Privacy Policy

Last updated: February 2026

1. Introduction

Direct Sale AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our AI-powered sales assistant platform and related services (the "Service").

2. Information We Collect

We collect only the minimum information necessary to provide our Service:

• Account information: Name, email address, and company name provided during registration
• Product catalog data: Product information you upload to train the AI assistant
• Connection credentials: Encrypted OAuth tokens for connected messaging platforms (stored using AES-256-GCM encryption)
• Usage analytics: Aggregated, non-personal usage statistics to improve the Service

3. Meta Platform Data (Instagram, WhatsApp & Facebook)

When you connect your Instagram Business, WhatsApp Business, or Facebook account to Direct Sale AI, we process the following data through the Meta Platform APIs:

• Instagram Direct Messages: Message content, sender information, timestamps
• WhatsApp Messages: Message content, sender information, timestamps
• Facebook Messenger: Message content, sender information, timestamps
• Business Account Information: Account ID, username, profile information (used solely for connection setup)

How We Process Meta Platform Data

• Messages are processed in real-time to generate an automated AI response on your behalf
• Message data is temporarily held in memory during processing and is not permanently stored
• Temporary logs may be retained for up to 24 hours solely for debugging and service reliability, then permanently deleted
• We do not use Meta Platform Data to train, improve, or fine-tune any AI or machine learning models
• We do not sell, license, sublicense, or otherwise transfer Meta Platform Data to any third party, including data brokers, advertising networks, or analytics services
• We do not use Meta Platform Data for profiling, surveillance, or eligibility determinations

Meta Platform Terms Compliance

Our use of Meta Platform Data complies with the Meta Platform Terms, Developer Policies, and Developer Data Use Policy. Our use of Meta Platform Data is strictly limited to providing the automated customer support services described in this policy.

4. How We Use Information

We use collected information exclusively to:

• Provide and operate the AI assistant Service on your behalf
• Process incoming messages and generate automated responses using your product catalog
• Maintain and monitor Service availability and performance
• Send you technical notices, security alerts, and support communications
• Respond to your support requests
• Transfer conversations to a human agent when requested by the customer or when the AI detects the need for human assistance
• Send you notifications (via email and/or Telegram) when a customer requests to speak with a human agent

We do not use any customer conversation data to train, improve, or develop AI models. The AI models we use are provided by third-party services (see Section 5) and we do not contribute user data to their training processes.

5. Third-Party AI Processing

To generate automated responses, message content is sent to third-party AI providers (such as Google Gemini) via their commercial APIs. These providers:

• Process data solely to generate a response and do not retain it beyond the API call
• Do not use data sent via their paid API services to train their models (as per their commercial API terms)
• Are bound by their own privacy policies and data processing agreements

No personally identifiable information is shared beyond what is contained in the message content necessary for response generation.

6. Data Sharing

We do not sell your data. We only share data in the following limited circumstances:

• AI Processing Providers: As described in Section 5, solely to generate automated responses
• Infrastructure Providers: Cloud hosting services that store encrypted data under strict data processing agreements
• Legal Requirements: When required by law, court order, or to protect our legal rights

7. Data Security

We implement industry-standard security measures:

• All data encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM)
• OAuth tokens and platform credentials stored with AES-256-GCM encryption
• Access controls and authentication for all systems
• Regular security monitoring

8. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account closure.
• Product catalog data: Retained while your account is active. Deleted upon account closure.
• Message/conversation data: Not permanently stored. Temporary debug logs retained for a maximum of 24 hours, then permanently deleted.
• Connection credentials: Encrypted tokens retained while the connection is active. Deleted when you disconnect a platform.

9. Your Rights & Data Deletion

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Export your data in a machine-readable format
• Disconnect: Disconnect your social media accounts at any time from your dashboard

How to Request Data Deletion:

1. Log in to your Direct Sale AI dashboard
2. Go to Settings → Privacy → Delete My Data
3. Or email us at: privacy@directsale.ai

We will process deletion requests within 30 days.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR:

• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on: (a) performance of a contract (providing the Service you signed up for), (b) your consent, or (c) legitimate business interests.

11. CCPA Compliance (California Users)

If you are a California resident, you have rights under the CCPA including:

• Right to know what personal information is collected
• Right to request deletion of personal information
• Right to non-discrimination for exercising your rights

We do not sell your personal information.

12. Third-Party Platform Policies

When you connect third-party platforms, their respective privacy policies also apply:

• Instagram Privacy Policy
• Facebook Privacy Policy
• WhatsApp Privacy Policy
• Telegram Privacy Policy

13. Cookies

We use only essential cookies required for the platform to function (authentication, session management). We do not use tracking or advertising cookies.

14. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights:

• Email: privacy@directsale.ai
• Data Protection Officer: dpo@directsale.ai