Privacy Policy

1. Introduction

Workweaver ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered automation services, including voice calls, messaging, and workflow automation.

2. Data We Collect

2.1. Information You Provide

We collect the following information when you register and use our services:

• Account Information: Name, email address, phone number, company name
• Business Information: CRM data, customer lists, product/service details, pricing information
• Payment Information: Payment method details processed securely through third-party payment processors
• Configuration Data: Transfer numbers, business hours, AI voice preferences, routing rules
• Documents: UAE business documents (Emirates ID, Trade License) for regulatory compliance

2.2. Automatically Collected Information

We automatically collect certain information when you interact with our services:

• Usage Data: Call logs, message logs, interaction timestamps, feature usage
• Device Information: IP address, browser type, device type, operating system
• Call Metadata: Call duration, caller ID, call outcome, routing decisions
• Performance Data: Response times, error rates, service availability metrics

2.3. Third-Party Data

We may receive data from third-party services you connect, such as:

• CRM systems (customer contact information, interaction history)
• Twilio (call recordings, message logs)
• WhatsApp (message metadata, conversation logs)

3. How We Use Your Data

We use your information for the following purposes:

4. Call Recording and Transcription

Recording and transcription details:

• Audio recordings are stored securely in encrypted form
• Transcripts are generated using AI speech-to-text
• Both recordings and transcripts are linked to consent records
• Recordings are retained according to your retention settings
• You can access, download, or delete recordings at any time
• Callers can request deletion of their recordings

5. Data Storage and Security

5.1. Data Storage

We store your data securely using:

• AWS S3: Primary storage for recordings, documents, and files
• AWS DynamoDB: Structured data storage for transactions and records
• AWS ElastiCache: Caching for performance optimization
• Encryption: All data encrypted at rest and in transit
• Region: Primary storage in me-central-1 (UAE) with backup in eu-central-1

5.2. Security Measures

We implement industry-standard security practices:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication for administrative access
• Regular security audits and penetration testing
• Strict access controls and principle of least privilege
• Incident response procedures for data breaches

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data only in the following circumstances:

• Service Providers: Third-party services necessary for service delivery (AWS, Twilio, payment processors)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Your Consent: When you explicitly authorize sharing

All third-party data processors are bound by strict confidentiality agreements and data protection obligations.

7. Your Privacy Rights

Under GDPR and applicable laws, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Receive your data in a structured format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain data processing activities
• Right to Withdraw Consent: Revoke consent at any time
• Right to Complain: File a complaint with supervisory authorities

To exercise these rights, contact us at privacy@bitfoundry.ai.

8. Data Retention

We retain your data for different periods depending on its purpose:

• Account Data: Retained while your account is active, then deleted upon request
• Call Recordings: Retained according to your settings (default: 90 days)
• Call Logs: Retained for 12 months for analytics and troubleshooting
• Transcripts: Retained for 12 months when enabled
• Financial Records: Retained for 7 years as required by UAE tax law
• Consent Records: Retained indefinitely for audit purposes

You can request deletion of your data at any time, subject to legal and regulatory requirements.

9. International Data Transfers

Your data may be transferred and processed outside your country of residence:

• Primary storage is in UAE (me-central-1 region)
• Backup storage is in Germany (eu-central-1 region)
• Third-party services may process data in other jurisdictions
• Appropriate safeguards are in place for international transfers

We ensure all international transfers comply with GDPR, UAE law, and other applicable regulations.

10. Children's Privacy

Workweaver services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will promptly delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. We will notify you of significant changes by:

• Email notification (if you provided an email address)
• Posting updated policy on our website
• In-app notifications

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Privacy Email: privacy@bitfoundry.ai
• Support Email: contact@bitfoundry.ai
• Phone (UAE): +971 58 216 5031
• Website: www.bitfoundry.ai

We will respond to your privacy inquiries within 30 days of receipt.