Logo

Privacy and Data Policy

Citricode

1. General Principles

  • The Provider processes personal and operational data of end users, including names, emails, phone numbers, and WhatsApp/SMS messages, with the purpose of ensuring correct workflow operation and improving customer experience.
  • Some data, such as chats or message history, is stored ephemerally in temporary buffers for system functionality and user experience.
  • Other data, such as execution logs and usage metrics, is retained for product analysis and improvement purposes, without containing identifiable user information.

2. Data Retention

  • Personal data and operational content are completely deleted upon service termination.
  • Statistical data or aggregated metrics (number of executions, feature usage) may be retained indefinitely for internal analysis.
  • Ephemeral data buffers are automatically deleted upon completing their usage cycle.
  • During the contract term, some data such as chat is temporarily stored for proper workflow operation.

3. Security Measures

  • All data is encrypted in transit (TLS/HTTPS) and at rest.
  • Access restricted to authorized development team.
  • Use of internal logs to record relevant access and changes.
  • No periodic backups are performed; in case of technical issues, data can be requested again.

4. Service Cancellation and Data Deletion

  • Upon contract termination, all personal and operational data is securely deleted.
  • Only statistical or aggregated data that does not allow identification of individual users is retained.
  • Deletion is performed following best practices for data handling and internal traceability.

5. Purpose of Processing

  • Ensure correct operation of AI Agents and workflows.
  • Improve user experience and product effectiveness.
  • Analyze usage and performance metrics for internal optimization.
  • Some data is stored ephemerally to enhance customer experience and workflow operation.

6. Policy Modification

  • The Provider may update this policy in the future.
  • Any modification will be formally notified to the Client to ensure knowledge and acceptance.

This policy is integrated with the Framework Contract and the Credentials Management Policy, forming the base documentation for privacy and compliance in service delivery.