Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly (Salon Owners / Dashboard Users)

• Account Information: Name, email address, and password when you create an account.
• Salon Details: Salon name, business hours (opening and closing times), services offered (name, price, duration), staff information (name and role), and branding preferences (logo, primary color).
• Platform Credentials: WhatsApp Business API token, Phone Number ID, Instagram Page access token, and Instagram Page ID required to connect your messaging channels.
• AI Configuration: Custom system prompts and auto-reply rules you configure for your AI agent.

1.2 Information Collected Automatically from End Users (Customers)

When customers interact with your salon through WhatsApp or Instagram, we collect:

• WhatsApp Data: Customer phone number, profile name (push name) as provided by the WhatsApp Business API, message content, and WhatsApp message IDs.
• Instagram Data: Instagram-scoped user ID (IGSID), username, profile picture URL (if publicly available via the Instagram API), message content, and Instagram message IDs.
• Message Metadata: Message direction (inbound/outbound), delivery status (received, sent, failed), channel type, and timestamps.
• Booking Information: Customer name, phone number, requested date, time, and service for appointment bookings created through conversations.

1.3 Information We Do NOT Collect

• We do not collect financial or payment card information.
• We do not access customers' contact lists, photos, media files, or location data.
• We do not collect any data outside of the messaging conversation context.
• We do not sell, rent, or trade any personal data to third parties.

2. How We Use Your Information

We use the collected information strictly for the following purposes:

• Service Delivery: To operate the AILIORA platform, process messages, and generate AI-powered replies to customer inquiries about your salon's services, pricing, availability, and bookings.
• Account Management: To authenticate users, manage salon profiles, and provide access to the dashboard.
• Message Processing: To receive, store, and display conversations between your salon and customers for your review and management.
• AI Response Generation: To provide contextual, accurate AI responses based solely on your salon's configured data (services, pricing, hours, staff). The AI agent is restricted to your salon data only.
• Booking Management: To create and manage appointment bookings requested by customers through messaging conversations.
• Auto-Reply Management: To enable or disable automatic AI replies for specific customer accounts as configured by salon owners.
• Service Improvement: To monitor system performance, debug issues, and improve the reliability of our services.

3. Meta Platform Data Usage

AILIORA integrates with Meta Platforms, Inc. ("Meta") through the WhatsApp Business API and Instagram Messaging API. Our use of data received from Meta APIs complies with the Meta Platform Terms and Meta Developer Policies.

4. WhatsApp Business API Compliance

Our use of the WhatsApp Business API is governed by the WhatsApp Business Policy and WhatsApp Commerce Policy.

• Purpose: We use the WhatsApp Business API exclusively to enable salon owners to receive and respond to customer messages regarding salon services, availability, pricing, and appointment bookings.
• Automated Messaging: AI-generated responses are clearly related to the customer's inquiry and limited to salon-specific information. We do not send unsolicited promotional or spam messages.
• Opt-Out: Salon owners can disable auto-replies for specific customers at any time through the dashboard. Customers can stop receiving automated messages by informing the salon directly.
• Data Minimization: We only collect the minimum data necessary from WhatsApp conversations (phone number, profile name, message text) to provide the service.
• No Sensitive Data: We do not request or store sensitive personal information (financial data, health information, government IDs) through WhatsApp conversations.
• Message Deduplication: WhatsApp message IDs are stored solely to prevent duplicate message processing.

5. Instagram Messaging API Compliance

Our use of the Instagram Messaging API is governed by the Meta Platform Terms and Instagram Platform Policy.

• Purpose: We use the Instagram Messaging API exclusively to enable salon owners to receive and respond to direct messages from customers regarding salon services.
• Permissions Used: We request only the permissions necessary to read and send messages on behalf of the salon's Instagram business/creator account: instagram_manage_messages, pages_messaging.
• Profile Data: We access publicly available Instagram user information (username, profile picture) solely to display in the salon owner's message dashboard for conversation context. This data is not used for any other purpose.
• Automated Responses: AI responses via Instagram are limited to answering customer questions about salon services, pricing, hours, and bookings. No promotional or marketing messages are sent.
• Opt-Out: Salon owners can disable auto-replies for specific Instagram accounts at any time.
• Message Deduplication: Instagram message IDs are stored solely to prevent duplicate message processing.
• Webhook Events: We process only messaging-related webhook events. We do not collect data from other Instagram events such as stories, comments, or feed interactions.

6. User Consent & Opt-In

AILIORA only sends automated messages to end users (salon customers) who have given clear, affirmative opt-in to receive messages from the salon. We comply with the WhatsApp Business Messaging Policy and Instagram Messaging Policy, which require explicit opt-in before a business can message a user and a 24-hour customer-care window for free-form replies after a user-initiated message.

6.1 How End Users Opt In

End-user customers opt in to receive messages from a salon in at least one of the following ways:

• User-initiated conversation: The customer messages the salon first on WhatsApp or Instagram Direct. By starting the conversation, the customer consents to receive replies — including AI-generated replies — from the salon for up to 24 hours (WhatsApp Customer Care Window) or as long as the conversation remains active on Instagram.
• Click-to-chat links and buttons: Customers tap a "Message us on WhatsApp" or "DM us on Instagram" link published on the salon's own website, Google Business Profile, Instagram bio, or offline signage. The click itself is an opt-in action.
• In-person or phone opt-in: A walk-in customer provides their WhatsApp number at the salon and verbally agrees to receive booking confirmations, reminders or follow-ups on WhatsApp. Salons are responsible for keeping a record of that consent.
• Website / booking form opt-in: If the salon collects a phone number through a website form, the form must include a clear, unchecked consent checkbox stating that the customer agrees to receive WhatsApp messages from the salon.

6.2 What AILIORA Sends

• Service messages only: AI-generated replies answer the customer's specific question about services, pricing, hours, availability, bookings or salon policies.
• No promotional broadcasts: We do not send unsolicited marketing, promotional blasts, or bulk messages through AILIORA.
• No pre-approved marketing templates without opt-in: If a salon later chooses to send WhatsApp template messages (for example appointment reminders) outside the 24-hour window, those templates must be pre-approved by WhatsApp / Meta and sent only to customers who have opted in.

6.3 How Users Opt Out

• Customers can reply with words like "STOP", "UNSUBSCRIBE", or "Do not message me" at any time. Salon owners are expected to honour the request immediately and disable auto-reply for that contact from the AILIORA dashboard.
• Salon owners can disable AI auto-reply per customer at any time from the dashboard, regardless of whether the customer has requested it.
• Customers can also block the salon's WhatsApp number or Instagram account directly from WhatsApp / Instagram, which will immediately prevent any further messages.
• Customers can request deletion of all their message history at any time — see Section 15 (Data Deletion Request).

6.4 Salon Owner Responsibilities

Salon owners using AILIORA are responsible for ensuring they have a lawful basis (opt-in or legitimate interest under applicable law, including the Indian DPDP Act 2023) to message each customer. By using AILIORA, the salon owner represents and warrants that every customer they message has given valid consent.

7. Data Storage & Security

• Database: All data is stored in a secure PostgreSQL database with encryption at rest and encrypted connections (TLS/SSL).
• Password Security: User passwords are hashed using bcrypt with appropriate salt rounds before storage. We never store plain-text passwords.
• API Tokens: WhatsApp and Instagram access tokens provided by salon owners are stored securely in our database and are used only to send messages on behalf of the salon. Tokens are never exposed to client-side applications.
• Authentication: Dashboard access is protected by JWT (JSON Web Token) based authentication. Tokens expire and require re-authentication.
• Access Control: Each salon owner can only access their own salon data. Cross-tenant data access is prevented at the application and database level.
• Infrastructure: Our application servers use HTTPS encryption for all data in transit. We follow industry-standard security practices to protect against unauthorized access, alteration, disclosure, or destruction of data.

8. Data Retention & Deletion

• Account Data: Your account information and salon details are retained for as long as your account is active. Upon account deletion, all associated data is permanently removed.
• Message Data: Conversation messages are retained to provide conversation history and context for the AI agent. Salon owners can request deletion of message history at any time.
• Booking Data: Booking records are retained for operational purposes and can be deleted upon request.
• Meta Platform Data: Data received from WhatsApp and Instagram APIs is deleted upon user request, account termination, or when Meta requires its removal, whichever occurs first.
• Automatic Cleanup: When a salon account is deleted, all related data — including services, staff, messages, bookings, and auto-reply settings — is automatically and permanently deleted through cascading database operations.

9. Third-Party Services

We use the following third-party services to operate AILIORA:

We do not share data with any advertising networks, data brokers, analytics platforms, or other third parties beyond those listed above.

10. Data Sharing & Disclosure

We do not sell, rent, trade, or otherwise share your personal information with third parties except in the following limited circumstances:

• Service Providers: With the third-party services described in Section 8, strictly to operate the AILIORA platform.
• Legal Requirements: If required by law, regulation, subpoena, court order, or governmental request.
• Safety: To protect the rights, property, or safety of AILIORA, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case users will be notified and given the opportunity to delete their data.
• Consent: With your explicit consent for any purpose not described in this policy.

11. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and all associated data. See Section 15 for data deletion instructions.
• Restriction: Request restriction of processing of your data.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Auto-Reply Control: Salon owners can enable or disable AI auto-replies for individual customer accounts at any time through the dashboard.

To exercise any of these rights, please contact us at admin.techviron@gmail.com.

12. Children's Privacy

AILIORA is designed for use by salon business owners and is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at admin.techviron@gmail.com.

13. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from your jurisdiction. We take appropriate safeguards to ensure that your personal data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify users of material changes by updating the "Last Updated" date at the top of this page and, where appropriate, by sending a notification to the email address associated with your account. Your continued use of AILIORA after such changes constitutes acceptance of the updated policy.

15. Data Deletion Request

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For Meta Platform-specific data inquiries or complaints, you may also contact Meta directly through their Help Center.