Privacy policy

Last updated: June 2026

Non-binding translation for reader convenience. The Spanish version is the legally binding one.

This page explains how your personal data is processed when you write to a WhatsApp number powered by Aistant, the service supporting the business conversation.

Automated assistant (AI). When you write to the number, you are replied to by an automated conversational assistant powered by artificial intelligence, not by a person at the business. You can ask to speak to a human on the team at any time by writing so in the chat. This disclosure satisfies Article 50 of the EU AI Act (Regulation (EU) 2024/1689), applicable from 2 August 2026.

1. Who is responsible

The business you are writing to (the pizzeria, shop or professional) is the data controller. Aistant acts as a data processor, processing your data on behalf of the business and following its instructions.

2. What data is processed

  • Your WhatsApp phone number
  • Your name, if you share it in the conversation
  • The details of the order or request you make
  • The content of the messages exchanged with the bot
  • Delivery or pickup address, if relevant to the service

3. Purposes of processing

Only to:

  • Handle your enquiry or order
  • Keep you informed about its status
  • Comply with the business's legal obligations (e.g. keeping tax records)

Your data is not used for marketing, profiling or unsolicited offers.

4. Legal basis

Processing is based on the performance of a contract you initiate with the business (Art. 6.1.b GDPR) and, where applicable, on legal obligations of the business (6.1.c) such as tax record-keeping.

5. Retention periods

  • Conversations: up to 12 months since the last message
  • Unfinished orders (drafts, cancelled): 90 days
  • Delivered orders: up to 5 years (Spanish tax obligation)
  • If you request deletion: your data is erased within 72 hours (except records under a live tax obligation, which are kept in anonymised form)

6. Who the data is shared with

Data is shared only with the technical providers needed to operate the service:

  • Meta Platforms Ireland Ltd. — WhatsApp Cloud API (message transport)
  • Google Ireland Ltd. — AI models (processing the message to generate the reply)
  • Anthropic PBC (USA, under standard contractual clauses) — AI models (processing the message to generate the reply)
  • Supabase (AWS, EU region) — storage of the conversation and the order
  • Vercel Inc. — application hosting

All providers meet the safeguards required by the GDPR via standard data-processing agreements.

7. Your rights

You can exercise at any time your rights of access, rectification, erasure, restriction, objection and portability. To do so:

  • Quick path: send the word STOP in the chat at any time. Your data will be erased within 72 hours and you will receive confirmation.
  • By email: contact the business whose service you are using directly. The business (controller) will handle your request.

If you believe your data has not been processed in accordance with the law, you can lodge a complaint with the Spanish Data Protection Agency (AEPD) aepd.es.

8. Security

WhatsApp messages are end-to-end encrypted between your device and Meta's platform. Storage of the conversation and the order in our systems is on encrypted infrastructure with access restricted to authorised business staff.

9. Changes to this policy

If this policy changes materially, we will announce it at this same link and, where relevant, in the chat itself before the change affects you.

10. Public web demos

The Aistant website hosts public demos (e.g. /demo/accede24) that reproduce the assistant with fictional data, unrelated to any real customer.

Separately, /demo/accede24-pro is a restricted professional channel (it requires a password provided by Accede24 and is reserved for verified professional locksmiths). Unlike the public demos, it responds with real technical knowledge from the professional community, including opening techniques and procedures. Its use is limited to legitimate professional purposes and must not be used to access other people's property or for unlawful ends. Conversations and photos are retained with the same periods and safeguards described below.

  • If you upload a photo in a demo, it is stored privately (Supabase, EU region, restricted access) for up to 90 days, solely to review and improve the demo, and then deleted automatically.
  • In the visual identifier (photo → product type), when two independent systems agree on the type, the image and its label may be kept privately to improve the identifier (model training). These are photos of objects (locks, keys…), not people; even so, avoid uploading photos containing personal data. You can request deletion by contacting us.
  • Messages you type in the demo are kept within the same 12-month window as other conversations.
  • It is a test environment: please avoid uploading personal data or sensitive photos. They are not used for marketing or profiling.
Privacy policy · Aistant