Privacy Policy

Effective Date: February 22, 2026
Company: Embellics AI Limited
Contact: info@embellics.com

1. Introduction
This Privacy Policy explains how Embellics AI Limited ("we", "our", or "us") collects and uses personal data from visitors to our website, embellics.com.

2. Information We Collect
We may collect:

  • Contact Information: If you submit a form or contact us, we collect your name, email, and any message content.

  • Analytics Data: We use tools like Google Analytics to collect anonymized data such as pages visited, time spent, device type, and IP address.

  • Cookies: Our site uses cookies to enhance your browsing experience. You can disable cookies in your browser settings.

  • Service Usage Data: When you use our AI services, we may collect interaction data to improve performance and user experience.

3. How We Use Your Data

  • Respond to inquiries and provide customer support

  • Understand and improve website performance

  • Send relevant updates if you have opted in

4. Data Sharing
We do not sell your personal information. We may share data with trusted service providers for analytics and site functionality. All third parties are required to protect your data and use it only for specified purposes.

5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. You may request deletion of your data at any time by contacting us.

6. Your Rights
Depending on your location, you may have rights to access, correct, delete, or export your data (including GDPR rights for EU/UK/Ireland residents). Contact us at info@embellics.com to make a request. We will respond within 30 days.

7. Security
We implement appropriate technical and organizational measures to protect your personal data.

8. Changes
We may update this policy occasionally. Changes will be posted here with an updated effective date. Continued use of our website constitutes acceptance of any changes.

9. Contact Us
If you have questions about this Privacy Policy, please contact us at info@embellics.com.

10. Meta Platform Integrations (Instagram, Messenger, WhatsApp)

What Data We Collect from Meta Platforms

When businesses use our AI-powered customer service platform to communicate with their customers through Instagram, Facebook Messenger, or WhatsApp, we collect and process:

From Instagram Direct Messages:

  • Instagram user IDs (Page-Scoped IDs only — these are unique identifiers specific to each business and do not identify users across different businesses)

  • Message content sent by users to businesses

  • Message timestamps

  • Conversation context necessary for AI-powered responses

From Facebook Messenger:

  • Facebook Messenger user IDs (Page-Scoped IDs)

  • Message content sent by users to businesses

  • Message timestamps

  • Conversation context necessary for AI-powered responses

From WhatsApp Business:

  • WhatsApp user phone numbers (as provided by users)

  • Message content sent by users to businesses

  • Message timestamps

  • Conversation context necessary for AI-powered responses

What We Do Not Collect

We do not collect:

  • Personal profile information such as name, email address, phone number, or profile photos (except where a user voluntarily provides this information during a conversation with an AI agent, in which case it is collected solely as part of that interaction and with the user's implicit consent through their active participation in the conversation)

  • Friend lists or social connections

  • Location data

  • Photos or media files (unless sent by the user as part of the conversation)

  • Any data outside the scope of the business conversation

How We Use Meta Platform Data

We use data collected from Meta platforms solely to:

  1. Provide AI-Powered Customer Service: Process customer inquiries and generate appropriate automated responses

  2. Maintain Conversation Context: Keep track of conversation history to provide coherent, contextual responses

  3. Enable Human Handover: Route complex queries to human agents when the AI cannot adequately respond

  4. Improve Service Quality: Analyse conversation patterns to improve AI response accuracy and customer satisfaction

  5. Business Record-Keeping: Maintain conversation records for legitimate business purposes

We do not:

  • Sell user data to third parties

  • Use data for advertising or marketing purposes (except to respond to customer inquiries)

  • Share data beyond our essential service providers

  • Track users outside our customer service interactions

  • Build user profiles for purposes other than providing customer service

Data Retention for Meta Platform Data

Active Conversations: Retained during the active conversation session and for a reasonable period afterward to maintain context.

Conversation History: Retained for 90 days after the last message to:

  • Provide continuity if customers return with follow-up questions

  • Maintain business records for customer service quality

  • Comply with legitimate business record-keeping requirements

After Retention Period: Automatically and permanently deleted from our systems, except where longer retention is required by applicable law.

Your Rights Regarding Meta Platform Data

Users communicating with businesses through our platform have the right to:

Access Your Data: Request a copy of all data we have collected about your conversations.

  • Contact: privacy@embellics.com or admin@embellics.com

  • Response time: Within 30 days

Correct Your Data: Request correction of any inaccurate data.

  • Contact: privacy@embellics.com

  • Response time: Within 14 days

Delete Your Data: Request permanent deletion of your conversation data.

  • Contact: privacy@embellics.com or contact the business you messaged

  • Processing time: Within 30 days

  • Confirmation: Email sent upon completion

Object to Processing: Object to our processing of your data for specific purposes.

  • Contact: privacy@embellics.com

  • We will review and respond within 30 days

Data Sharing for Meta Platform Services

We share Meta platform data only with essential service providers who help us deliver our AI-powered customer service platform:

  1. Retell AI

    • Type: AI Processing Provider

    • Location: United States

    • Purpose: AI conversation processing and natural language understanding to generate automated responses

    • Data Shared: Message content, conversation context

    • Safeguards: Data processing agreement, SOC 2 compliant, encryption in transit

  2. Render

    • Type: Cloud Infrastructure Provider

    • Location: Frankfurt, Germany (European Union)

    • Purpose: Secure hosting and data storage for main application infrastructure

    • Data Shared: All application data necessary for service delivery

    • Safeguards: SOC 2 Type II compliant, encryption at rest and in transit, EU data residency

  3. PostgreSQL Database (hosted on Render)

    • Type: Database Service Provider

    • Location: Frankfurt, Germany (European Union)

    • Purpose: Secure data storage, retrieval, and database management

    • Data Shared: Conversation history, user IDs, timestamps, all persistent data

    • Safeguards: Encryption at rest, access controls, regular automated backups, EU data residency

  4. Hostinger

    • Type: Workflow Automation Infrastructure Provider

    • Location: Paris, France (European Union)

    • Purpose: Host workflow automation platform (n8n) for message routing, processing, and business logic orchestration

    • Data Shared: Message routing data, workflow execution logs, temporary processing data

    • Safeguards: Enterprise-grade security, data encryption, access controls, EU data residency

Third-Party Safeguards:

All third-party service providers:

  • Are contractually obligated to protect your data

  • Use data only for the specified purposes outlined above

  • Maintain industry-standard security measures including encryption

  • Comply with applicable data protection laws (including GDPR)

  • Are prohibited from selling or sharing data for their own purposes

  • Undergo regular security audits and assessments

  • Maintain data processing agreements with us

European Data Protection:

We recognise that the majority of our data processing infrastructure is located within the European Union (Germany and France), providing strong data protection under GDPR. For data processed in the United States (Retell AI), we ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Additional security measures as required by GDPR

  • Regular monitoring and audits of data protection practices

Data Processing Legal Basis (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process Meta platform data based on:

  1. Legitimate Interests: Providing AI-powered customer service is our legitimate business interest, balanced against user privacy rights

  2. Contract Performance: Processing is necessary to provide the service businesses have contracted with us

  3. Consent: Where applicable, based on user consent through interaction with the business

International Data Transfers

Data collected from Meta platforms may be transferred between the European Union and the United States for AI processing purposes. We ensure appropriate safeguards are in place:

EU to US Transfers (Retell AI):

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Additional security measures equivalent to GDPR requirements

  • Regular monitoring and compliance audits

Within EU:

  • Data stored and processed primarily within the EU (Germany and France)

  • Compliant with GDPR and local data protection laws

  • No additional transfer mechanisms required for intra-EU processing

Data Security Measures

We implement industry-standard security measures to protect data collected from Meta platforms:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)

  • Access Controls: Strict role-based access controls limiting data access to authorised personnel only

  • Secure Infrastructure: Hosted on SOC 2 compliant infrastructure with 99.9% uptime

  • Network Security: Firewalls, intrusion detection, and DDoS protection

  • Regular Audits: Quarterly security audits and vulnerability assessments

  • Incident Response: Documented incident response procedures with 24/7 monitoring

  • Data Isolation: Tenant data isolation to prevent cross-contamination

  • Backup and Recovery: Daily automated backups with point-in-time recovery

Government Requests for Meta Platform Data

If we receive lawful requests from government authorities for user data:

  1. We review the legal validity of all requests

  2. We have provisions to challenge requests we believe are unlawful or overly broad

  3. We disclose only the minimum data necessary to comply with legal requirements

  4. We document all requests, our responses, and the legal reasoning

  5. We notify affected users when legally permitted to do so

We have not received any government requests for Meta platform user data to date. This statement is updated annually.

Children's Privacy

Our services are not directed to children under 13 (or 16 in the EEA). We do not knowingly collect data from children through Meta platforms. If we become aware that we have collected data from a child without parental consent, we will delete it promptly and take steps to prevent future collection.

Meta Platform Policy Compliance

Our use of Meta platform APIs and data is subject to:

  • Meta Platform Terms of Service

  • Meta Developer Policies and Terms

  • Meta Platform Data Policy

  • Meta Business Tools Terms

We comply with all Meta policies regarding data usage, retention, user privacy, and acceptable use.

Data Protection Officer

For inquiries related to data protection and privacy:

  • Email: privacy@embellics.com

  • Data Protection Contact: admin@embellics.com

  • General Inquiries: info@embellics.com

  • Response Time: Within 30 days for privacy requests; 48 hours for urgent security matters

Updates to Meta Platform Data Handling

We may update our Meta platform data handling practices to reflect:

  • Changes in Meta platform policies or APIs

  • New features or services we offer

  • Enhanced security or privacy measures

  • Legal or regulatory requirements

Material changes will be communicated through:

  • Updated privacy policy with revised effective date

  • Email notification to businesses using our platform

  • In-app notifications where applicable

Continued use of our services after such changes constitutes acceptance of the updated practices.
If you have questions about this Privacy Policy, please contact us at info@embellics.com.