Privacy Policy

1) Controller and contact

The data controller for this website and, when applicable, for the operation of the platform (depending on the role described in section 3) is:

• Controller: CONVERSA
• City: Medellín, Colombia
• Privacy email: info@conversa-chat.com

For questions, requests, or complaints about privacy, email us at the address above.

2) Scope

This Policy applies to: (i) the conversa-chat.com website and its public pages (including this one), and (ii) the conversa-chat platform, including multi-channel integrations (for example, Web, Telegram, WhatsApp) when you use our Service.

Third-party services (for example, Telegram/Meta/WhatsApp, LLM providers) have their own policies. When you interact with them, their terms and policies also apply.

3) Roles: Controller vs. Processor (Customer)

conversa-chat is a tool for customers to build chatbots and automate conversations (for example, support, scheduling, or lead capture). For that reason, roles may vary:

• When you visit our public website, we typically act as the Controller of the data we collect from visitors (for example, technical data).
• When a Customer uses the platform, the Customer usually acts as the Controller of its end users/leads’ data, and conversa-chat acts as a Processor (we process that data on the Customer’s behalf and under its instructions).

If you are an end user/lead interacting with a chatbot built by a Customer, requests regarding how your data is used (for example, purposes or permissions) should primarily be directed to that Customer.

4) Data we process

We may process the following categories of data (depending on how you use the website/service):

• Account data: name, email, company, credentials and authentication-related information (for example, sign-in).
• Conversation data: messages, files you choose to upload/send, metadata (date/time, channel) and chatbot settings.
• Lead data (if configured by the Customer): information the Customer asks end users for (for example, name, phone, email, interest, availability).
• Technical data: IP address, browser/device, logs, identifiers, and security events.
• Support: communications with you (tickets, emails) and data needed to resolve issues.
• Payments: during beta we do not request card data. If we enable payments in the future, a third party will process payments and we will publish the relevant information.

We do not seek to collect sensitive data. If a user voluntarily shares it in a conversation, it will be processed only to provide the service and under the Customer’s instructions (when applicable).

5) Purposes

We use data to:

• Provide the service: create, configure and operate chatbots; manage accounts; enable integrations.
• Process conversations with AI: generate responses, run workflows and help the Customer serve end users/leads.
• Security: prevent abuse, fraud, unauthorized access, and maintain service integrity.
• Support and improvement: debugging, troubleshooting, technical metrics and product improvements.
• Legal compliance: comply with legal requirements and protect rights.

We do not use data for marketing (for example, behavioral ads) and do not use data to train AI models.

6) AI and LLM providers

To generate responses or run automations, conversa-chat may send parts of the conversation content and context (for example, knowledge base/catalog snippets) to large language model (“LLM”) providers such as OpenAI, Anthropic and Google (Gemini), depending on the Customer’s configuration.

• Purpose: solely to provide the service (generate the response or perform the requested task).
• No training: conversa-chat does not use your data (nor end users’ data) to train its own models.
• Provider settings: when providers offer options to limit retention/usage, we aim to enable them where available and contractually applicable; however, each provider may have its own policies.

For enterprise customers, we can provide a Data Processing Agreement (DPA) upon request.

7) Cookies and similar technologies

We may use cookies or similar technologies for essential functionality (for example, keeping sessions, security). This public page is not intended to use marketing cookies.

You can manage cookies from your browser settings. Disabling cookies may affect service functionality.

8) Sharing, subprocessors and international transfers

We may share data with vendors who help us operate the service (for example, hosting/infrastructure, databases, messaging, technical analytics, LLM providers), acting as subprocessors.

The service may operate globally, so data may be processed or stored outside Colombia (for example, in the United States or other countries) depending on the vendors used. We implement reasonable measures to protect data in international transfers.

We may disclose information when necessary to comply with law, protect rights, investigate fraud/abuse, or respond to requests from competent authorities.

9) Retention

We retain data for as long as needed to provide the service and comply with legal obligations. In a B2B context, as a Processor, we retain and delete data according to the Customer’s instructions and our backup/security policies.

10) Security

We apply reasonable technical and organizational measures to protect data (for example, access controls, audit logs, in-transit security). No system is 100% secure, but we work to reduce risks.

11) Data subject rights (Colombia) and how to exercise them

Under Colombian Law 1581 of 2012 and related rules, data subjects may: access, update and correct their data; request proof of authorization; be informed about use; file complaints with the Superintendence of Industry and Commerce (SIC); revoke authorization and/or request deletion when applicable.

To exercise your rights, email info@conversa-chat.com with: (i) name and identification, (ii) the specific request, (iii) a response channel, and (iv) supporting documents if applicable.

Indicative timeframes (Colombia): inquiries up to 10 business days (extendable) and claims up to 15 business days (extendable), as provided by law.

If your request relates to data processed by a Customer (for example, a lead who spoke to a Customer’s chatbot), we may redirect it or ask you to contact the Customer as Controller.

12) Minors

The service is not intended for minors. We do not knowingly collect data from minors. If you believe a minor provided us data, contact us so we can address it.

13) Changes to this Policy

We may update this Policy to reflect service changes or legal requirements. We will publish the current version on this page and indicate the effective date.

In case of discrepancies with translations of this Policy, the Spanish version prevails.