Privacy Policy

Your privacy is key to us

Customerly Limited ("Customerly," "we," "us," or "our") respects your privacy and is committed to processing personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other relevant privacy regulations. This Privacy Policy outlines the types of information we collect, how we use it, your rights regarding that information, and our legal obligations. By using our services, including integrations such as Facebook Messenger and WhatsApp, you acknowledge and accept the practices described in this Policy.

‍

1. Roles and Responsibilities under Data Protection Laws

Customerly acts in different capacities depending on the context of the data processing:

• Data Controller: We act as a data controller when we collect and process personal data of our customers and their users for purposes such as account management, billing, analytics, and marketing.
• Data Processor: When our customers use Customerly to collect, process, and manage their end-user data (e.g., via live chat, surveys, workflows), we act as a data processor, strictly processing such data on the customer's behalf in accordance with their instructions and the terms of our Data Processing Agreement (DPA).

We maintain clear distinctions between these roles to ensure compliance with GDPR and applicable data protection laws.

2. Personal Data We Collect

Customerly collects the following types of personal data:

For Customer Accounts:

• Account Identification Data: Name, email address, job title, IP address, and company name.
• Billing and Financial Data: Subscription and invoicing details, partial credit card data handled securely via Stripe.
• Communication Data: Support tickets, live chat interactions, feedback, and customer service inquiries.
• Usage and Technical Data: Log files, browser type, device identifiers, access timestamps, and activity logs from the platform.
• Mobile Content Data: Media files and other assets uploaded via mobile apps in the context of customer support.

For End-Users (Processed on Behalf of Customers):

• Identifiers: IP address, email address.
• Session and Device Metadata: Browser type, screen resolution, OS, time zone, and session duration.
• Message Content: Chat transcripts where Customerly is used as a messaging interface.

These data are collected through SDKs, JavaScript widgets, and APIs integrated by our customers into their websites or applications. Customerly processes this data solely in accordance with customer instructions and applicable data protection agreements.

3. Legal Basis and Purposes for Processing Personal Data

Customerly processes personal data only when there is a valid legal basis to do so:

For Customer Data (as Controller):

• Contractual Necessity: To deliver and maintain our services under the terms agreed with our customers.
• Legitimate Interests: To perform service analytics, prevent fraud, monitor platform performance, and improve user experience. Our legitimate interests do not override users’ fundamental rights and freedoms.
• Consent: For sending newsletters or tracking in-app usage for analytics where consent is explicitly obtained.

For Customer End-User Data (as Processor):

• Contractual Necessity: To provide our services in accordance with the customer’s instructions and the terms of service between the customer and their end-users.

Customerly does not use customer or end-user data for training AI models unless explicitly authorized in writing by the data controller (the Customer).

4. AI Features and Data Handling

Customerly integrates AI capabilities to support automated customer service workflows. We provide:

• Automated Responses: AI-generated chat replies, guided by customer-provided documentation, canned responses, and workflows.
• Human Supervision: All AI-generated outputs are subject to customer oversight.
• Privacy Assurance: Customerly does not use chat transcripts, support messages, or any user-submitted conversation content for training any proprietary or third-party machine learning models.

These features are executed within a controlled environment hosted in the EU and governed by strict access policies.

5. Data Hosting and International Transfers

All data collected and processed by Customerly is hosted within the European Union, specifically in Amazon Web Services (AWS) data centers located in Ireland. We do not transfer data outside the European Economic Area (EEA).

Our subprocessors are contractually bound to comply with GDPR standards, including implementing appropriate safeguards and signing Standard Contractual Clauses (SCCs) where applicable.

6. Subprocessors and Third-Party Services

Customerly utilizes trusted third-party providers for infrastructure, AI, and content delivery:

• Amazon Web Services (Ireland) – Hosting and storage
• Google Cloud (EU) – Business intelligence and analytics (anonymized)
• Microsoft Azure (EU) – AI computation
• OpenAI (EU, via Azure) – Document-based AI inference
• Pinecone (EU) – AI vector database for similarity searches
• Cloudflare (Ireland) – CDN, DDoS protection, and security services

These providers are under strict contractual obligations to handle data in compliance with EU data protection laws.

7. Data Retention

We retain personal data as long as necessary for the purposes described in this Policy or as required by law. Specifically:

• Customer Account and Usage Data: Retained until the customer deletes their account.
• Chat Logs and End-User Data: Retained indefinitely unless deleted by the customer.
• IP Logs: Stored indefinitely to meet legal requirements and ensure platform security.
• Payment Records: Maintained per applicable tax and financial regulations.

Users and customers may initiate deletion at any time via the platform or by contacting support.

8. Rights of Data Subjects (GDPR)

Data subjects have the following rights:

• Right of Access – Obtain confirmation and access to personal data held.
• Right of Rectification – Request corrections to inaccurate data.
• Right to Erasure – Request deletion (“right to be forgotten”).
• Right to Restrict Processing – Request limitations on data use.
• Right to Data Portability – Request data in a portable format.
• Right to Object – Object to certain data uses, such as marketing.

Users may manage their data directly through their account dashboard or contact us at legal@customerly.io. We respond to verified requests within 30 days.

9. Security Measures

Customerly implements technical and organizational security measures appropriate to the risk:

• TLS Encryption for all data in transit
• Access Control with role-based restrictions
• Periodic Penetration Testing by external security professionals
• Anonymization and Encryption of sensitive information

We follow data minimization principles and limit access to personal data to authorized personnel only. Though we do not yet hold ISO 27001 or SOC 2 certification, our practices reflect industry best standards.

10. Children's Privacy

Customerly’s services are not intended for individuals under the age of 16. We do not knowingly collect or process personal information from children. If we discover that we have unintentionally collected such data, we will promptly delete it. If you are a parent or guardian and believe we may have collected personal data about your child, please contact us.

11. Mobile Application Data

When using Customerly's mobile apps, users may submit content such as images, files, and audio for communication purposes. This data is:

• Collected only with user consent
• Used solely to fulfill the support functions of our services
• Protected under our standard data protection protocols
• Never repurposed for marketing or shared with third parties

12. Changes to This Policy

Customerly reserves the right to modify this Privacy Policy. Any changes will be published on our website with a revised "Effective Date." In cases of material change, we will notify customers via email or in-app message. Continued use of our services after such changes constitutes acceptance of the revised policy.

13. GDPR

Customerly strictly implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection. You can find our full GDPR-oriented privacy policy. Our users can sign our Data Processing Agreement with us and send it to legal@customerly.io.
Here you can find our subprocessors list.