Important Notice
This website (zendowhisper.com) serves as our informational and marketing platform. The ZendoWhisper application itself is hosted at app.zendowhisper.com. This Privacy Policy applies to both this informational website and the ZendoWhisper application, ensuring consistent data protection practices across all our platforms.
Privacy Policy Summary (In Plain English)
We believe in transparency. This summary highlights the key points of our Privacy Policy. For full details, please read the complete policy below.
- Our Service: ZendoWhisper is an AI assistant that connects to your WhatsApp account to answer questions from your customers based on business documents you provide.
- Our Roles (This is Important): We act as a Data Controller for your account information (your name, email, billing details). For all data the Service handles to do its job—your business documents and the conversations with your customers—we act as your Data Processor. In that role, you are the Data Controller and are responsible for your customers' data.
- Data Usage: We use conversation data only to provide the service to you. We use anonymized and aggregated data to improve our core AI models for everyone.
- No Selling Data: We will never sell your personal information, your business's confidential data, or your customers' data.
- Your Customers' Rights: If your customers want to exercise their data rights (e.g., to delete their chat history), their request should come to you. As your Data Processor, we will help you fulfill those requests.
Full Privacy Policy
1. Introduction
This Privacy Policy explains how Intellixio ("we," "us," or "our") collects, uses, discloses, and safeguards information when you use our ZendoWhisper AI-powered customer communication assistant service (the "Service"). This policy applies to all our customers ("you" or "your") who use the Service. ZendoWhisper is owned and operated by Intellixio.
2. Our Data Protection Roles: Controller vs. Processor
Understanding our role is critical for data protection laws like GDPR. This distinction defines our respective legal responsibilities.
- 2.1 We are the Data Controller for Customer Account Data. This is the personal information you provide directly to us to create and manage your account (e.g., your name, company name, email, password, and billing information).
- 2.2 We are the Data Processor for Service Data. This is all data we process on your behalf and according to your instructions when you use the Service. It includes:
- Your Knowledge Base (the business documents you provide for AI training).
- Conversation Data (the content of messages between your end-users and the Service).
- End-User Data (e.g., WhatsApp phone numbers and names as provided by the platform).
- Meta Integration Data (e.g., WhatsApp Business Account ID).
When we process Service Data, you are the Data Controller. You are responsible for having a lawful basis (e.g., Consent, Contractual Necessity) to process your end-users' data and for informing them that they are interacting with an AI assistant. Our obligations as your Processor are defined in our Terms of Service and our Data Processing Addendum (DPA).
3. Information We Process and Its Legal Basis
Type of Information | Examples | Our Legal Basis for Processing (under GDPR) |
---|---|---|
Customer Account Data | Name, company name, email, billing information. | Performance of a Contract: To provide you with the Service you subscribed to. |
Service Data (as Processor) | Knowledge Base, Conversation Data, End-User Data, Meta Integration Data. | On Your Instruction as a Processor: We process this data based on our contract with you. The legal basis is established by you, the Controller. |
Usage and Technical Data | IP address, browser type, usage logs from our dashboard, cookies. | Legitimate Interest: To secure our platform and improve the Service dashboard. |
4. How We Use Information
- Customer Account Data: To manage your account, provide support, process payments, and send you service-related communications.
- Service Data: To provide the core functionality of the Service, including training your dedicated AI agent, processing conversations, and delivering analytics to you.
- AI Model Training: To improve our core algorithms, we may use Service Data in an anonymized and aggregated form. Your confidential business information and your end-users' personal data are never used to train models for other customers.
5. Data Sharing and Disclosure
We do not sell personal data. We only share information with:
- Service Providers: Trusted third-party vendors who perform services on our behalf, such as cloud hosting providers and payment processors.
- Platform Providers: With Meta as necessary to operate the Service through the WhatsApp Business Platform.
- Legal Requirements: If required by law or a valid legal process.
- Business Transactions: In connection with a merger, acquisition, or sale of assets.
All third parties are contractually bound to protect the data and are prohibited from using it for their own purposes.
6. Data Security
We implement robust technical and organizational security measures, including end-to-end encryption, data-at-rest encryption, access controls, and regular security assessments, to protect all data we process.
7. Data Subject Rights
Your rights, and those of your end-users, are paramount.
- For Your Customer Account Data: You have the right to access, rectify, or erase your account data by contacting us directly at [email protected].
- For Your End-Users' Data: As the Data Controller, you are responsible for responding to data subject rights requests from your end-users. If an end-user contacts us directly, we will direct them to you. As your Data Processor, we will provide you with the necessary assistance and tools to help you fulfill these requests (e.g., for accessing or deleting a chat history).
8. International Data Transfers
Information may be processed in jurisdictions outside of your own. When we transfer personal data from the European Economic Area (EEA), UK, or Switzerland, we ensure data is protected by using legally-approved mechanisms such as the European Commission's Standard Contractual Clauses (SCCs).
9. Data Retention
- Customer Account Data: Retained for as long as your account is active and as required by law.
- Service Data: Retained for the duration specified in our agreement with you, and then securely deleted from our active systems according to our standard schedules (typically within 90 days of contract termination).
10. Data Breach Notification
In the event of a data breach affecting the Service Data we process on your behalf, we will notify you, the Data Controller, without undue delay so you can fulfill your legal obligations.
11. Children's Privacy
Our Service is not directed to individuals under the age of 18. Customers are prohibited from knowingly using the Service to communicate with children.
12. Changes to This Privacy Policy
We may update this policy from time to time. We will notify you of significant changes by posting the new policy on our website and, where appropriate, via email.
13. Contact Us
If you have any questions about this Privacy Policy, please contact our Data Protection Team at:
Intellixio
Email: [email protected]
Address: House-105, Canada Plaza (5th floor), Shahid Latif Road, Koshaibari, Mollartek, Ashkona, Dakshinkhan, Dhaka, Bangladesh, 1230