Last updated: May 25, 2026

Privacy Policy

1. Introduction

Ergovia AI ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI-powered business automation platform ("Service").

The Service is currently in public beta and serves multiple industries. This policy applies to all users regardless of the industry niche they subscribe to.

2. Information We Collect

Account Information

When you register, we collect your name, email address, phone number, and business information. Payment information is collected and processed by our payment provider, Paddle.com (Merchant of Record). We do not store your credit card details on our servers.

Business Data

You provide business details relevant to your industry niche, which may include addresses, service descriptions, pricing, policies, team member contacts, and operational configurations. This data is used by the AI to communicate with your customers on your behalf.

Customer and Contact Data

Through the Service, we process names, phone numbers, email addresses, and message content of your customers, tenants, clients, or other contacts communicated via WhatsApp, SMS, Telegram, or other supported channels. This data is collected to facilitate AI-powered communication on your behalf.

Usage Data

We collect standard usage data including IP addresses, browser type, device information, pages visited, and interaction patterns within the control panel. This helps us improve the Service.

Conversation Data

All messages between the AI and your customers are stored to maintain conversation history, enable context-aware responses, and allow you to review interactions in your control panel.

Affiliate Data

If you participate in our affiliate program, we collect your payout preferences (e.g., GCash number, bank account details) for the purpose of processing commission payments.

3. How We Use Your Information

  • Service delivery: To operate the AI assistant, send messages, manage tasks, and provide the control panel
  • AI processing: To generate contextual, relevant responses to your customers using artificial intelligence
  • Communication: To send you account notifications, billing receipts, and service updates
  • Improvement: To analyze usage patterns, identify issues, and improve the Service
  • Support: To respond to your questions and resolve issues
  • Affiliate payouts: To process commission payments to affiliates
  • Legal compliance: To comply with applicable laws and regulations
  • Security: To detect, prevent, and respond to fraud, abuse, or security incidents

4. AI Data Processing

The Service uses third-party AI models to generate responses. You should understand how your data interacts with AI systems:

  • When the AI generates a response, relevant conversation context (including customer names, message content, and business information you configured) is sent to the AI model provider for processing.
  • We currently use DeepSeek as our primary AI provider and OpenAI as a fallback. We may change providers at any time to maintain quality and reliability.
  • AI providers process the data to generate a response and may retain data according to their own privacy policies. We select providers with strong privacy and data protection practices.
  • We do not use your data to train our own AI models. However, third-party AI providers may use data according to their respective terms unless opted out.
  • We minimize the personal data sent to AI providers — only the information necessary for generating a contextually relevant response is transmitted.

5. Data Sharing

We do not sell, rent, or trade your personal data or your customers' data to third parties for marketing purposes.

We share data only with the following service providers, solely for the purpose of operating the Service:

  • Payment processor (Paddle.com): To process your subscription payments. Paddle acts as Merchant of Record and is subject to their own Privacy Policy.
  • Messaging providers (WhatsApp/Evolution API, Twilio, Telegram): To deliver messages to and from your customers.
  • AI model providers (DeepSeek, OpenAI): To generate AI responses. Conversation context is sent to generate replies.
  • Disbursement provider (Xendit): To process affiliate commission payouts to GCash, bank accounts, or other payout methods.
  • Hosting provider (Hetzner, Germany): Our servers are hosted in the European Union.
  • Email provider (Resend): To send transactional emails (account activation, password resets, notifications).

We may also disclose data if required by law, court order, or government authority, or if necessary to protect the rights, property, or safety of Ergovia AI, our users, or others.

6. Data Storage and Security

  • All data is stored on servers located in Germany (EU), operated by Hetzner Online GmbH
  • Database connections use SSL/TLS encryption
  • Passwords are hashed using industry-standard bcrypt algorithms
  • Access to production servers is restricted to authorized personnel only
  • We perform regular automated database backups
  • Each customer's communication channels (phone numbers, messaging accounts) are isolated from other customers through subaccount architecture
  • API keys and credentials are stored securely and are not exposed to frontend applications

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data and are not liable for breaches beyond our reasonable control.

7. Data Retention

We retain your data for as long as your account is active. Upon account cancellation or deletion:

  • Your business data, customer information, and conversation history are deleted within 30 days
  • Billing and transaction records may be retained for up to 7 years to comply with tax and accounting requirements
  • Affiliate commission and payout records may be retained for up to 7 years for financial compliance
  • Anonymized, aggregated usage data may be retained indefinitely for analytics and service improvement purposes
  • Data already transmitted to third-party AI providers is subject to their respective retention policies

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Correct inaccurate data via your control panel or by contacting us
  • Deletion: Request deletion of your account and associated data
  • Export: Export your business and conversation data in a portable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing of your personal data for certain purposes
  • Withdraw consent: Withdraw consent for data processing at any time (which may require account closure)

To exercise any of these rights, contact support@ergovia-ai.com. We will respond within 30 days.

Note: Deleting your account does not retroactively remove data already processed by third-party AI providers or payment processors.

9. Cookies and Tracking

Our website and control panel use minimal cookies:

  • Session cookies: To keep you logged in and maintain your session. These are essential and cannot be disabled.
  • Preference cookies: To remember your display preferences (e.g., dark mode).

We do not use third-party advertising cookies, tracking pixels, or behavioral targeting. We do not participate in ad networks or sell browsing data.

10. International Data Transfers

Our servers are located in Germany (EU). However, data may be transferred to and processed in other countries through our third-party service providers:

  • AI providers: May process data in the United States or other jurisdictions
  • Payment provider (Paddle): Operates globally
  • Messaging providers: Operate in multiple jurisdictions

Where data is transferred outside the EU, we ensure that appropriate safeguards are in place, including the use of providers who comply with applicable data protection standards.

11. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will delete it promptly.

12. Your Customers' Privacy

As a user of the Service, you may process personal data of your own customers (tenants, guests, clients) through the platform. You acknowledge that:

  • You are the data controller for your customers' data. We act as a data processor on your behalf.
  • You are responsible for informing your customers that AI-powered communication is being used and obtaining any necessary consents as required by applicable law.
  • You must comply with all applicable privacy laws in your jurisdiction regarding the collection and processing of your customers' personal data.
  • We will process your customers' data only as necessary to provide the Service and in accordance with your instructions.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the control panel at least 14 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Data Protection Contact

For privacy-related questions, data access requests, or concerns about how your data is handled, contact us at:

Email: support@ergovia-ai.com

Website: https://ergovia-ai.com

We aim to respond to all privacy inquiries within 30 days.