← Back to landing

Privacy Policy (GDPR Information)

Last updated: 2026-04-21

This Privacy Policy explains how [Company Name] (“we”, “us”, “our”) collects and uses personal data in connection with WhatsApp ↔ Claude bot (the “Service”), including our WhatsApp bot, optional voice features, and optional web dashboards. It also includes information required by Articles 13 and 14 GDPR.

If you are using the Service in a WhatsApp group or direct message, note: WhatsApp is a separate service provider and controller for its own processing.

1) Who we are (Controller)

Controller: [Company Name]
Address: [Company Address, Austria]
Email: privacy@[yourdomain]

If you are a business customer (a “Bot Owner”) using our dashboards, you may be a controller for your users’ data, and we may act as your processor for certain processing. See Section 13 (Business Customers).

2) What the Service does (high level)

  • Receive messages in WhatsApp groups and eligible 1:1 DMs.
  • Log messages to a database for search, debugging, moderation and product features.
  • Forward message content (and optionally attachments like images or voice transcripts) to AI providers to generate responses.
  • Optionally transcribe voice notes and/or generate voice replies.
  • Provide web dashboards for Bot Owners (Google sign-in) and product admins.

3) Personal data we collect

  • WhatsApp identifiers and metadata (IDs/JIDs, display names, timestamps, message IDs, group metadata)
  • Message content (text, captions, replies/quotes, emojis/reactions)
  • Media content (optional) (images, audio/voice; optionally raw media files)
  • Derived data and memory (rolling context, structured memory items)
  • Dashboard account/admin data (optional) (Google OAuth, access control, audit logs)
  • Technical and security data (server logs, auth/session tokens)

4) Sources of personal data

  • From WhatsApp: when you interact in groups where the bot is present.
  • From Bot Owners: when groups/settings are configured or dashboards are used.
  • From you directly: when you contact us (e.g. privacy requests).
  • From Google (dashboards only): when Bot Owners sign in using Google OAuth.

5) How we use personal data (purposes)

  • Provide the Service
  • Operate features
  • Maintain and improve
  • Security and abuse prevention
  • Customer support
  • Business operations (dashboards)

6) Legal bases (GDPR)

  • Contract (Art. 6(1)(b))
  • Legitimate interests (Art. 6(1)(f))
  • Consent (Art. 6(1)(a)), where required
  • Legal obligation (Art. 6(1)(c)), where applicable

7) AI processing and automated decisions

The Service uses AI to generate responses. AI outputs are not legal or similarly significant automated decisions about you. The Service may create derived “memory”; you can request deletion as described in Section 11.

8) Sharing and disclosure

  • AI provider (Anthropic)
  • Voice provider (ElevenLabs) (if enabled)
  • Infrastructure/hosting providers (including Hetzner)
  • Professional advisers
  • Authorities (where required)

We do not sell personal data.

9) International transfers

We are based in Austria and intend to host primarily in the EU/EEA. Some providers may process data outside the EU/EEA; where this occurs we use appropriate safeguards such as SCCs.

10) Retention

Retention depends on configuration and operational needs (logs, rolling context, memory, backups, dashboard data). We will provide concrete default retention windows once production configuration is finalized.

11) Your rights (GDPR)

You may have rights to access, rectify, erase, restrict processing, object, data portability, and withdraw consent. You may also lodge a complaint with your supervisory authority (in Austria: Datenschutzbehörde).

To exercise rights, contact privacy@[yourdomain].

12) Whether you must provide data

If you choose to interact with the bot, you provide message content to WhatsApp, and your messages may be processed by the Service. Some features (voice/media) are optional and only apply if enabled.

13) Business Customers (Bot Owners)

Bot Owners are responsible for providing appropriate notices/permissions for group participants. We can provide a DPA on request.

14) Security

We use measures designed to protect personal data (access controls, least privilege). Avoid sharing sensitive information in WhatsApp groups. WhatsApp session/auth files are highly sensitive.

15) Children

The Service is not intended for children and should not be used by individuals under 13 (or the applicable minimum age).

16) Third-party services (WhatsApp)

WhatsApp is a separate service with its own privacy practices. Your use of WhatsApp is governed by WhatsApp’s terms and privacy policy.

17) Changes

We may update this policy from time to time and revise the “Last updated” date.

18) Contact

For privacy questions or requests: privacy@[yourdomain].