Privacy Policy

Last Updated: May 30, 2025

IMPORTANT: By using Mate Direct services, you explicitly consent to the collection, use, and processing of your information as described in this Privacy Policy. If you do not agree with these terms, please do not use our services.

1. Information Collection and Processing

1.1 Data We Collect

We collect and process the following categories of data:

  • Account information (email, username)
  • WhatsApp business phone number
  • Chat messages with non-contact users (24-hour retention only)
  • Voice message transcriptions and translations
  • Message metadata and analytics
  • Language detection and translation data
  • Token usage statistics
  • Integration settings
  • Session data
  • Technical logs
  • Payment information

1.2 User-Generated Content

You retain responsibility for:

  • Message content
  • Shared files and voice messages
  • Customer data
  • Integration configurations
  • Account settings

1.3 Voice Message Processing

When you or your customers send voice messages:

  • Voice messages are transcribed using automated speech recognition technology
  • The content is analyzed to determine the language
  • Processing includes duration analysis and token consumption calculation
  • Voice messages longer than 3 minutes are not processed
  • We do not permanently store the audio content of voice messages

2. Language and Translation Processing

2.1 Automatic Language Detection

Our service automatically:

  • Detects the language of incoming messages
  • Processes content in multiple languages
  • Maintains conversation context across different languages
  • Identifies script types and language patterns

2.2 Translation Services

When enabled:

  • Messages can be translated between multiple languages
  • Original message content is preserved alongside translations
  • Translation preferences are stored as part of your assistant configuration
  • Translations are processed through secure AI services

2.3 Data Security

  • Secure session management
  • Access control and authentication
  • Regular security monitoring
  • Activity logging
  • Automated session timeout
  • End-to-end encryption for message content (provided by WhatsApp)

3. Third-Party Services

3.1 WhatsApp Integration

We use unofficial third-party libraries for WhatsApp integration. Users explicitly acknowledge and accept all associated risks.

  • No official WhatsApp API usage
  • Third-party library dependencies
  • Independent from Meta/WhatsApp
  • Subject to external changes

3.2 Data Processing Services

  • Cloud infrastructure providers
  • Payment processors
  • Analytics services
  • Integration partners
  • AI language processing providers

3.3 Google User Data

We process Google user data in accordance with Google API Services User Data Policy.

3.3.1 Data Collection and Processing

We collect and process the following Google user data:

  • Basic profile information (email and name) for account creation and management
  • Access to specific Google Sheets files selected by users through Google Picker
  • Limited file access tokens for selected spreadsheets only
  • Spreadsheet data when using Google Sheets integration

3.3.2 Data Access Limitations

We use the restrictive drive.file scope which ensures that our application can only access specific files that users explicitly select through Google's official file picker interface. We cannot access any other files in your Google Drive, even if they are shared with the same account.

Our application:

  • Only accesses files specifically selected by users
  • Does not request or receive access to your entire Google Drive
  • Cannot see or modify files not explicitly shared by users
  • Uses the restricted drive.file scope for minimum necessary access

3.3.3 Data Sharing

We share Google user data with:

  1. Google Cloud Platform Services:
    • For hosting and processing infrastructure
    • Data remains within EU data centers
    • Subject to Google Cloud Platform's security standards
  2. Service Providers:
    • Analytics providers for service optimization
    • Security monitoring services for threat detection
    • All providers are bound by data processing agreements
  3. Legal Requirements:
    • Law enforcement when legally required
    • Regulatory authorities as mandated by law
    • Following proper legal procedures and user notification

3.3.4 File Selection Process

Users maintain full control through:

  • Google's official file picker interface
  • Explicit file selection for each integration
  • Ability to revoke access to individual files
  • Clear visibility of which files are shared

3.3.5 Data Retention

  • Google access tokens are stored only while integration is active
  • Tokens are immediately deleted upon integration disconnection
  • Spreadsheet data is processed in real-time and not permanently stored

3.3.6 User Controls

Users can:

  • Revoke Google integration access at any time
  • Request complete deletion of Google-related data
  • Export their Google-related data
  • Modify integration permissions

3.3.7 Security Measures

For Google user data protection, we implement:

  • Secure session management
  • Access control and authentication
  • Regular security monitoring
  • Activity logging
  • Automated session timeout
  • Immediate token revocation upon disconnection

3.3.8 Limited Use Disclosure

Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

4. User Rights and Controls

4.1 Your Rights

You have the right to:

  • Access your personal data
  • Request data deletion
  • Control translation settings
  • Manage language preferences
  • Opt out of marketing communications
  • Export your data

4.2 Data Control Limitations

Please note:

  • 24-hour message retention cannot be extended
  • Some data required for service operation
  • Technical limitations may apply
  • Legal requirements may restrict deletion

5. Data Retention and Deletion

5.1 Retention Periods

  • Chat messages: 24 hours maximum
  • Voice message transcriptions: 24 hours maximum
  • Account data: Until account deletion
  • Payment records: As required by law
  • Technical logs: 30 days
  • Analytics data: 90 days

5.2 Automatic Deletion

Our system automatically:

  • Removes messages after 24 hours
  • Purges expired sessions
  • Cleans temporary data
  • Archives or deletes old logs

6. AI Processing Disclosure

6.1 AI Data Usage

We use AI processing for:

  • Message response generation
  • Voice message transcription
  • Language detection
  • Content analysis and translation
  • Performance optimization
  • Conversation summarization

6.2 AI Processing Limits

  • No permanent data storage beyond stated retention periods
  • No training on user data
  • No personal data sharing
  • Limited context window
  • Token usage is monitored and capped

7. Data Security and GDPR Compliance

7.1 Security Monitoring

We employ automated security monitoring systems that:

  • Monitor system resources and user activities 24/7
  • Automatically detect and log security incidents
  • Alert administrators about potential security breaches
  • Track and prevent resource abuse
  • Maintain audit logs of security events

7.2 Data Retention and Deletion

Our data retention policies include:

  • WhatsApp messages are retained for only 24 hours
  • Inactive user sessions are automatically cleared after 7 days
  • System logs are maintained for 30 days
  • Security incident logs are kept for 1 year

7.3 Security Incident Management

In case of a data breach or security incident:

  • We will notify affected users within 72 hours
  • High-severity incidents are reported to relevant authorities
  • All incidents are logged and investigated
  • Remediation steps are documented and implemented

7.4 Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to access your personal data
  • Right to correct inaccurate personal data
  • Right to have your personal data erased
  • Right to restrict processing of your data
  • Right to data portability
  • Right to object to processing of your data

7.5 Data Processing Activities

  • WhatsApp message processing for AI responses
  • Voice message transcription and translation
  • Language detection and processing
  • Resource usage monitoring for system stability
  • Security incident detection and logging
  • User activity tracking for service improvement

7.6 Technical and Organizational Measures

We implement the following security measures:

  • Automated resource monitoring and abuse prevention
  • Regular security assessments and logging
  • Automatic disconnection of compromised sessions
  • Data minimization and automatic cleanup
  • Access control and authentication

7.7 Data Infrastructure Location

Our infrastructure is distributed across EU data centers:

  • Application servers: Frankfurt, Germany (EU Central)
  • Database infrastructure: Google Cloud Platform, Belgium (europe-west1)
  • All data processing and storage remains within European Economic Area (EEA)
  • Compliant with EU data protection regulations

8. Changes to Privacy Policy

  • Right to modify at any time
  • Notice of material changes
  • Continued use implies acceptance

9. Contact Information

For privacy-related inquiries: hi@mate.direct

BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED.