AI Borta, Inc. ("AI Borta", "we", "our" or "us") operates the AI Borta messaging and ordering platform. This Privacy Policy explains what information we collect, how we use it and the choices you have. By using the platform you agree to these practices.
1. Information We Collect
- ·Account data you provide when registering: name, email address, restaurant name and billing information.
- ·Channel credentials you connect (e.g. WhatsApp Business tokens, Twilio keys). These are stored encrypted at rest using AES-256-GCM and are never exposed in API responses.
- ·Order data including customer names, phone numbers, order contents and delivery addresses transmitted through connected messaging channels.
- ·Usage data such as page views, feature interactions and error logs collected to improve the platform.
- ·Payment information is processed by Stripe. We store only a Stripe Connect account ID and never see raw card numbers.
2. How We Use Your Information
- ·To operate the AI Borta platform and deliver the services described in your plan.
- ·To authenticate API requests to connected channels (WhatsApp, Meta, Twilio, Telegram, TikTok) on your behalf.
- ·To send transactional emails such as order confirmations, receipts and platform notifications.
- ·To improve product features using aggregated, anonymised usage analytics.
- ·To detect, prevent and respond to security incidents or abuse.
3. Data Sharing
- ·We do not sell your personal data or your customers' data to third parties.
- ·We share data only with service providers necessary to operate the platform (hosting, payment processing, email delivery) under data processing agreements.
- ·When you connect a messaging channel, data flows through that channel's API under their terms (Meta, Twilio, Telegram, TikTok). You are responsible for complying with those platforms' policies.
- ·We may disclose data when required by law or to protect rights, property or safety.
4. Data Retention
- ·Account data is retained for the duration of your subscription plus 30 days after cancellation, then deleted.
- ·Order data is retained for 24 months for business reporting purposes, after which it is anonymised.
- ·Channel credentials are deleted immediately upon disconnecting a channel.
- ·You may request deletion of your account and associated data at any time by contacting support.
5. Security
- ·All data in transit is encrypted via TLS 1.2 or higher.
- ·Sensitive credentials (API tokens, secrets) are stored encrypted using AES-256-GCM with a per-deployment encryption key.
- ·PINs and passwords are stored as cryptographic hashes (SHA-256 / bcrypt) and cannot be recovered in plaintext.
- ·Access to production systems is restricted to authorised personnel with multi-factor authentication.
6. Your Rights
- ·Access — you can request a copy of the personal data we hold about you.
- ·Correction — you can correct inaccurate data via the dashboard or by contacting us.
- ·Deletion — you can request deletion of your account and personal data.
- ·Portability — you can request an export of your order and customer data in JSON format.
- ·Objection — you can object to processing based on legitimate interests.
- ·To exercise these rights, email privacy@aiborta.com. We will respond within 30 days.
7. Cookies
- ·We use only essential cookies required for authentication (session token) and security (CSRF protection).
- ·We do not use advertising cookies or third-party tracking pixels.
8. Children
- ·AI Borta is a business tool intended for adults. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it.
9. Changes to This Policy
- ·We may update this policy as the platform evolves. Material changes will be notified by email at least 14 days before they take effect. Continued use after that date constitutes acceptance.
10. Contact
- ·Questions about this policy: privacy@aiborta.com
- ·AI Borta, Inc. · Registered in the United States