Privacy Policy
Last updated: June 2, 2026
3-102-943883 Sociedad de Responsabilidad Limitada(“Tourfy”, “we”, “us”) provides a multi-tenant platform that lets tourism agencies operate WhatsApp bots, manage conversations and measure results. This policy explains what data we collect, how we use it, and the rights you have. It applies to our website, dashboard and APIs.
1. Who is responsible
For account and billing data, 3-102-943883 Sociedad de Responsabilidad Limitadais the data controller. For end-customer conversations that flow through an agency’s WhatsApp number, the agency is the controller and Tourfy acts as a processor on its behalf.
2. Data we collect
- Account data: name, email, organization, role.
- Business content: tours, prices, FAQs and bot configuration you provide or import (from your website or price lists).
- WhatsApp data: when you connect a WhatsApp Business number, we process messages, phone numbers, WhatsApp profile names and message metadata of the people who contact that number, in order to deliver the conversation and bot features.
- Usage data: logs, device/browser information and metrics needed to run and secure the service.
- Billing data: subscription status (payment details are handled by our payment processor).
3. How we use data
- To provide the bot, live chat, dashboard and metrics.
- To send and receive WhatsApp messages through the Meta WhatsApp Cloud API.
- To generate your bot’s knowledge from the content you import.
- To secure, maintain, debug and improve the service.
- To comply with legal obligations.
4. Service providers
We share data only with providers that help us run the service:
- Meta Platforms — WhatsApp Business / Cloud API messaging.
- Supabase — database, authentication and storage.
- OpenAI — extracting tours/FAQs from the content you import.
- Vercel — application hosting.
- Stripe — subscription billing.
We do not sell your personal data.
5. Data retention
We keep data while your account is active and as needed to provide the service. When you or your agency delete content, or close the account, we delete or anonymize the associated data within a reasonable period, unless we must retain it to meet legal obligations.
6. Your rights & data deletion
You can access, correct or delete your data. To request deletion of your data, follow the instructions on our Data Deletion page, or contact us at naia@naiaautomate.com.
7. Security
We apply technical and organizational measures (encrypted transport, row-level access controls and least-privilege credentials) to protect your data. No method of transmission or storage is 100% secure.
8. Changes
We may update this policy. We will post the new version here and update the date above.
9. Contact
Questions about this policy: naia@naiaautomate.com.