Privacy Policy
The official version of this Privacy Policy is in English; other languages are provided for convenience.
Effective date: June 18, 2026 · Last updated: June 21, 2026
This Privacy Policy explains how BolivAI LLC ("BolivAI", "we", "us", or "our"), a limited liability company organized in Wyoming, United States, collects, uses, shares, and protects information in connection with our website bolivai.com and our AI agent platform at bolivai.cloud (together, the "Services").
Two roles. When you create a BolivAI account and use the platform for your own business, we act as a data controller of your account data. When our AI agents process messages and information about your end‑customers on your behalf (for example, WhatsApp, Instagram, or Messenger conversations), we act as a data processor and you (the business) are the controller. In that case, this policy describes our practices, and your own privacy notice governs your relationship with your end‑customers.
- 1. Information we collect
- 2. How we use information
- 3. Meta platform data (WhatsApp, Instagram, Messenger)
- 4. AI processing
- 5. How we share information & sub‑processors
- 6. Data retention
- 7. Your rights
- 8. Data deletion
- 9. Security
- 10. International transfers
- 11. Cookies & analytics
- 12. Children
- 13. Changes
- 14. Contact
1. Information we collect
Account information
When you sign up, we collect your name and email address. If you sign in with Google or Facebook, we receive your name, email address, and profile identifier from that provider — we do not receive your password. We also store your business profile (business name, industry, country, timezone, language, branding, and contact details you provide).
Business and configuration data
Content you upload or configure to operate your agents: services, pricing, schedules, staff, knowledge‑base documents and FAQs, prompts, and channel connections.
End‑customer data (processed on your behalf)
When your customers interact with your agents, we process the data needed to deliver the service, which may include their name, phone number or messaging handle, message content, voice‑call audio and transcripts, appointment details, and lead information. We process this on your instructions as your processor.
Lead‑generation data (B2B prospecting on your behalf)
If you enable our lead‑generation agent (AIMA), we collect publicly available business contact information — such as business names, phone numbers, addresses, websites, and categories — from public sources and business directories (including Google Maps / Places) to build prospect lists for you, and may contact those businesses by phone (through our voice agent) or by email on your behalf. We do this only as your processor, and only after you — as the controller — attest in the dashboard that you have a lawful basis to contact them (for example, legitimate interest for business‑to‑business outreach) and that you will honor opt‑out and do‑not‑call requests. You can disable this at any time, and we do not knowingly collect special‑category personal data through this feature.
Payment information
Payments and credit top‑ups are processed by Stripe. We do not store full card numbers; we retain limited billing metadata (amounts, dates, customer/transaction identifiers).
Usage and technical data
Log data, device and browser information, IP address, and product‑usage events, plus cookies and similar technologies (see §11).
2. How we use information
- To provide, operate, secure, and improve the Services and your AI agents.
- To authenticate you and manage your account, team members, roles, and credit budgets.
- To process messages and generate agent responses, bookings, leads, content, and voice calls.
- To process payments, prevent fraud, and meter usage in credits.
- To provide support and send service‑related communications.
- To comply with law and enforce our Terms of Service.
We rely on the legal bases of performance of a contract, our legitimate interests in operating and securing the Services, your consent (where required), and compliance with legal obligations.
3. Meta platform data (WhatsApp, Instagram, Messenger)
When you connect a WhatsApp Business, Instagram, or Facebook Page account, we access and process messages and related metadata through the official Meta APIs solely to provide the messaging features you have configured — receiving inbound messages, generating and sending agent replies, and showing conversations in your dashboard. We do not sell this data, do not use it for advertising, and do not use it to build profiles unrelated to your service. Our use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies. You and your end‑customers can request deletion of this data as described in §8.
4. AI processing
To generate responses, summaries, transcripts, content, and voice, message and content data is processed by AI sub‑processors (for example, OpenAI for language models and ElevenLabs for voice). These providers process the data to return a result to us and act under their respective terms and data‑processing commitments. We do not permit your business or end‑customer data to be used to train third‑party foundation models where an opt‑out is available, and we configure providers accordingly.
Call recording. Voice calls handled by our agents are recorded and transcribed to operate the call, create summaries, and improve quality. Because some jurisdictions require notifying all parties to a call, our voice agents are configured to disclose that the call is recorded, and you are responsible for ensuring you have a lawful basis and for providing any additional notice your customers require.
5. How we share information & sub‑processors
We do not sell your personal information. We share information with service providers ("sub‑processors") that help us run the Services, under contracts that require them to protect it and use it only to provide their service to us:
- Meta Platforms — WhatsApp, Instagram, and Messenger messaging.
- OpenAI — language‑model processing for agent responses, content, and analysis.
- ElevenLabs — conversational voice (text‑to‑speech and voice agents).
- Twilio — telephone connectivity for voice calls.
- Stripe — payment processing and billing.
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and analytics.
- Hostinger / n8n — workflow automation infrastructure.
- Google — Analytics, and (if you connect it) Google Calendar/Workspace integrations.
- Daily.co — video meeting rooms, when used.
- Zep — conversation memory for agents.
We may also disclose information to comply with law, respond to lawful requests, protect our rights and the safety of others, or in connection with a merger, acquisition, or sale of assets (with notice where required).
If you are a business customer acting as a controller, our Data Processing Addendum (DPA) sets out how we process end‑customer personal data on your behalf, including our sub‑processors, security measures, breach notification, and international‑transfer safeguards. Contact us at info@bolivai.com to execute it.
6. Data retention
We keep personal data only as long as needed for the purposes described above. Typical retention periods:
- Account & configuration data — for the life of your account, and up to 90 days after closure.
- Conversations, transcripts & call recordings — up to 24 months, unless you delete them sooner.
- Leads & reservations — for the life of your account or until you delete them.
- Billing & invoice records — up to 7–10 years, to meet tax and accounting law.
- Server & security logs — up to 12 months.
When you delete data or close your account, we delete or de‑identify the associated personal data within 30 days, except where longer retention is required by law.
7. Your rights
Depending on where you live (for example under the EU/UK GDPR or the California CCPA/CPRA), you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the email below. If we process end‑customer data on behalf of a business, we will refer such requests to that business as the controller. You also have the right to lodge a complaint with your local data protection authority.
8. Data deletion
You can request deletion of your personal data — including data obtained through Meta (WhatsApp, Instagram, Messenger) — at any time:
- Account holders: delete specific records in your dashboard, or email us to delete your account and associated data.
- End‑customers of a business using BolivAI: contact the business you messaged, or email us at info@bolivai.com with the subject "Data Deletion Request" and the phone number or handle you used, and we will route and action the request.
Send deletion requests to info@bolivai.com. We will confirm and complete verified requests within 30 days, subject to legal retention requirements.
9. Security
We use industry‑standard safeguards including encryption in transit (TLS), encryption at rest for stored data, row‑level access controls that isolate each business's data, scoped API keys, and least‑privilege access. No method of transmission or storage is 100% secure, but we work to protect your information and to notify you of material breaches as required by law.
10. International transfers
BolivAI is operated from the United States and uses providers located in various countries. Where personal data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses where required.
11. Cookies & analytics
We use strictly necessary cookies (for authentication and locale/theme preferences), which are always active. Analytics cookies (Google Analytics) load only after you accept them in our cookie banner; Vercel Analytics is cookieless. You can change your choice at any time by clearing the cookie_consent cookie, and you can control cookies through your browser settings; disabling some cookies may affect functionality.
12. Children
The Services are intended for businesses and users aged 18 or older. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
13. Changes
We may update this Privacy Policy from time to time. We will post the updated version here with a new "Last updated" date and, for material changes, provide additional notice where appropriate.
14. Contact
BolivAI LLC · Wyoming, United States
Email: info@bolivai.com
See also our Terms of Service.