Privacy Policy

This Privacy Policy describes how Kharyo AI ("we", "our", or "Technology Provider") collects, uses, and protects information in connection with our automation and artificial intelligence services, including integration with the WhatsApp Business API.

1. WhatsApp Technology Provider

Kharyo AI operates as a Business Solution Provider (BSP) or Tech Provider that facilitates access to the WhatsApp Cloud API by Meta Platforms, Inc. ("Meta").

• By using our services, you acknowledge that messages are processed through Meta's infrastructure.
• Commerce Policy: The use of our agents is subject to the WhatsApp Commerce Policy.
• Encryption: Kharyo AI does not have access to end-to-end encrypted (E2E) messages outside the active bot session. We do not store chat history beyond what is necessary for conversational context (Short-Term Memory).

2. Data Collection

We collect the following information necessary for service delivery:

• Account Data: Name, email, billing, and access credentials. (Controller: Kharyo AI)
• Operation Data: Message logs, phone numbers, profile names, and multimedia content transmitted through the API. (Processor: Kharyo AI, Controller: Client)
• AI Metadata: Conversation histories and generated contexts used to maintain the "memory" of virtual assistants.
• Señales antifraude de pagos: Cuando pagas con Stripe, Stripe y Kharyo pueden recopilar dirección de facturación, teléfono, IP, identificadores de dispositivo/navegador y señales de riesgo para autenticar pagos, prevenir fraude y mitigar chargebacks.

3. Collection via Android Listener

For reconciliation services, Kharyo AI collects financial data through the Android Listener application installed on the user's device.

Technical Liability Limitation: We are not responsible for data collection failures caused by factors external to the software, including but not limited to:

• (a) Battery failure or mobile device shutdown.
• (b) Loss of internet connection or unstable signal.
• (c) Android OS restrictions (battery-saving modes) that stop the background process.

4. Artificial Intelligence and Computer Vision

We use third-party language models (LLMs) and Computer Vision to process text and images.

Image Processing (Vision AI): Uploaded images (payment receipts) are processed exclusively for metadata extraction (amount, reference, date). These images are stored encrypted for user audit purposes and deleted/anonymized after the configured retention period. We do not use these receipts to train public models.

5. Security and Retention

We implement enterprise-grade security measures:

• Encryption: All data in transit is encrypted via TLS 1.3. Data at rest (knowledge bases) is encrypted (AES-256).
• Isolation: Each tenant's (client's) information is logically separated.
• Retention: We retain conversation logs for the duration configured in your plan (default 30 days) for audit and debugging purposes, after which they may be deleted or anonymized.

6. Sharing Information with Sub-processors

To provide the service, we share strictly necessary data with the following sub-processors:

• Meta Platforms, Inc: WhatsApp API provider.
• AI Providers (LLMs): OpenAI, Anthropic, Google (Gemini), Vapi.
• Infrastructure: AWS and Vercel (Serverless hosting).

Note: Data sent to these providers through our Enterprise/Paid integrations is ephemeral and is not used to train their base models.

7. Your Rights (ARCO)

As the data subject or Data Controller, you have the right to Access, Rectify, Cancel, or Object to the processing of your data. You may request a full export of your data or the permanent deletion of your instance by contacting [email protected].

8. Non-Banking Data Notice

9. Use of Google Data

Kharyo's use of information received from Google APIs will adhere to the Google API Services User Data Policy.

10. Contact

For legal or privacy inquiries:

• Email: [email protected]
• Address: DML Studio LLC, Houston, TX, United States