Privacy Policy
Last updated: 29 May 2025
1. Our Commitment to Privacy
ORACIA delivers an AI-powered workspace where real-estate professionals manage their WhatsApp Business conversations, CRM, and sales analytics in one place. We operate on the Meta WhatsApp Business Cloud API and comply with:
- Brazilian Federal Law 13.709/2018 (LGPD);
- WhatsApp Business Terms of Service, Business Messaging Policy, and Cloud API Supplemental Terms;
- Any other applicable privacy regulations.
2. How We Collect Personal Data
| Channel | Examples of data provided or generated |
|---|---|
| Directly from you | Name, e-mail, phone, company, CPF/CNPJ, account credentials (managed by Clerk), support tickets. |
| WhatsApp Cloud API Webhook | Full chat messages, attachments (images, audio, video, PDFs), message IDs, timestamps, delivery status. |
| Automatically | IP address, device/browser type, session cookies, access logs, error traces (via Cloudflare and internal logging). |
| Third parties | Payment information (Stripe or Mercado Pago), CRM imports, Meta-provided conversation metadata. |
3. Features & Data Use
| Module | Purpose | Data processed |
|---|---|---|
| AI Negotiation Intelligence | Contextual reply suggestions (text, voice, image, video, file). | Message content & metadata |
| Predictive Deal-Success Meter | Real-time close-rate score. | Conversation analytics |
| Emotion-Aware Radar | Sentiment heat-map + coaching tips. | Text, emoji, tone cues |
| Symbiosis Autopilot™ | Automated initiation/continuation of chats when user is unavailable; escalates questions to human. | Same as above + user availability status |
| Self-Building Smart CRM | Auto-creates/updates lead records, stages, tasks, revenue forecast. | Contact info, deal value |
| Personalized Sales Panel | 360° client view + AI tasks outside WhatsApp (e-mail, calendar). | CRM fields, calendar metadata |
| Dashboard & Revenue Analytics | Pipeline KPIs, conversion charts, forecasting. | Aggregated statistics |
| Integrated WhatsApp UI | Users log in on app.oracia.ai and access an embedded WhatsApp Business interface augmented by AI widgets; no browser extension is required. | Same Webhook data, displayed inside our app |
| Admin / Team Controls | Role-based access, seat management, quotas. | Account metadata |
4. For What Purposes Do We Use Personal Data
| Purpose | Legal basis (LGPD) |
|---|---|
| Provide core services, generate AI replies, run Autopilot, maintain CRM | Contract performance |
| Display analytics, predict close probability, and improve models | Legitimate interest |
| Process payments, issue invoices | Legal obligation & contract |
| Send service notifications; send marketing only with opt-in and clear STOP opt-out | Consent / legitimate interest |
| Fraud-prevention, security logs, abuse detection | Legitimate interest / legal obligation |
| Fulfil court orders or regulatory requests | Legal obligation |
5. Sharing & International Transfers
We share data only with:
- Meta Platforms, Inc. – to deliver and receive WhatsApp messages via Cloud API.
- Large Language Model Inference Providers. – to run our agentic orchestrated system outputs for both suggestions and Symbiosis Autopilot
- Cloud service providers – AWS & Google Cloud (São Paulo-BR, N. Virginia-US) for hosting and databases; Cloudflare for edge security and CDN.
- Clerk – user authentication platform.
- Payment processors – Stripe or Mercadopago
- Regulators or courts when legally required.
Cross-border transfers rely on Standard Contractual Clauses (SCCs) or other adequacy safeguards recognized by the Brazilian Data Protection Authority (ANPD).
6. Cookies & Similar Technologies
We use first-party cookies for:
- Authentication and session management;
- Remembering preferences;
- Measuring aggregate performance.
You can disable cookies in your browser; essential features may stop working.
7. Information Security
- TLS 1.2+ encryption in transit, AES-256 at rest.
- Role-based access controls and least-privilege keys.
- Continuous monitoring, WAF via Cloudflare, quarterly penetration tests.
- Encrypted daily backups retained 30 days.
8. Data Retention
| Data set | Default retention |
|---|---|
| WhatsApp messages & media | 12 months after last interaction, then deleted or anonymised (shorter on customer request). |
| CRM & analytics records | As long as the customer account is active + 6 months. |
| Billing records | 5 years (tax obligation). |
| Server logs | 6 months (Marco Civil da Internet). |
Users can request earlier deletion or extended retention if legally justified.
9. Your Rights
Under LGPD you may:
- Confirm processing, access, correct, delete, or anonymize data;
- Withdraw marketing consent ("STOP" keyword in WhatsApp or e-mail);
- Request portability;
- Object to processing;
- Lodge a complaint with the ANPD.
Contact our Data Protection Officer (DPO): privacy@oracia.ai – we answer within 15 days.
10. Special Notes
- No Ads / Retargeting: ORACIA never sells contact lists, shares WhatsApp data for third-party advertising, or builds look-alike audiences.
- Adults Only: Our services target individuals 18 years or older. If we learn we processed childrens data, we will delete it promptly.
- Automated Decisions: Autopilot actions can be reviewed, overridden, or disabled by the user at any time. Decisions with legal or contractual impact require human confirmation.
11. Changes to This Policy
We may update this Policy to reflect legal, technical, or business changes. A revised version will be posted with a new "Last updated" date. Continued use after publication means you agree to the changes.
12. Company Information
E-VNTS TECNOLOGIA LTDA. CNPJ 56.606.477/0001-70 –Rua Santa Catarina, 398, Centro, Poços de Caldas - MG, 37.701-015, Brazil.
By using ORACIA you acknowledge you have read and understood this Privacy Policy and agree to the processing of your personal data as described above.