.

The App does not collect or process “sensitive” or “special category” personal information (as those terms are used under applicable U.S. state privacy laws and the GDPR) unless that collection is strictly necessary to perform a specific App function, you have provided legally adequate consent, and the collection is clearly disclosed at or before the point of collection. We currently do not operate any App feature designed to collect such data.

5. How We Use Information

We use Personal Information for the following purposes:

  • Providing the Website and App — to authenticate you, deliver requested content, respond to inquiries, run searches against the CCAIA knowledge base, populate and submit support tickets, and update fields in your member record or CRM in response to your specific request.
  • Administering membership — to manage your CCAIA membership, chapter affiliation, event participation, and benefits within your membership tier.
  • Communicating with you — to send transactional notices, respond to your requests, send membership-related updates, and, with your consent where required, send newsletters and event announcements.
  • Improving our services — to monitor performance, fix bugs, debug issues, and improve the Website and App, including by analyzing aggregated and de-identified information.
  • Safety, security, and compliance — to detect, investigate, and prevent fraud, abuse, security incidents, and violations of the CCAIA Terms of Service, CCAIA Code of Conduct, or applicable law, and to comply with legal obligations.

We do not use Personal Information collected through the App to train any machine learning model, and we do not use App data to develop products that compete with OpenAI.

6. Read and Write Actions in the App

Within the App, we distinguish between actions that only retrieve information from CCAIA systems and actions that create, modify, or delete information in those systems.

  • Read actions — such as searching the CCAIA knowledge base or looking up chapter information — retrieve information for you and do not change anything in CCAIA systems.
  • Write actions — such as submitting a support ticket, registering for an event, or updating your member record — change information in CCAIA systems and may have lasting effects.

Write actions are surfaced to the ChatGPT client as write actions consistent with OpenAI’s Apps SDK requirements, which enables ChatGPT to require user confirmation or run the action in preview mode before execution. Destructive actions are clearly labeled and require confirmation.

7. Categories of Recipients and Disclosure of Personal Information

CCAIA does not sell your Personal Information and does not share Personal Information with third parties for cross-context behavioral advertising or for their own independent marketing purposes. We disclose Personal Information only in the categories below.

7.1 Service Providers and Processors

We share Personal Information with service providers that process it on our behalf, subject to written agreements that restrict their use of the data to providing services to CCAIA. These include:

  • ProxyLink — the operator of the MCP server underlying the App. ProxyLink processes App data on CCAIA’s behalf as a processor/service provider. CCAIA may change or replace its technology service providers at any time.
  • Cloud hosting and database providers — that store CCAIA data and operate underlying infrastructure.
  • Email, communications, and event platforms — that send transactional and membership-related communications and host events on our behalf.
  • Analytics providers — that help us understand Website usage in aggregate.
  • Customer support and ticketing platforms — that route, store, and respond to support requests submitted through the App or Website.
  • Professional advisors — such as legal, accounting, and audit providers.

7.2 OpenAI

The App operates inside ChatGPT. When you use the App, OpenAI processes information about your interaction with ChatGPT, including the messages you send to and receive from ChatGPT, under OpenAI’s own privacy practices. OpenAI is not CCAIA’s service provider with respect to that processing, and that processing is governed by your separate agreement with OpenAI and OpenAI’s privacy policy. CCAIA does not control OpenAI’s processing of your information.

7.3 Optional External Sources

If a request cannot be answered from the CCAIA knowledge base and an external lookup is required, we will identify the external source used in the App response so you can evaluate its reliability. We do not transmit your Personal Information to external sources beyond what is necessary to perform the lookup you have requested.

7.4 Legal and Safety Disclosures

We may disclose Personal Information when we believe in good faith that disclosure is necessary to comply with applicable law, lawful requests from public authorities, court orders, or legal process; to enforce our agreements, including the CCAIA Terms of Service and CCAIA Code of Conduct; to protect the rights, property, or safety of CCAIA, our members, or others; or to investigate or prevent fraud, abuse, or security incidents.

7.5 Business Transfers

If CCAIA is involved in a merger, consolidation, restructuring, asset transfer, or similar transaction, Personal Information may be transferred or disclosed in connection with that transaction, subject to standard confidentiality protections.

8. Transparency, No Surveillance, No Behavioral Profiling

We do not engage in surveillance, behavioral tracking, or behavioral profiling of App users. We do not collect timestamps, IPs, query patterns, or other metadata beyond what is necessary for the limited operational purposes disclosed in this Policy. The App does not serve advertisements, and the App is not used as an advertising vehicle. We do not infer or reconstruct your full ChatGPT conversation history from the snippets the App receives.

9. Data Retention

We retain Personal Information for only as long as needed to fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Default retention periods include:

  • Search queries and tool inputs — retained for the duration of CCAIA membership and for a reasonable period afterward for legal, audit, and historical purposes, unless you request earlier deletion.
  • Session metadata (e.g., mcp-session-id) — retained for the duration of CCAIA membership and for a reasonable period afterward for legal, audit, and historical purposes, unless you request earlier deletion.
  • Support tickets and inquiries — retained for the duration of CCAIA membership and for a reasonable period afterward for legal, audit, and historical purposes, unless you request earlier deletion.
  • Member account records — retained for the duration of membership and as required by applicable law and our recordkeeping policies.
  • Website logs and analytics — retained per our standard hosting and analytics retention policies.

When Personal Information is no longer needed, we delete, anonymize, or aggregate it consistent with this Policy and applicable law.

10. Security

We use reasonable administrative, technical, and physical safeguards designed to protect Personal Information, including:

  • Encryption of data in transit using HTTPS/TLS;
  • Authentication and access controls appropriate to the sensitivity of the data, including industry-standard authentication for the App and role-based access for CCAIA members;
  • Role-based access controls limiting access to authorized personnel on a need-to-know basis;
  • Logging and monitoring of system activity for security and integrity;
  • Vendor due diligence and written processor agreements with service providers, including ProxyLink.

No security measures are perfect. We cannot guarantee the security of information transmitted to or stored by CCAIA or its service providers.

11. Your Rights and Choices

Subject to applicable law, you may have the following rights regarding your Personal Information:

  • Access — request a copy of the Personal Information we hold about you.
  • Correction — request correction of inaccurate or incomplete information.
  • Deletion — request deletion of your information, including support tickets and member account data, subject to our recordkeeping and legal obligations.
  • Portability — request a copy of your information in a structured, commonly used, and machine-readable format.
  • Objection or restriction — object to or restrict certain processing in limited circumstances.
  • Withdraw consent — where we rely on consent, withdraw that consent at any time.
  • Confirmation before write actions — the App is configured so that ChatGPT will surface write and destructive actions for confirmation before they are executed.
  • Disconnect the App — stop using the App at any time, including by disconnecting it through your ChatGPT settings.

To exercise these rights, contact us at the address in Section 16. We will respond consistent with applicable law. You will not be discriminated against for exercising your rights. We may need to verify your identity before responding, and may decline requests where permitted by law.

12. U.S. State Privacy Disclosures

If you are a resident of California, Colorado, Connecticut, Utah, Virginia, or another U.S. state with a comprehensive consumer privacy law, you may have additional rights under that state’s law. CCAIA confirms that, in the twelve months preceding the date of this Policy, we have not:

  • “sold” Personal Information for monetary or other valuable consideration; or
  • “shared” Personal Information for cross-context behavioral advertising,

as those terms are defined under applicable state privacy laws.

California residents may also request the categories of Personal Information collected, the sources of that information, the business or commercial purposes for collecting it, and the categories of third parties to which we disclose it. This Policy is designed to provide that information. To exercise California rights, including the right to opt out of sale or sharing (which we do not engage in), contact us at the address in Section 16. You may also designate an authorized agent to make a request on your behalf.

13. International Data Transfers

CCAIA is based in the United States, and our service providers (including ProxyLink and OpenAI) operate primarily in the United States. If you access the Website or App from outside the United States, your Personal Information may be transferred to, stored in, and processed in the United States and other countries that may have data protection laws different from those of your home country. By using the Website or App, you acknowledge that transfer.

14. Children’s Privacy

The Website and App are intended for use by adults engaged in or interested in the contact center and customer experience profession. The App requires authentication and is not intended for use by individuals under 18 years of age. We do not knowingly collect Personal Information from children. If we learn that we have collected Personal Information from a child in violation of this Policy, we will delete that information promptly. If you believe a child has provided Personal Information to us, please contact us at the address in Section 16.

15. Updates to This Policy

We may update this Policy from time to time to reflect changes in our practices, our service providers, applicable law, or the requirements of platforms on which the App is offered, including OpenAI’s Apps SDK requirements. When we make a material change, we will provide reasonable notice, such as by posting the updated Policy with a new “Last Updated” date and, where appropriate, by notifying you through the App, the Website, or the email address associated with your CCAIA account. Your continued use of the Website or App after the effective date of the updated Policy constitutes your acknowledgment of the changes.

16. Contact Us

Questions, requests, or complaints regarding this Privacy Policy or our handling of Personal Information may be directed to:

Contact Center AI Association

3052 Eagle Ridge Lane, Birmingham, AL 35242

Email: john@ccaia.org

Website: ccaia.org

If you have an unresolved concern, you may also have the right to lodge a complaint with your local data protection authority or state attorney general.

Related: MCP Terms & Privacy Policy · Member Terms · Code of Conduct