Privacy Policy

Last updated: March 31, 2026

1. Who We Are

VenzoChat ("we", "our", "us") is a B2B SaaS platform that enables businesses to deploy AI-powered conversational agents on WhatsApp and Instagram. This policy explains how we collect, use, and protect personal data.

For the purposes of data protection law, VenzoChat acts as a Data Processor on behalf of our business clients (the Data Controllers), who determine the purposes and means of processing their end users' personal data.

2. Data We Collect

From our business clients (tenants):

• Account information: name, email address, business name, phone number
• Billing information: processed securely via Stripe (we do not store card details)
• Bot configuration: business rules, uploaded documents, connector credentials (encrypted at rest)

From end users (your clients' customers):

• Messages exchanged via WhatsApp or Instagram
• Contact information: name, phone number, language preference
• Conversation metadata: timestamps, channel, detected intent
• Order and booking data when applicable

3. How We Use Data

We process personal data to:

• Provide and operate the VenzoChat platform
• Process messages and generate AI responses on behalf of our clients
• Facilitate bookings, orders, and payments as configured by our clients
• Improve our service quality and reliability
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process data based on: legitimate interest (service operation), contract performance (subscription agreement with clients), consent (collected from end users by the bot before processing), and legal obligation (tax, fraud prevention).

5. Data Sharing

We share data only with:

• Our business clients — who are the Data Controllers for their end users' data
• AI model providers (Google Gemini, Anthropic Claude) — conversation content is sent for processing. We do not send data for model training.
• Meta — messages are delivered via WhatsApp Cloud API and Instagram Messaging API
• Payment processors — Stripe, Easypay, and Mercado Pago, using the client's own credentials (passthrough model)
• Infrastructure providers — hosting, database, and email services

We never sell personal data to third parties.

6. Data Retention

Conversation data is retained according to our clients' configured retention policy. Clients can configure automatic deletion periods. End users can request data deletion at any time (see Section 8).

7. Data Security

We implement appropriate technical and organisational measures including: encryption in transit (TLS) and at rest, tenant data isolation, access controls, audit logging, and regular security reviews.

8. Your Rights (GDPR / LGPD)

If you are an end user who has interacted with a business using VenzoChat, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability
• Withdraw consent

To exercise these rights, contact the business you interacted with (the Data Controller) or reach us at hello@venzochat.com.

9. International Transfers

Data may be processed in the European Union (Ireland) and in the jurisdictions of our sub-processors. Where transfers occur outside the EEA, we ensure appropriate safeguards are in place.

10. Cookies

Our marketing website uses only essential cookies. Our dashboard application uses session cookies required for authentication. We do not use advertising or tracking cookies.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to our registered clients. The "last updated" date at the top reflects the latest revision.

12. Contact

For any privacy-related questions or requests:
Email: hello@venzochat.com
VenzoChat — Lisbon, Portugal