Privacy Policy

DALIA ("we", "us", or "our") operates the conversational AI platform available at dal-ia.com. We act as the data controller for the personal information of our customers and their authorized users. For data processed on behalf of our customers within their accounts (e.g., end-user contact data), we act as a data processor.

Account and billing information: When you register, we collect your name, email address, company name, and billing information. Payments are processed by a third-party payment provider; we do not store full payment card details.

Usage data: We collect information about how you use the Service, including features accessed, AI conversation counts, campaign activity, and Copilot interactions, for billing, analytics, and service improvement purposes.

Customer Data (end-user contacts): When you use DALIA to communicate with your contacts (e.g., WhatsApp conversations), the names, phone numbers, and message content of those contacts are stored in our platform on your behalf. You are the data controller for this information.

Technical data: We collect IP addresses, browser type, device identifiers, and log data when you access the Service, for security, debugging, and analytics purposes.

AI interaction data: Prompts, responses, and context data processed by AI models (OpenAI GPT-4o/GPT-4o-mini) are transmitted to OpenAI's API in accordance with OpenAI's data processing agreement. We do not use your data to train OpenAI models.

Communication data: If you contact us by email or through the platform, we retain those communications.

We use the information we collect to:

• Provide, operate, and improve the Service.
• Process payments and manage your subscription via our payment provider.
• Send transactional emails (invoices, account alerts, onboarding).
• Monitor and enforce our Terms of Service and Acceptable Use Policy.
• Provide customer support and respond to inquiries.
• Measure service performance and diagnose technical issues.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your Customer Data (your contacts' information) for any purpose other than providing the Service to you.

If you are in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing personal data are:

• Contract performance: Processing necessary to provide the Service under our agreement with you.
• Legitimate interests: Analytics, security, fraud prevention, and service improvement.
• Legal obligation: Compliance with applicable laws and regulations.
• Consent: Where required, such as for marketing communications.

We share data only as necessary to provide the Service. Our key sub-processors include:

• Supabase: Database, authentication, and file storage.
• Vercel: Application hosting and edge compute.
• OpenAI: AI model inference (GPT-4o, GPT-4o-mini, Whisper).
• Pinecone: Vector database for AI knowledge retrieval (RAG).
• Meta (WhatsApp Cloud API): Message delivery through WhatsApp Business Platform.
• Payment processor: Payment processing and subscription management (third-party provider).
• n8n: Workflow automation engine.

We may also disclose your information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of DALIA, our customers, or others.

We retain account and usage data for as long as your account is active and for up to 2 years after account closure for legal and audit purposes.

Customer Data (contact and conversation data) is retained while your subscription is active. Upon cancellation or termination, we retain this data for up to 30 days to allow for export, after which it is permanently deleted from our systems.

Billing records are retained for a minimum of 7 years as required for tax and accounting compliance.

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.2+), row-level security (RLS) in our database layer to isolate tenant data, and access controls that restrict employee access to customer data on a need-to-know basis. Despite these measures, no system is completely secure. We encourage you to use a strong, unique password and to enable two-factor authentication where available.

Your information may be transferred to and processed in countries other than your own, including the United States, where our sub-processors operate. When we transfer personal data from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect your data in accordance with applicable law.

We use session cookies strictly necessary to authenticate users and maintain your logged-in state. We do not use third-party advertising or behavioral tracking cookies on the platform.

Our public marketing website (dal-ia.com) may use analytics tools to measure traffic and improve content. You may opt out of analytics by using browser extensions or by contacting us.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to our retention obligations.
• Portability: Request an export of your data in a machine-readable format.
• Objection / Restriction: Object to or restrict certain processing activities.
• Withdraw consent: Withdraw any consent previously given, without affecting prior lawful processing.

To exercise any of these rights, please email us at contacto@dal-ia.com. We will respond within 30 days. We may need to verify your identity before processing your request.

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at contacto@dal-ia.com and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

For privacy-related questions, requests, or complaints, please contact us at contacto@dal-ia.com.