Legal

Privacy Policy

How RGY Digital collects, uses, and protects your data across our AI agent platform, CRM, and Meta-channel integrations.

Last updated: May 2026

01Introduction

RGY Digital ("we," "us," or "our") operates a multi-tenant AI agent platform that provides chatbots, CRM, and omnichannel messaging for businesses. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services, including our integrations with Facebook Messenger, Instagram, and the WhatsApp Business API.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

02Information we collect

Information you provide directly

  • Account information: name, email, phone number, company name, business details.
  • Payment information: card details and billing address, processed through PCI-compliant third-party processors.
  • Business content: agent configurations, conversation flows, knowledge base documents, and training materials.
  • Customer data: information your end-users provide when chatting with your agents.

Information collected automatically

  • Usage data: pages visited, features used, time spent, interaction patterns.
  • Device information: IP address, browser type, operating system, device identifiers.
  • Log data: access times, error logs, performance metrics.
  • Cookies and tracking: session cookies, preference cookies, analytics cookies.

Meta platform integration

When you connect a Facebook Page, Instagram account, or WhatsApp Business number, we collect:

  • Page or account information (name, ID, profile picture)
  • Messages sent and received through the platform
  • Profile information of end-users who interact with your agent (name, profile ID, language preference)
  • Engagement metrics such as message counts and response times

We only access data you explicitly authorize through Meta's permission system. End-user interactions are also subject to Meta's own privacy policies.

AI and machine learning data

  • Conversation data: messages exchanged with agents, used to improve quality.
  • Vector embeddings: mathematical representations of text stored in your knowledge base.
  • Model interactions: queries sent to AI providers (OpenAI, Anthropic) for processing.

03How we use your information

Service provision

  • Operate and maintain the agent platform
  • Process messages and generate AI responses
  • Manage your account and provide customer support
  • Process payments and maintain billing records

Service improvement

  • Analyze usage patterns to improve features and user experience
  • Train and improve internal models using aggregated, anonymized data only
  • Develop new features and capabilities

Communication

  • Send service updates, technical notices, and security alerts
  • Respond to customer support inquiries
  • Send marketing communications, with your consent and a clear opt-out

Legal and security

  • Comply with legal obligations and respond to lawful requests
  • Protect against fraud, abuse, and security threats
  • Enforce our Terms and Conditions

Our commitment

We never sell, rent, or trade your personal information to third parties for their commercial purposes. Your data is used solely to provide and improve our services.

04Data sharing and disclosure

Service providers

We work with third-party companies that power core parts of our platform:

  • Cloud hosting: Amazon Web Services for infrastructure.
  • AI providers: OpenAI and Anthropic for language processing.
  • Vector database: Qdrant for knowledge base storage and retrieval.
  • Payment processing: Stripe and PayPal for secure payment handling.
  • Analytics: Google Analytics and Microsoft Clarity for usage statistics.

These providers access only the data necessary for their specific function and are contractually obligated to protect your information.

Meta platforms

When you use our Facebook, Instagram, or WhatsApp integration, message content, user identifiers, and interaction metadata are shared with Meta to enable the integration. Meta's handling of this data is governed by Meta's own privacy policy.

Legal requirements

We may disclose your information if required to comply with legal obligations, court orders, or government requests; to enforce our Terms; to protect the rights, property, or safety of our company, users, or the public; or to investigate fraud or security issues.

Business transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email or prominent notice before your information becomes subject to a different privacy policy.

05Data retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active accounts: data retained while your account is active.
  • Closed accounts: data retained for up to 90 days, then deleted.
  • Conversation logs: retained for up to 12 months for service improvement.
  • Financial records: retained for 7 years for tax and accounting purposes.
  • Legal holds: data retained as required for legal, regulatory, or audit purposes.

06Your rights and choices

Access and portability

You can request a copy of the personal information we hold about you in a portable format, and ask for information about how we process your data.

Correction and update

You can update account information through your settings, request corrections, and modify your agent configurations and knowledge base directly in the platform.

Deletion

Meta-connected accounts

If you connected your account through a Meta platform, you can request data deletion through:

  • Your Facebook settings: Settings → Apps and Websites → [Our App] → Remove
  • Our data deletion portal: request data deletion.
  • Email us at the address in section 13 below.

We process deletion requests within 30 days and send confirmation when complete.

Opt-out and communication preferences

  • Marketing emails: unsubscribe via the link in any email or through account settings.
  • Cookies: manage via browser settings (may affect functionality).
  • Analytics: opt out of Google Analytics with the official browser add-on.

07Regional privacy rights

European Union (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR:

  • Legal basis: we process data based on consent, contractual necessity, legal obligations, or legitimate interests.
  • Data controller: RGY Digital is the data controller for your personal information.
  • International transfers: we use Standard Contractual Clauses (SCCs) for transfers outside the EEA.
  • Right to lodge a complaint: you can file a complaint with your local data protection authority.

California (CCPA / CPRA)

California residents have the right to know what we collect, to delete personal information, to correct inaccurate information, to opt out of "sale" or "sharing," and to non-discrimination for exercising these rights.

We do not sell your personal information as defined by CCPA. Our use of analytics cookies may constitute "sharing" — contact us to opt out.

Other U.S. states

If you reside in Virginia, Colorado, Connecticut, or Utah, you have similar privacy rights under your state's data protection laws. Contact us to exercise them.

08Data security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS) and at rest (AES-256)
  • Secure API authentication and authorization
  • Access controls based on the principle of least privilege
  • Automated backups and disaster recovery
  • Employee training on data privacy and security
  • Documented incident response and breach notification procedures

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

09International data transfers

Your information may be transferred to and processed in countries other than where you reside. When we transfer data internationally we use Standard Contractual Clauses, adequacy decisions, or other safeguards approved under applicable law.

10Children's privacy

Our services are not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it promptly.

11Cookies and tracking

We use cookies and similar tracking technologies to enhance your experience:

  • Essential: required for session management and security.
  • Performance: anonymous usage statistics.
  • Functional: remember your preferences.
  • Analytics: help us understand user behavior.

You can control cookies through your browser. Disabling essential cookies may limit functionality. We currently do not respond to Do Not Track signals because no industry standard exists.

12Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date, notify you via email if you have an account, and display a prominent notice on our website. Continued use of our services after changes indicates acceptance.

13Contact us

If you have questions, concerns, or data subject requests, please get in touch. We respond to privacy requests within 30 days (45 days for California residents).

Privacy team

Email us with the subject "Privacy Rights Request" and we'll take it from there.

Contact privacy team Check deletion status

Want to see this in action?

30-minute demo. We'll show you exactly how it works with your business.

Book a Demo