Privacy Policy

Last Updated: 12 August 2024

1. Introduction

This Privacy Policy describes how XGMI B.V. ("we", "us", or "our"), a company registered in the Netherlands, collects, uses, and shares personal information when you use our WhatsApp bot transcription service (the "Service"). This policy is designed to comply with the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).

2. Data Controller

For the purposes of the GDPR, [Your Company Name] is the data controller of your personal information. Our contact details are:

XGMI B.V.
privacy@xgmi.com

3. Information We Collect

We collect and process the following types of personal information:

  • Phone numbers

  • Voice messages

  • Transcribed text

  • Payment information

  • Website usage data

Under the GDPR and CPRA, some of this information may be considered sensitive personal information, particularly voice data which could reveal biometric information.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract: Processing necessary for the performance of our service contract with you.

  • Consent: For specific processing activities where we ask for your explicit consent.

  • Legitimate interests: Where processing is necessary for our legitimate interests, and those interests are not overridden by your data protection rights.

5. How We Use Your Information

We use your information to:

  • Provide and maintain our Service

  • Process payments

  • Improve and optimize our Service

  • Analyze usage patterns

  • Deliver targeted advertisements (with your consent where required by law)

We will not use your personal information for purposes other than those for which it was collected, except with your consent or as required by law.

6. Data Sharing and Third-Party Services

We share your data with the following third-party service providers:

6.1 WhatsApp Business API (via Twilio)

Purpose: To facilitate communication with users.
Data shared: Message content and phone numbers.

6.2 OpenAI

Purpose: To transcribe voice messages into text.
Data shared: Voice data for transcription.

6.3 Stripe

Purpose: To process payments.
Data shared: Payment information necessary for transaction processing.

6.4 Google Analytics

Purpose: To analyze website usage.
Data shared: Anonymized website usage data.

6.5 Facebook/Meta Advertising

Purpose: To deliver targeted advertisements and measure their effectiveness.
Data shared: We may share certain information with Facebook/Meta for advertising purposes, which may include:

  • Device identifiers

  • Hashed email addresses (if provided)

  • Usage data

  • Ad interaction data

Facebook/Meta may use this information to:

  • Deliver ads to you on their platforms

  • Measure the effectiveness of ads

  • Improve their advertising services

We use Facebook/Meta's advertising tools in compliance with their terms of service and applicable data protection laws. For more information about how Facebook/Meta handles your data, please refer to their Data Policy at https://www.facebook.com/policy.php.

You can control the ads you see on Facebook and Instagram through your ad preferences settings on those platforms.

We ensure that all third-party service providers process your personal data in compliance with the GDPR and CPRA.

7. Your Choices Regarding Advertising

You have several options to control how your information is used for advertising purposes:

7.1 Opting out of personalized ads: You can opt out of personalized ads on Facebook and Instagram through your ad settings on those platforms.

7.2 Limiting data sharing: You can choose to limit the data we share with Facebook/Meta for advertising purposes by contacting us at [Your contact email].

7.3 Do Not Track: Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser "Do Not Track" signals, but we continue to review new technologies and may adopt a standard once one is created.

7.4 Third-party opt-outs: You can opt out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA). For more information regarding this practice and to opt-out of such collection, please visit http://www.aboutads.info/choices/, http://optout.networkadvertising.org/, and http://www.youronlinechoices.eu.

8. International Data Transfers

As we are based in the Netherlands and use service providers located in other countries, your personal data may be transferred outside the European Economic Area (EEA) or your state of residence. We ensure that such transfers comply with applicable data protection laws, including by using Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.

9. Data Retention and Security

We retain personal data for up to 24 months or until you request its deletion, unless a longer retention period is required by law. We implement appropriate technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

10. Your Rights

Under the GDPR and CPRA, you have the following rights:

  • Right to access your personal data

  • Right to rectification of inaccurate personal data

  • Right to erasure ('right to be forgotten')

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Rights related to automated decision-making and profiling

  • Right to withdraw consent at any time

  • Right to lodge a complaint with a supervisory authority

California residents have additional rights under the CPRA, including:

  • Right to limit use and disclosure of sensitive personal information

  • Right to opt-out of sale or sharing of personal information

  • Right to correct inaccurate personal information

To exercise these rights, please contact us using the details provided in Section 2.

11. Children's Privacy

Our Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide a more prominent notice or obtain your consent where required by law.

If we make material changes to how we treat our users' personal information, we will notify you by email to the primary email address specified in your account and/or through a notice on our website.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below:

privacy@xgmi.com

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. For users in the Netherlands, the supervisory authority is:

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ DEN HAAG

For users in California, you may file a complaint with the California Privacy Protection Agency.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

privacy@xgmi.com