Privacy Policy
Last Updated: December 6, 2025
Whiz ("we," "us," "our," or "Whiz") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website (askwhiz.io), web portal, AI-powered chatbots (especially via WhatsApp), and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Who We Are
Whiz is a cloud-based AI platform that enables businesses to provide 24/7 multilingual equipment diagnostics and customer support, primarily through WhatsApp.
For European users: We act as a data processor when handling end-user messages on behalf of our business customers (who are the data controllers). For account holders and website visitors, we act as the data controller.
2. Information We Collect
A. Information You Provide Directly
- Account registration: name, email address, company name, phone number, billing information
- Uploaded content: equipment manuals, technical documents, images, and other files you upload to train your AI bot
- Communications: messages you send to our support team
B. End-User Conversation Data (via your AI bots)
When end-users interact with your Whiz-powered chatbot (e.g., on WhatsApp):
- Full conversation history (text, images, voice notes, attachments)
- Phone number (WhatsApp ID)
- Timestamps and metadata
- Language and location clues (if shared)
These logs are stored on your behalf and are accessible only to you (the bot owner) and authorized team members.
C. Automatically Collected Information
- Usage data: token consumption, number of messages, bot performance metrics
- Analytics: IP address, browser type, device information, referring pages
- Cookies and similar technologies on our website (you can manage these in your browser settings)
3. How We Use Your Information
| Purpose | Legal Basis (GDPR, where applicable) |
|---|---|
| Provide and improve the Service (training AI on your manuals, generating responses) | Contract performance / Legitimate interests |
| Operate and maintain your account and billing | Contract performance |
| Store and display conversation logs and analytics | Contract performance |
| Provide customer support | Legitimate interests |
| Detect and prevent fraud, abuse, or security risks | Legitimate interests / Legal obligation |
| Comply with legal obligations | Legal obligation |
| Send marketing communications (you can opt out anytime) | Consent or Legitimate interests |
We do not sell your personal data or end-user conversation data.
4. Anonymized and Aggregated Data
We may anonymize or aggregate conversation logs and usage data so that it cannot identify any individual or company. We use this anonymized data to:
- Improve our AI models
- Train future versions of the platform
- Publish industry benchmarks (e.g., “average response time in hospitality”)
You cannot opt out of this anonymized use, as it contains no personal data.
5. Data Sharing and Third Parties
We share data only in these limited cases:
| Recipient | Purpose | Location |
|---|---|---|
| WhatsApp / Meta | Delivering messages and media | Global (Meta’s servers) |
| Supabase | Authentication and database storage | USA / EU |
| Google Cloud / Drive APIs | File storage and processing | USA / EU |
| Stripe or other payment processors | Billing and payment processing | USA |
| Cloud providers (e.g., AWS, GCP) | Hosting and infrastructure | USA / EU |
| Legal authorities | When required by law or to protect rights | As required |
We require all third-party processors to protect your data and use it only for the purposes we specify.
6. International Data Transfers
Your data may be transferred to and stored in the United States or other countries outside your jurisdiction. We use appropriate safeguards (such as Standard Contractual Clauses) when transferring data from the EEA, UK, or Switzerland.
7. Data Retention
- Account data: Retained while your account is active + 90 days after cancellation (for recovery)
- Conversation logs: Retained as long as your account is active (you control deletion via the portal)
- Billing records: Retained for 7 years (legal requirement)
- Anonymized data: Retained indefinitely
Upon account termination, you may request export or deletion of your conversation logs.
8. Your Rights (GDPR, CCPA, and similar laws)
Depending on your location, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict or object to processing
- Data portability
- Withdraw consent (where applicable)
- Opt out of marketing
To exercise these rights, email legal@fluidrat.com. We will respond within 30 days (or as required by law).
For California residents: We do not sell or share personal information as defined under CCPA/CPRA.
9. Security
We use industry-standard encryption (TLS), access controls, and regular security audits to protect your data. However, no system is 100% secure, and we cannot guarantee absolute security.
10. Children’s Privacy
Our Service is not intended for children under 16. We do not knowingly collect data from children under 16. If we discover such data, we will delete it immediately.
11. Changes to This Privacy Policy
We may update this policy from time to time. We will notify you of material changes by email or a prominent notice in the Service. Continued use after changes means you accept the updated policy.
12. Contact Us
For any privacy questions or requests:
- Email: legal@fluidrat.com
- Subject line: Privacy Request
We aim to resolve all concerns promptly and fairly.