Privacy Policy

At ZendoWhisper, a product of Intellixio, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered customer communication assistant service. By accessing or using our service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

1. Information We Collect

1.1 Business Knowledge Base

To provide our service, we collect and process business information you provide to us, including:

• Product details and specifications
• FAQs and support documentation
• Company policies and procedures
• Other business knowledge you choose to share with us

Legal basis for processing: We process this information based on the contractual necessity to provide our services to you and our legitimate interests in optimizing our AI assistant to meet your specific business needs.

1.2 Customer Conversation Data

When customers interact with ZendoWhisper through your WhatsApp Business channel, we process:

• Message content and attachments
• WhatsApp user information (as provided by the WhatsApp Business API)
• Conversation context and history
• Time and frequency of interactions

Legal basis for processing: We process this information as a data processor acting on your behalf, based on your instructions and the legitimate interests of providing and improving our service. You are responsible for obtaining appropriate consent from your customers for their data to be processed through our platform.

1.3 Account Information

When you create an account with us, we collect:

• Name and contact information
• Billing information
• Account credentials
• Usage data and preferences

Legal basis for processing: We process this information based on contractual necessity to provide our services, compliance with legal obligations (such as financial record-keeping requirements), and our legitimate interests in managing and improving our services.

1.4 Technical Information and Cookies

We automatically collect certain technical information when you use our platform:

• IP address and device information
• Browser type and settings
• Operating system
• Log information (usage, clicks, views)
• Cookies and similar tracking technologies

For more information about our use of cookies and your choices regarding them, please see our Cookie Policy.

1.5 Meta Integration Data

To facilitate the integration of your WhatsApp Business Account with our Service via Meta's platforms (where Intellixio acts as a Tech Provider), we may receive and process certain identifiers and configuration data provided by Meta related to your Meta Business account and WhatsApp Business Account, including:

• WhatsApp Business Account ID (WABA ID)
• Phone number ID associated with your WhatsApp Business Account
• Business verification status and related metadata
• Account configuration settings required for API integration
• Other technical identifiers necessary for establishing and maintaining the Service connection

This data is used solely for the purpose of establishing and maintaining the Service connection with your WhatsApp Business Account and ensuring proper functionality of our AI assistant through the WhatsApp Business API. We process this information in accordance with Meta's Developer Policies and Platform Terms.

Legal basis for processing: We process this information based on contractual necessity to provide our WhatsApp integration services and our legitimate interests in maintaining secure and functional integrations with Meta's platforms.

2. How We Use Your Information

We use the information we collect to:

• Train our AI to respond to customer inquiries based on your business knowledge
• Process and manage customer conversations via WhatsApp
• Identify when human intervention is necessary
• Provide analytics and insights about customer interactions
• Improve our services and develop new features
• Ensure the security and integrity of our platform
• Send important service announcements and updates
• Comply with legal obligations
• Respond to your requests and inquiries
• Protect our rights and the rights of others
• Detect and prevent fraud, security incidents, and other harmful activities

3. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• End-to-end encryption for data in transit
• Industry-standard encryption for data at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Staff training on data protection and security best practices
• Secure data storage with redundancy
• Regular security audits and assessments

Your business data only trains AI models specific to your account and is never shared with other clients. Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

4. Data Sharing and Disclosure

We may share your information with:

• Service providers who help us deliver our services, including but not limited to:
  • Cloud hosting and infrastructure providers
  • Database service providers
  • Payment processors and billing service providers
  • Cloud communication platform providers (for WhatsApp integration)
  • Customer support and helpdesk service providers
  • Analytics and monitoring service providers
  • Security and fraud prevention service providers
  • Email and communication service providers
• WhatsApp and Meta platforms as required for integration with the WhatsApp Business API and in accordance with our role as a Meta Tech Provider
• When required by law, such as in response to a subpoena, court order, or other legal process. We will carefully review the legality of any such request and, where appropriate and legally permissible, seek to narrow the scope of the disclosure or challenge the request. We aim to disclose only the minimum information necessary to comply with a valid legal demand and will notify affected users when legally permitted to do so.
• To protect our rights, property, or safety, or the rights, property, or safety of others
• In connection with a business transaction such as a merger, acquisition, or sale of assets, with appropriate safeguards for your data

We do not sell your data to third parties or use it for advertising purposes. Any third parties with whom we share your information are contractually required to implement appropriate security measures and are prohibited from using your data for purposes other than providing services to us. All service providers are bound by data processing agreements that ensure compliance with applicable data protection laws and our privacy standards.

5. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, including:

• Right to access and receive a copy of your data
• Right to rectify inaccurate or incomplete information
• Right to erasure (the “right to be forgotten”)
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us using the information provided in the “Contact Us” section. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request. In some cases, legal requirements or other legitimate interests may limit or deny your request, but we will explain the reasoning in our response.

5.1 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information, including:

• Right to know about personal information collected, disclosed, or sold
• Right to request deletion of personal information
• Right to correct inaccurate personal information
• Right to opt-out of the sale or sharing of personal information
• Right to limit use and disclosure of sensitive personal information
• Right to non-discrimination for exercising your rights

We do not sell personal information as defined by the CCPA/CPRA. To exercise your rights, please contact us using the information in the “Contact Us” section.

5.2 European Economic Area (EEA), UK, and Swiss Residents

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent laws provide you with rights as outlined above. Additionally, you have the right to lodge a complaint with your local data protection authority.

For more information about our GDPR compliance, please see our GDPR Compliance page.

6. International Data Transfers

We may transfer and store your information on servers located outside your country. We ensure appropriate safeguards are in place to protect your information and comply with applicable data protection laws, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with our service providers
• Adequacy decisions where applicable
• Additional technical and organizational security measures

By using our services, you consent to the transfer of your data as described in this policy. If you have questions about our data transfer mechanisms, please contact us using the information in the “Contact Us” section.

7. Data Retention

We retain your information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on:

• The type of information collected
• The purpose for which it was collected
• Our legal and contractual obligations
• Industry standards and best practices

When your account is terminated, we will delete or anonymize your data according to our data retention policy, typically within 90 days, unless we are legally required to retain it longer. Some anonymized or aggregated data may be retained for analytical purposes.

8. Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. Data Breach Notification

In the event of a data breach that compromises the security or privacy of your personal information, we will notify you and relevant authorities as required by applicable law. Notifications will be provided without undue delay, typically within 72 hours of discovering the breach, where feasible.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the new policy on our website and, where appropriate, via email. Material changes will not apply retroactively without your consent. We encourage you to review this Privacy Policy periodically for any updates.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Our Data Protection Officer can be contacted at dpo@zendowhisper.com for privacy-related inquiries or concerns.