We collect information you provide directly: account information (name, email, company), payment information (processed securely by Stripe), and messaging content processed by our intelligent systems.

We automatically collect usage data and interaction logs, device and browser information, and voice recordings when using voice features.

We use your data to provide, maintain, and improve our services. This includes sending technical notices and support messages, responding to your comments and questions, and detecting and preventing fraud and abuse.

We may use anonymized data to improve our systems. We generate analytics and usage reports for your dashboard to help you understand your operations better.

We share data only with service providers necessary for our operations (hosting, payment processing), AI model providers (Google, OpenAI) for processing conversations, and professional advisors when required.

We share with law enforcement only when legally required, and with business partners only with your explicit consent. We never sell your personal information.

We implement enterprise-grade security measures including TLS encryption for all data in transit, encrypted database storage with row-level security ensuring complete tenant isolation, and regular security audits and monitoring.

All backups are encrypted with AES-256 and stored in geographically separated locations.

We use cookies to remember your preferences and settings, understand how our services are used, improve site performance and security, and provide personalized content.

You have the right to access your personal data, correct inaccurate data, request deletion of your data, export your data in a portable format, opt-out of marketing communications, withdraw consent at any time, and lodge complaints with your data protection authority.

Account data is retained while your account is active plus 30 days after deletion. Conversation logs are retained for 12 months, then anonymized. Voice recordings are deleted after 90 days. Payment records are retained as required by law. Analytics data is anonymized indefinitely.

We only send messages to users who have explicitly opted in. Message content is processed only for the service you requested. We never send spam — only transactional or direct response messages.

We comply with Meta WhatsApp Business Policy and Telegram Terms of Service. You can opt out at any time by sending "STOP" or contacting [email protected].

Our primary servers are located in the EU (Frankfurt, Germany) via DigitalOcean. AI processing may involve servers operated by Google and OpenAI. We maintain standard contractual clauses with all sub-processors for GDPR-compliant transfers.