Privacy Policy

RZX Evolution Dev Srl (RO) [registered office available on request] acts as the data controller and data processor for the InfoPilot.ai platform. Reload People Ltd. (UK) [registered office available on request] distributes the service. For any privacy-related enquiries, contact our team at [email protected].

We collect personal data in the following categories: (a) Account data — name, email address, company name, billing information and account credentials provided during registration; (b) Usage data — logs, feature interactions, session identifiers and diagnostic information generated by your use of the platform; (c) Customer support data — messages, tickets and files you submit through the platform’s inbox, chatbot and connected channels (WhatsApp, Messenger, Instagram, Telegram and others); (d) End-user data — data about your customers that flows through the InfoPilot.ai platform when you operate it as a data controller. We collect only what is necessary for the stated purposes.

We process personal data on the following legal bases under the GDPR: (a) Performance of a contract — to provide, maintain and improve the InfoPilot.ai service you have subscribed to; (b) Legitimate interests — to ensure the security and integrity of the platform, prevent fraud and improve our service; (c) Legal obligation — to comply with applicable laws and regulations; (d) Consent — where required, for example for optional marketing communications or certain cookies (see our Cookie Policy).

Each InfoPilot.ai customer account is hosted in a dedicated, isolated database. This means your data — and your customers’ data — is never commingled with data belonging to other tenants on the platform. This architectural choice is a core security and privacy measure that ensures strong logical separation between customer environments.

We do not sell personal data. We may share data with carefully selected third-party processors strictly to deliver the service, including: (a) messaging and channel providers such as Meta (WhatsApp, Messenger, Instagram), Telegram and similar platforms, to which you connect your account; (b) email and SMTP service providers used to send notifications and transactional messages; (c) AI model providers (e.g. OpenAI) used to power the intelligent features of the chatbot, strictly on a data-processing basis. All sub-processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures.

All data processed by InfoPilot.ai is stored on servers located within the European Union. Where data is shared with third-party processors outside the EU (for example, AI model providers), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure an equivalent level of protection.

Under the GDPR, you have the following rights with respect to your personal data: (a) Right of access — to obtain a copy of the personal data we hold about you; (b) Right to rectification — to have inaccurate or incomplete data corrected; (c) Right to erasure — to request deletion of your data where it is no longer necessary for the purposes for which it was collected; (d) Right to data portability — to receive your data in a structured, machine-readable format; (e) Right to restriction — to limit the processing of your data in certain circumstances; (f) Right to object — to object to processing based on legitimate interests. To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.

We apply appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include data encryption in transit (TLS) and at rest, access controls, regular security assessments and dedicated database isolation per account. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and inform affected individuals without undue delay.

We retain personal data only for as long as necessary for the purposes set out in this Policy or as required by applicable law. Account data is retained for the duration of your subscription and for a reasonable period thereafter to meet legal obligations. Upon termination of your account, you may request deletion of your data; we will process such requests in accordance with the timelines and obligations set out in our Data Processing Agreement.

For privacy-related questions or to exercise your rights, contact us at [email protected]. If you believe we have not handled your data in compliance with the GDPR, you have the right to lodge a complaint with your national data protection supervisory authority. This document is provided in good faith; please consult the latest version at https://infopilot.ai/legal/privacy/.