This Privacy Policy explains how ЕЙ АЙ СИСТЕМИ ЕООД ("we", "us", the "Company") collects, uses, shares and protects personal data in connection with our website skailon.com and the software platforms we operate under the Skailon brand (each a "Service"), including our commercial automation platform that connects to messaging channels such as WhatsApp, Instagram, Facebook, SMS and email on behalf of our business customers.
We act as data controller for personal data relating to our website visitors and the account holders of our business customers. When our business customers use the Service to communicate with their own contacts and leads, we act as a data processor on their behalf, and the business customer is the controller of that contact data.
1. Personal data we collect
- Account & identity data — name, business name, email, phone, role, login credentials.
- Channel & connection data — identifiers required to connect messaging accounts (e.g. WhatsApp Business Account IDs, phone number IDs, Meta business IDs) and access tokens.
- Communications content — the messages, attachments and metadata exchanged through the connected channels and processed by the Service.
- Billing data — plan, transaction records and limited payment metadata. Card details are handled directly by our payment processor and are not stored by us.
- Usage & technical data — IP address, device and browser data, log files, and product usage events.
- Support data — information you provide when contacting us.
2. Purposes and legal bases (GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Providing, operating and securing the Service | Performance of a contract |
| Processing messages through connected channels | Performance of a contract / our customer's instructions |
| Billing and payments | Performance of a contract; legal obligation |
| Product improvement, analytics and fraud prevention | Legitimate interest |
| Marketing communications to prospects | Consent or legitimate interest (with opt-out) |
| Compliance with legal and tax obligations | Legal obligation |
3. Messaging channels and Meta / WhatsApp
When our business customers connect a WhatsApp Business Account through the official WhatsApp Business Platform (Cloud API), message data is transmitted through and hosted on Meta's infrastructure and is subject to Meta's own terms and privacy practices. We process this data solely to deliver, receive and manage messages on behalf of the business customer. We do not use the content of end-user conversations to train general-purpose models, and we do not sell personal data.
4. Artificial intelligence processing
The Service uses large language models to draft and automate responses. Message content necessary to generate a reply may be transmitted to our AI sub-processors for that single purpose. We apply contractual safeguards prohibiting our AI sub-processors from using that content to train their models.
5. Sub-processors
We rely on the following categories of sub-processors, each bound by a data processing agreement:
| Sub-processor | Purpose | Location |
|---|---|---|
| Meta Platforms Ireland Ltd. / Meta Platforms, Inc. | WhatsApp, Instagram & Facebook messaging (Cloud API) | EU / USA |
| Stripe | Payment processing | EU / USA |
| OpenRouter and the AI model providers it routes to | AI text generation | EU / USA |
| Cloud hosting & database provider | Application hosting and data storage | EU (with possible US components) |
A current list of sub-processors is available on request at danielspiri@sistemasconia.com.
6. International transfers
Some of our sub-processors are located in, or transfer data to, the United States. Where personal data leaves the European Economic Area, we rely on appropriate safeguards, namely the European Commission's Standard Contractual Clauses and, where applicable, the providers' certification under the EU–US Data Privacy Framework. Copies of the relevant safeguards are available on request.
7. Data retention
We retain personal data for as long as the related account is active and as needed to provide the Service, then for the periods required by law (e.g. accounting and tax records). Conversation data is retained according to the business customer's configuration and is deleted on account closure, subject to legal retention obligations.
8. Your rights
Subject to the GDPR, you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent at any time. To exercise these rights, contact us at danielspiri@sistemasconia.com. You may also request deletion of your data following our data deletion instructions.
You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни, cpdp.bg) or with the supervisory authority of your habitual residence.
9. Security
We apply technical and organisational measures appropriate to the risk, including encryption in transit, access controls, tenant isolation and audit logging.
10. Cookies
Our website uses strictly necessary cookies and, with your consent, analytics cookies. You can manage your preferences through the cookie banner.
11. Changes
We may update this Policy from time to time. Material changes will be notified through the Service or by email. The "last updated" date above reflects the current version.
12. Contact
For any privacy question or to exercise your rights: danielspiri@sistemasconia.com.