Privacy Policy

This Privacy Policy applies to all personal information processed through our conversational AI solution, which allows end-users to communicate with an AI-powered system via WhatsApp Business. It covers data received from WhatsApp, responses generated by the AI model, and information stored in our cloud infrastructure.

We may collect the following categories of information: Identifiers: WhatsApp ID, phone number, or profile information provided by WhatsApp Business. Message Content: Text, media, or metadata from messages you send or receive. System Logs & Metadata: Conversation IDs, message timestamps, delivery status, error codes, retry counts, and processing flags. Usage Data: Interaction history (limited to the last 10 messages for context), performance metrics, and observability logs. Technical Data: IP addresses, device information, and security event data generated during interactions. We do not intentionally collect sensitive personal data unless voluntarily provided by the user within the chat.

We use collected information solely to provide, secure, and improve the Service, including: Delivering AI-generated responses to your WhatsApp messages. Ensuring contextual continuity across conversations. Preventing duplicate or erroneous message delivery. Monitoring performance, reliability, and security of the platform. Detecting, investigating, and mitigating misuse, abuse, or fraud. Complying with applicable laws, regulations, and contractual obligations. We do not sell your personal information to third parties.

We maintain personal information in secure environments designed to preserve its confidentiality and integrity. Information is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing the Service, meeting contractual obligations, complying with legal requirements, and resolving disputes. Once retention is no longer required, information is deleted, anonymized, or otherwise disposed of using appropriate safeguards to prevent unauthorized access or use.

We may share your information only under the following circumstances: With Service Providers: To cloud providers who support the functionality of the Service under strict contractual and confidentiality obligations. With WhatsApp (Meta Platforms, Inc.): As required for message delivery and compliance with WhatsApp Business policies. For Legal Compliance: Where required by law, regulation, legal process, or government request. For Security and Fraud Prevention: To detect, prevent, or address malicious activity, violations of our Terms of Use, or threats to safety. We do not disclose personal data for advertising or profiling.

We provide the Service as a technology platform that enables our business clients to interact with their own end-users through conversational AI on WhatsApp. While we process and safeguard data within the platform as described in this Privacy Policy, the following applies: Each client remains the data controller with respect to personal information they collect, export, or further process from their end-users through the Service. Our responsibility is limited to the secure processing of data within our infrastructure and in accordance with this Policy. Clients are solely responsible for ensuring that their collection, use, disclosure, and retention of personal information complies with applicable data protection laws, including fulfilling any legal obligations toward their own customers (e.g., providing access rights, deletion rights, or consent management). This Privacy Policy does not extend to client-controlled activities outside of the platform, including how clients choose to use, share, or store exported data.

We apply reasonable administrative, technical, and organizational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These safeguards are designed to ensure an appropriate level of security relative to the nature of the data and the risks involved in its processing. While we strive to protect personal information, no method of transmission or storage is entirely risk-free, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have certain rights regarding your personal information, including: The right to access and obtain a copy of your personal data. The right to request correction or deletion of personal data. The right to restrict or object to processing under certain conditions. The right to data portability where applicable. Requests may be submitted to us at contact@thecloudxperience.com. We may require verification of identity before fulfilling requests.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA: Right to Know: You may request disclosure of the categories and specific pieces of personal information we collect, use, and disclose. Right to Delete: You may request deletion of personal information we hold about you, subject to exceptions. Right to Correct: You may request correction of inaccurate information. Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Right to Non-Discrimination: We will not discriminate against you for exercising your rights. To exercise these rights, contact us at contact@thecloudxperience.com. Authorized agents may act on your behalf if properly verified.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data in compliance with the General Data Protection Regulation (GDPR): Legal Bases for Processing: We process your data under one or more of the following lawful bases: Performance of a contract (providing the Service). Legitimate interests (platform security, fraud prevention, service improvement). Legal obligation (compliance with laws and regulatory requirements). Consent (when explicitly given, e.g., for specific use cases). Data Subject Rights: You have the right to: Access, rectify, or erase your personal data. Restrict or object to processing. Data portability. Withdraw consent at any time without affecting prior processing. Lodge a complaint with your local Data Protection Authority. We implement appropriate safeguards (including Standard Contractual Clauses where applicable) for transfers of personal data outside the EEA, UK, or Switzerland.

Our Service is not intended for children under 13 years of age (or higher age if required by local law). We do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will promptly delete it.

Your information may be processed and stored in the United States or other jurisdictions where we or our service providers operate. We take measures to ensure adequate protection for cross-border transfers in line with applicable data protection laws, including GDPR requirements.

We may update this Privacy Policy from time to time. Changes will be effective as of the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: thecloudxperience.com Email: contact@thecloudxperience.com