Privacy Policy

This privacy policy explains how DialogHub (“we”, “us”) processes personal data when you use our website, the DialogHub console, or any DialogHub-powered widget embedded on third-party websites.

1. Data We Process

• Website and console data: technical access data such as IP address, browser/device information, timestamps, and pages visited.
• Widget data: when a DialogHub widget is embedded on a third-party website, we process messages, contact details submitted through the widget, and technical metadata (browser, referrer URL, timestamps).
• Setup data: information you provide during onboarding, such as contact details, website URL, and configuration settings.
• Communication data: messages exchanged with AI assistants via the console, widget, or connected channels (e.g., Telegram, Instagram).
• Instagram channel data: when you connect your Instagram Business account via Facebook Login, we process your Instagram username, page identity, direct messages received through your business account, and comments on your posts. We store an encrypted access token to send replies on your behalf. This data is used solely to operate the Instagram messaging channel you activated.
• Subscription data (Stripe): when Stripe is used for billing, customer data, subscription status, and payment information are processed by Stripe, Inc.

2. Purposes and Legal Basis

• Providing the Service — Art. 6(1)(b) GDPR (contract performance)
• Technical operation and security — Art. 6(1)(f) GDPR (legitimate interest)
• AI-powered lead qualification and scoring — Art. 6(1)(f) GDPR (legitimate interest)
• Billing and subscription management — Art. 6(1)(b) GDPR
• Legal obligations (e.g., tax record retention) — Art. 6(1)(c) GDPR

3. Automated Decision-Making

DialogHub uses AI-based lead scoring to assess incoming leads (e.g., intent, urgency, fit). This scoring assists business users in prioritizing leads but does not produce legal effects or similarly significant effects on the individuals being scored. Business users retain full control over how scored leads are handled.

4. Recipients and Processors

We use the following service providers who process data on our behalf:

• Hosting: OVHcloud (EU) — server infrastructure
• AI Processing: OpenAI (US), Anthropic (US), and Google (US) — language model APIs (GPT, Claude, Gemini) for AI assistant responses and lead scoring
• Social Platform: Meta Platforms, Inc. (US) — Instagram Messaging API and Facebook Login for Business
• Payment: Stripe, Inc. (US) — subscription billing and payment processing

5. International Data Transfers

Some of our service providers are based outside the EU/EEA (OpenAI, Anthropic, Google, Meta, Stripe). These transfers are safeguarded by EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and, where applicable, supplementary measures. You may request a copy of the applicable safeguards by contacting us.

6. Cookies and Tracking

DialogHub does not currently use tracking cookies, analytics tools, or third-party advertising trackers. Only technically necessary cookies (e.g., session management) may be used. If this changes, this policy will be updated accordingly.

7. Data Retention

Data is retained only as long as necessary for its purpose or as required by applicable legal retention obligations. When you delete your account, associated data is removed unless retention is required by law (e.g., tax records: up to 10 years under German fiscal law). If you disconnect your Instagram account or request data deletion through Meta, your access token is revoked and Instagram-related data (messages, threads, drafts) is deleted from our systems. You can also request deletion by contacting us directly.

8. Your Rights

Under the GDPR, you have the right to:

• Access your personal data (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure of your data (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Object to processing based on legitimate interest (Art. 21)

You also have the right to lodge a complaint with a supervisory authority. The competent authority for our location is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
www.lfd.niedersachsen.de

9. Data Controller and Contact

Denys Mierkulov
31195, Germany
Email: [email protected]

For privacy-related inquiries, contact us at: [email protected]