Privacy Policy

1. Introduction

SELLIQ TECNOLOGIA DA INFORMACAO LTDA, owner of the Selliq platform (hereinafter "Selliq", "we", "our"), is committed to protecting the privacy of personal data of our users. This Privacy Policy describes how we collect, use, store, share, and protect personal information of Selliq platform users.

Selliq is a platform for creating artificial intelligence agents for customer service, support, and sales, enabling companies to build robust and efficient conversational automation solutions without programming expertise.

This policy applies to all Selliq platform users, including site visitors, registered users, administrators, and end users who interact with AI agents created on the platform.

2. Definitions

For the purposes of this Privacy Policy:

• Personal Data: Any information related to an identified or identifiable natural person.
• Data Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control, modification, communication, transfer, dissemination, or extraction.
• Data Subject: Natural person to whom the personal data being processed refers.
• Controller: Person or legal entity, public or private, who decides on the processing of personal data. SELLIQ TECNOLOGIA DA INFORMACAO LTDA is the controller in this context.
• Processor: Person or legal entity, public or private, who processes personal data on behalf of the controller.
• User: Individual using the Selliq platform to create, configure, and manage AI agents.
• End User: Individual who interacts with AI agents created on the Selliq platform.

3. Data Collected

3.1. Data Collected from Platform Users

We collect the following categories of personal data from users who register and use the Selliq platform:

3.2. Data Collected from End Users (Agent Interactions)

When end users interact with AI agents created on the Selliq platform through connected channels (WhatsApp, Instagram, phone, etc.), we collect:

• Full messages: All conversation content carried out through AI agents
• Contact data: Phone number, platform user IDs (WhatsApp, Instagram), email when provided
• Voluntarily provided data: Name, preferences, and any other information shared during interaction
• Conversation metadata: Date, time, duration, communication channel used (WhatsApp, Instagram, phone)
• Device data: Device type, operating system (when available through platform)
• Behavioral data: Interaction patterns, communication frequency, engagement
• Voice recordings: When interaction occurs via phone, conversations may be recorded for analysis and service improvement

Important: This data is collected and stored on behalf of our client (Selliq platform user), who acts as controller of this data. Selliq acts as processor, processing this data per the client's instructions.

3.3. Automatically Collected Data

We use technologies such as cookies, pixel tags, and analytics tools to automatically collect:

• Navigation and platform interaction information
• Performance data and technical errors
• Configuration and language preferences
• Device and network information

3.4. Third-Party Data

We may receive personal data from third parties when you:

• Connect third-party integrations (WhatsApp Business API, Instagram, Facebook Messenger, etc.)
• Import contacts or databases from external systems
• Use social login (Google, Microsoft, etc.)

3.5. Payment Processing

Selliq does NOT collect, process, or store payment data (credit cards, bank data, etc.). All financial processing is performed exclusively through the Stripe platform, a PCI-DSS Level 1 certified payment processor that maintains the highest security standards in the industry.

When you make a payment:

• Your payment data is sent directly to Stripe via encrypted connection
• Selliq receives only transaction confirmations and subscription status information
• No sensitive payment data passes through or is stored on our servers
• For more information on how Stripe protects your data, see: https://stripe.com/privacy

4. Data Processing Purposes

We use collected personal data for the following purposes:

4.1. Service Provision

• Create, maintain, and manage user accounts on the platform
• Provide access to Selliq platform features
• Process and execute user requests
• Enable creation, configuration, and management of AI agents
• Process and store conversations between agents and end users
• Provide technical support and customer service

4.2. Commercial and Financial Management

• Manage subscriptions and access to platform resources
• Process plan upgrades, downgrades, and cancellations
• Issue invoices and accounting documents per Brazilian law
• Manage delinquency and service suspension
• Prevent fraud and illicit activities related to platform use
• Note: Payment processing is performed exclusively by Stripe

4.3. Communication

• Send service notifications, updates, and changes
• Respond to questions, requests, and complaints
• Send marketing communications (when authorized)
• Conduct satisfaction surveys

4.4. Improvements and Development

• Analyze platform use for improvements and optimizations
• Develop new features and functionality
• Conduct testing and performance analysis
• Train and refine artificial intelligence models

4.5. Security and Compliance

• Protect the platform against unauthorized access and attacks
• Detect and prevent fraud and abuse
• Comply with legal and regulatory obligations
• Respond to judicial processes and authority requests

4.6. Analytics and Business Intelligence

• Generate aggregated and anonymized statistics and reports
• Analyze trends and usage patterns
• Conduct benchmarking and market studies

5. Legal Basis for Data Processing

The processing of personal data by Selliq is based on the following legal grounds under the Brazilian General Data Protection Law (LGPD - Law 13.709/2018):

• Contract performance: For provision of contracted services and fulfillment of contractual obligations.
• Consent: When you expressly authorize data processing, especially for marketing communications.
• Legitimate interest: For service improvement, platform security, fraud prevention, and internal analyses.
• Legal or regulatory obligation: For compliance with tax, accounting, labor, and other legal obligations.
• Regular exercise of rights: For defense in judicial, administrative, or arbitration proceedings.
• Credit protection: For credit risk analysis and delinquency prevention.

6. Data Sharing

Selliq may share personal data with third parties in the following situations:

6.1. Service Providers

We share data with companies that provide services on our behalf, including:

• Infrastructure and hosting providers: For secure storage and data processing on protected servers
• Stripe (Payment processor): Exclusively for processing financial transactions - payment data is sent directly to Stripe, without passing through our servers
• Email and communication services: For sending notifications, alerts, and authorized communications
• Analytics and monitoring tools: For analysis of usage, performance, and user experience
• AI and machine learning providers: For natural language processing and AI features
• Customer support services: For service, technical support, and problem resolution
• Telephony and communication services: For voice channel integration when applicable

Data Security: All data is stored in secure databases with in-transit and at-rest encryption, regular backups, and strict access controls.

6.2. Integration Partners

When you connect third-party integrations to the platform (WhatsApp Business API, Meta/Facebook, Google, etc.), we share data necessary for the operation of these integrations, per their privacy policies.

6.3. Legal Obligations

We may disclose personal data when required by law, court order, request from competent authorities, or to:

• Comply with legal or regulatory obligations
• Protect rights, property, or safety of Selliq, users, or third parties
• Prevent, detect, or investigate fraud and illegal activities
• Respond to judicial or administrative processes

6.4. Corporate Transfers

In case of merger, acquisition, asset sale, or corporate restructuring, personal data may be transferred as part of company assets, maintaining the protections of this policy.

6.5. With Your Consent

We may share data with third parties when you expressly authorize us to do so.

7. International Data Transfer

Due to the global nature of technology services, some of our service providers and partners may be located outside Brazil. When we perform international transfer of personal data, we adopt the following safeguards:

• Standard contractual clauses approved by data protection authorities
• International data protection certifications
• Guarantees that the destination country offers an adequate level of data protection
• Anonymization or pseudonymization when appropriate

Countries to which data may be transferred include, but are not limited to: United States (for cloud computing, AI, and analytics services), European Union countries (for infrastructure and processing), and other countries where our technology partners operate.

8. Data Security

Selliq implements appropriate technical and organizational measures to protect personal data against unauthorized access, destruction, loss, alteration, communication, or any form of inadequate or illicit processing.

8.1. Technical Security Measures

• Data encryption in transit (SSL/TLS) and at rest
• Role-based access controls and multi-factor authentication
• Firewall, intrusion detection and prevention systems
• Continuous security monitoring and audit logs
• Regular backups and disaster recovery plans
• Periodic security testing and vulnerability scanning
• Regular system updates and security patches

8.2. Organizational Measures

• Internal information security policies
• Regular employee training on data protection
• Restricted physical and logical access controls
• Confidentiality agreements with employees and partners
• Security incident response processes
• Periodic security and compliance reviews

8.3. User Responsibility

Users are responsible for:

• Maintaining confidentiality of their access credentials
• Using strong, unique passwords
• Not sharing account access with unauthorized third parties
• Immediately notifying Selliq of any unauthorized account use
• Keeping their devices and software updated

8.4. Incident Notification

In case of a security incident that may pose relevant risk or harm to data subjects, we will notify affected parties and the Brazilian National Data Protection Authority (ANPD) as required by applicable legislation.

9. Data Retention

Selliq retains personal data for the time necessary to fulfill the purposes described in this policy, observing the following criteria:

9.1. Retention Periods

• Active account data: Throughout the duration of the contractual relationship
• Subscription and billing data: For the legally required period for tax and accounting purposes (minimum 5 years)
• Conversations and interactions: As configured by the client user and defined in contract, respecting legal limits. By default, we keep history for up to 12 months, extensible upon request
• Access and security logs: 6 months to 1 year, per security needs and incident investigation
• Data for legal obligations: For the period required by applicable legislation (generally 5 years)
• Data for exercise of rights: Until the end of judicial, administrative, or arbitration proceedings
• Voice recordings: Per client configuration, respecting maximum 180-day period, except when necessary for legal or contractual purposes

9.2. Data Deletion

After the retention periods end or when there is no longer legal basis for processing, personal data will be:

• Securely and irreversibly deleted; or
• Anonymized so that the subject cannot be identified; or
• Maintained only with specific consent of the subject or legal obligation

9.3. Inactive Account

Accounts inactive for more than 24 months may have their data deleted or anonymized, with prior notification to the user with at least 30 days notice.

10. Data Subject Rights

In accordance with the LGPD, you have the following rights regarding your personal data:

10.10. How to Exercise Your Rights

To exercise any of the rights above, you may:

• Send an email to: privacidade@selliq.io
• Access privacy settings in your account on the platform
• Contact us through the support channels available on the platform

We will respond to requests within 15 (fifteen) days, extendable for another 15 (fifteen) days, with express justification. In some cases, we may request additional information to confirm your identity before processing the request.

10.11. Limitations on Rights

In certain circumstances, we may decline requests when:

• The law requires data retention
• There is a need for defense in judicial or administrative proceedings
• Fulfilling the request would compromise commercial or industrial secrets
• Data deletion would compromise the provision of contracted service

11. Cookies and Similar Technologies

Selliq uses cookies and similar technologies to improve user experience, analyze platform use, and personalize content.

11.1. What Are Cookies

Cookies are small text files stored on your device when you access a site or application. They allow the platform to recognize your device and store information about your preferences and actions.

11.2. Types of Cookies Used

• Essential Cookies: Necessary for basic platform operation, including authentication and security
• Performance Cookies: Collect information about how users use the platform for improvements and optimizations
• Functionality Cookies: Allow the platform to remember your preferences and choices
• Marketing Cookies: Used to track visitors and display relevant ads (only with consent)

11.3. Other Technologies

In addition to cookies, we use:

• Web beacons/Pixel tags: To track email opens and interactions
• Local Storage: To store preferences locally in the browser
• Session Storage: To temporarily maintain session state

11.4. Cookie Management

You can control and manage cookies through:

• Your browser settings (to block or delete cookies)
• The cookie preferences panel available on the platform
• Opt-out tools from advertising partners

Important: Disabling essential cookies may affect proper platform operation.

11.5. Third-Party Cookies

We use third-party services that may set cookies, including:

• Google Analytics (usage analysis)
• Meta Pixel (marketing and advertising)
• Payment services (transaction processing)

These third parties have their own privacy policies, which we recommend you review.

12. Minor Privacy

The Selliq platform is intended for companies and users 18 years and older. We do not intentionally collect personal data of minors without verifiable consent of parents or legal guardians.

If we become aware that we have collected personal data of a minor without appropriate consent, we will take steps to delete this information as soon as possible.

If you believe we may have inadvertently collected data from a minor, contact us immediately at privacidade@selliq.io.

13. Client Responsibilities as Controller

When the Selliq client uses the platform to collect and process personal data of end users through AI agents, this client acts as data controller, being responsible for:

• Obtaining valid consent from end users when necessary
• Providing clear information about data collection and use to end users
• Ensuring it has adequate legal basis for data processing
• Respecting the rights of data subjects (end users)
• Implementing adequate security measures
• Properly configuring data retention periods on the platform
• Using collected data only for legitimate purposes informed to subjects
• Complying with all LGPD obligations and other applicable legislation

Selliq acts as data processor in these situations, processing personal data on behalf of and per the client-controller's instructions.

14. Third-Party Platform Integrations

Selliq allows integrations with third-party platforms, including but not limited to:

• WhatsApp Business API (Meta/Facebook)
• Instagram Messaging (Meta/Facebook)
• Facebook Messenger (Meta/Facebook)
• Google Business Messages
• VoIP and PABX telephony services
• Other messaging and communication platforms

14.1. Data Sharing in Integrations

When you connect these integrations:

• Data necessary for integration operation will be shared with third-party platforms
• Third-party platforms will have access to conversations and interactions performed through their channels
• For phone integrations, voice recordings are processed and stored per each provider's policy
• Each third-party platform has its own privacy policy you should review
• Selliq is not responsible for the privacy practices of these third-party platforms

14.2. Third-Party Platform Policies

We strongly recommend that you review the privacy policies of the following platforms:

• Meta/Facebook: https://www.facebook.com/privacy/policy/
• Google: https://policies.google.com/privacy
• Stripe (Payments): https://stripe.com/privacy

14.3. Integration Control

You may:

• Disconnect integrations at any time through platform settings
• Manage permissions and access granted to third-party platforms
• Revoke authorizations directly on third-party platforms
• Configure message and conversation retention periods

15. Use of Artificial Intelligence

Selliq uses artificial intelligence technologies to provide its conversational agent services. Below we describe how we use AI and related data processing:

15.1. AI Processing

• We use language models and natural language processing to understand and respond to messages
• Conversation data may be processed by third-party AI providers (with appropriate contractual protections)
• We perform sentiment, intent, and context analysis of conversations
• We use machine learning to improve agent accuracy and effectiveness

15.2. Model Training

We may use aggregated and anonymized data to:

• Train and refine our proprietary AI models
• Improve natural language understanding in Brazilian Portuguese
• Optimize agent responses and features

Important: We do not use identifiable personal data to train models without explicit consent. Data used for training is anonymized and aggregated.

15.3. Automated Decisions

The platform may make automated AI-based decisions, such as:

• Conversation routing
• Intent and sentiment classification
• Response suggestions
• Spam or abusive behavior detection

You have the right to request human review of automated decisions that significantly affect your interests.

15.4. Quality and Bias

We continuously work to:

• Minimize biases in AI models
• Ensure accurate and contextual responses
• Monitor and improve interaction quality
• Implement safeguards against inappropriate use

16. Third-Party Site Links

The Selliq platform may contain links to third-party sites, applications, or services. This Privacy Policy does not apply to these third-party sites.

We are not responsible for the privacy practices or content of these sites. We recommend that you read the privacy policy of any third-party site you visit.

17. Changes to This Privacy Policy

Selliq reserves the right to modify this Privacy Policy at any time. Any changes will be:

• Published on this page with the last update date
• Notified to users via email or platform notification
• Made available with at least 10 days advance notice before taking effect (except changes required by law)

We recommend you periodically review this policy to stay informed about how we protect your data.

Continued use of the platform after the publication of changes constitutes acceptance of modifications. If you disagree with the changes, you must discontinue use of the platform and request account deletion.

18. Applicable Law and Venue

This Privacy Policy is governed by the laws of the Federative Republic of Brazil, especially the General Data Protection Law (Law 13.709/2018), Internet Civil Framework (Law 12.965/2014), and Consumer Defense Code (Law 8.078/1990).

To resolve any disputes arising from this Privacy Policy, the venue of the São Paulo/SP district is elected, with express waiver of any other, no matter how privileged.

19. Data Protection Officer (DPO)

Selliq has appointed a Data Protection Officer (DPO) to act as a communication channel between the company, data subjects, and the Brazilian National Data Protection Authority (ANPD).

The DPO is responsible for:

• Accepting subject complaints and communications
• Providing clarifications about data processing
• Receiving ANPD communications and taking action
• Guiding employees and contractors on data protection practices