Privacy Policy

This Privacy Policy describes how KeplerAgents ("we", "our", or "us") collects, uses, and protects your information when you use our automated customer support service.

1. Information We Collect

Account Information

When you create a KeplerAgents account, we collect:

• Email address
• Business name
• Password (encrypted)
• Billing information (processed securely through Stripe)

Connected Channel Data

When you connect Instagram, WhatsApp, or Telegram to KeplerAgents, we access and store:

• Instagram Business Account username and ID
• Facebook Page ID (required for Instagram Business integration)
• WhatsApp Business phone number
• Telegram bot token
• OAuth access tokens (encrypted in our database)

Message Data

To provide automated responses, we process:

• Customer messages sent to your connected channels (Instagram DMs, WhatsApp messages, Telegram messages)
• Message sender information (username/phone number, not personally identifiable beyond what the platform provides)
• Message timestamps and conversation history
• Automated responses generated by your AI agent

Knowledge Base Content

We store the information you configure for your AI agent:

• Frequently asked questions and answers
• Business information (hours, pricing, services)
• Uploaded documents (if applicable)
• Agent personality and tone settings

2. How We Use Your Information

We use the collected information to:

• Provide the Service: Process incoming messages and generate automated responses based on your configured knowledge base
• Maintain Your Account: Authenticate you, manage your subscription, and provide customer support
• Improve the Service: Analyze usage patterns to enhance AI response quality and platform performance
• Communicate with You: Send service updates, billing notifications, and important account information
• Ensure Security: Detect and prevent fraud, abuse, or unauthorized access

3. Data Sharing and Third Parties

We Do NOT:

• Sell your data to third parties
• Share your customer conversations with anyone outside your organization
• Use your data to train AI models that benefit other customers
• Share personally identifiable information with advertisers

We DO Share Data With:

• AI Providers (OpenAI/Anthropic): Message text is sent to AI services to generate responses. These providers process data according to their own privacy policies.
• Meta/Facebook: We use Instagram's API to receive and send messages. Message data is transmitted through Meta's infrastructure.
• WhatsApp Business API: Messages are processed through WhatsApp's official business API.
• Telegram: Messages are sent/received via Telegram's Bot API.
• Stripe: Payment processing is handled securely by Stripe (we never store full credit card numbers).
• Hosting Provider: Data is stored on secure servers provided by our hosting infrastructure.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data in transit uses HTTPS/TLS encryption. OAuth tokens are encrypted at rest in our database.
• Access Control: Only authorized personnel have access to production systems. All access is logged.
• Webhook Verification: We verify all incoming webhooks from Instagram/WhatsApp/Telegram using HMAC signatures.
• Regular Backups: Database backups are performed daily and stored securely with AES-256 encryption.
• Monitoring: We monitor system health and security events 24/7.

5. Data Retention

• Active Accounts: We retain your data as long as your account is active and for 30 days after cancellation.
• Conversation History: Message logs are retained for 90 days by default (configurable in your account settings).
• Billing Records: Financial records are retained for 7 years as required by law.
• Deleted Accounts: Upon account deletion, we permanently remove your data within 30 days, except where legally required to retain it.

6. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Request deletion of your account and associated data
• Data Portability: Export your knowledge base and conversation history
• Opt-Out: Unsubscribe from marketing emails (service emails cannot be disabled)
• Withdraw Consent: Disconnect your Instagram/WhatsApp/Telegram channels at any time

To exercise these rights, contact us at info@kepleragents.com

7. Instagram/Facebook Data Usage

When you connect your Instagram Business Account to KeplerAgents:

• We access basic Instagram profile information (username, account ID) to display which account is connected
• We receive Instagram Direct Messages through Meta's webhook API to generate automated responses
• We use your Facebook Page ID to properly link your Instagram Business Account (technical requirement)
• We store OAuth access tokens securely to maintain the connection
• We do NOT access your Instagram posts, stories, followers, or other public content
• We do NOT post to your Instagram account or modify your profile
• You can revoke KeplerAgents' access anytime through your Facebook Business settings

8. Cookies and Tracking

We use essential cookies to:

• Maintain your login session
• Remember your preferences
• Analyze site usage (anonymized analytics)

We do NOT use tracking cookies for advertising purposes.

9. Children's Privacy

KeplerAgents is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

10. International Data Transfers

Your data may be processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

12. GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

• Right to be informed about data processing
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your data is your consent (when connecting channels) and contract performance (when using our service).

13. California Privacy Rights (CCPA)

California residents have specific rights under the CCPA:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to deletion of personal information
• Right to non-discrimination for exercising CCPA rights