Privacy Policy

Last updated: April 13, 2026

1. Data Controller

Identity: Pymebot
Address: Spain
Email: hello@pymebot.com
Applicable law: Regulation (EU) 2016/679 (GDPR).

2. Data We Collect

We collect the following data to provide our services:

  • Account data: name, email, password (encrypted).
  • Business data: business name, connected WhatsApp Business number.
  • Conversation data: messages from your customers managed through the bot, interaction metadata (date, time, status).
  • Billing data: billing address, tax information if applicable.
  • Technical data: IP address, browser type, access logs.

3. Purpose of Processing

  • Provision of chatbot and WhatsApp automation service.
  • Account management and authentication.
  • Billing and payment processing.
  • Technical support and customer service.
  • Service improvement and usage analysis (anonymized data).
  • Sending service-related communications (you can unsubscribe at any time).

4. Legal Basis

Your data is processed based on:

  • Contract performance: data necessary to provide the service.
  • Consent: when you register and accept this policy; commercial communications.
  • Legitimate interest: service improvement and security.
  • Legal obligation: billing and regulatory compliance.

5. Data Recipients

We only share data with providers necessary to provide the service:

  • Stripe: payment processing (cards, subscriptions). Data: email, name, billing address.
  • OpenAI: natural language processing for the bot. Messages are temporarily sent to generate responses. Not used to train models.
  • Meta (WhatsApp Cloud API): messaging infrastructure. WhatsApp messages are processed according to Meta's privacy policy.
  • Infrastructure providers: hosting and databases (EU/EEA).

6. International Transfers

All data is stored and processed within the European Union/European Economic Area. If any provider processes data outside the EEA, appropriate safeguards will be in place (EU Adequacy Decisions, Standard Contractual Clauses).

7. User Rights

You can exercise the following rights at any time by sending an email to hello@pymebot.com:

  • Access: know what data we have about you.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion of your data.
  • Portability: receive your data in a structured format.
  • Objection: object to processing in certain circumstances.
  • Restriction: temporarily restrict processing.
  • Withdrawal of consent: withdraw consent given at any time.

You can also delete your account and all your data from the settings panel.

8. Data Retention

  • Account data: while the account is active and up to 30 days after cancellation (for possible reactivation). After that period, it's deleted.
  • Conversations: kept while the account is active. You can delete them manually at any time.
  • Billing data: 5 years for legal compliance.
  • Technical logs: 90 days.

9. Security

We implement technical and organizational measures to protect your data: encryption in transit (TLS), encryption at rest, access control, periodic audits. No system is infallible; in case of a security breach, we will notify you as required by law.

10. Complaints

If you believe your data has not been processed correctly, you can file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

11. Contact

For any questions about this policy, email us at hello@pymebot.com.