Our Privacy Policy

Who we are

At Markleyo AI Limited (“we,” “us,” “our,” or “Markleyo AI”), we are committed to protecting your privacy and ensuring the secure handling of your personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our AI-powered automation services, including AI chatbots, AI social media automation, AI messaging integrations, and AI Content writer.

We are a company incorporated in England and Wales, with our registered office at Tottenham Court Road, London. As a UK-based company providing services globally, we comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable international data protection laws.

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

---

Data we collect

We collect various types of information to provide, maintain, and improve our services. The data we collect falls into several categories:

Information You Provide Directly

Account Registration Data: When you create an account, we collect your name, email address, company name, phone number, billing address, and payment information. This information is necessary to establish your account, provide customer support, and process payments.

Profile and Configuration Data: We collect information you provide when setting up your AI chatbots, including business information, frequently asked questions, knowledge base content, brand voice preferences, and custom responses. This data helps us personalize your chatbot’s behavior and responses.

Communication Data: When you contact us for support, feedback, or inquiries, we collect the content of your communications, including emails, chat messages, support tickets, and any attachments or files you send to us.

Marketing Preferences: We collect information about your communication preferences, including your consent to receive marketing emails, newsletters, and promotional materials.

Information Collected Automatically

Technical Data: We automatically collect technical information about your use of our services, including IP addresses, browser type and version, operating system, device identifiers, time zone settings, browser plug-in types and versions, and other technology on devices used to access our platform.

Usage Data: We collect information about how you interact with our services, including pages visited, features used, time spent on different sections, click-through rates, and navigation patterns. This helps us understand user behavior and improve our platform.

Performance Data: We monitor the performance of your chatbots and automation tools, including response times, conversation completion rates, error logs, and system performance metrics.

Data from Third-Party Integrations

Website Integration Data: When you integrate our chatbots with your website, we collect visitor interaction data, including conversation logs, user queries, and responses provided by our AI systems.

Social Media Platform Data: Through our integrations with platforms like Facebook Messenger, WhatsApp Business, and Telegram, we collect message content, user identifiers, and interaction data necessary to provide automated responses and maintain conversation context.

CRM and Marketing Tool Data: If you connect our services to your CRM or marketing platforms, we may collect customer data, lead information, and marketing campaign performance data to enhance our automation capabilities.

---

How we use data

We process your personal data for several legitimate purposes, always ensuring we have a lawful basis under UK GDPR:

Service Provision and Performance

We use your data to provide our core services, including operating AI chatbots, managing social media automation, processing messaging integrations, and maintaining your account. This processing is necessary for the performance of our contract with you.

AI System Operation and Improvement

Your interaction data helps train and improve our AI models, ensuring more accurate responses and better user experiences. We analyze conversation patterns, common queries, and user feedback to enhance our AI capabilities while maintaining appropriate privacy safeguards.

Customer Support and Communication

We use your contact information and communication history to provide technical support, respond to inquiries, and send important service-related notifications. This includes sending you updates about service changes, security alerts, and maintenance notifications.

Billing and Payment Processing

We process your payment information and billing data to manage subscriptions, process transactions, and maintain accurate financial records. We work with secure payment processors to handle sensitive financial information.

Marketing and Business Development

With your consent, we use your contact information to send marketing communications, including newsletters, product updates, and promotional offers. You can withdraw this consent at any time through your account settings or by contacting us directly.

Legal Compliance and Security

We may process your data to comply with legal obligations, protect our legitimate interests, ensure platform security, prevent fraud, and maintain the integrity of our services.

---

AI, models, and training

As an AI-powered platform, we employ sophisticated machine learning models and automated decision-making systems. Here’s how we handle AI-related data processing:

AI Model Training and Development

We use anonymized and aggregated conversation data to train and improve our AI models. This includes natural language processing models, intent recognition systems, and response generation algorithms. We implement privacy-by-design principles, ensuring that personal identifiers are removed or pseudonymized before data is used for training purposes.

Automated Decision-Making

Our AI systems make automated decisions about how to respond to user queries, route conversations, and provide recommendations. These decisions are based on predefined algorithms and machine learning models trained on historical data. You have the right not to be subject to automated decision-making where it produces legal effects or significantly affects you.

Human Oversight and Review

We maintain human oversight of our AI systems, with regular reviews of automated decisions and the ability for human intervention when necessary. Our team monitors AI performance, reviews edge cases, and ensures that automated responses remain appropriate and accurate.

Data Minimization in AI Processing

We apply data minimization principles to our AI operations, using only the data necessary for specific AI functions. Personal data used in AI training is aggregated and anonymized where possible, and we regularly review our data usage to ensure compliance with privacy principles.

AI Transparency and Explainability

We strive to make our AI decision-making processes as transparent as possible. Users can request information about how automated decisions affecting them are made, and we provide explanations of our AI logic where technically feasible.

---

Messaging & social integrations

Our platform integrates with various messaging and social media platforms to provide comprehensive automation services:

WhatsApp Business API Integration

When you connect our services to WhatsApp Business, we process messages sent and received through your business account. This includes message content, sender information, delivery status, and conversation metadata. We comply with WhatsApp’s Business Policy and Meta’s data processing requirements.

Facebook Messenger Integration

Our Facebook Messenger integration allows us to process messages, user profiles (where permitted), and conversation data to provide automated responses. We adhere to Facebook’s Platform Policies and data sharing agreements.

Telegram Bot Integration

Through Telegram bot integrations, we process bot commands, message content, and user interactions. We comply with Telegram’s Bot API terms and privacy requirements.

Social Media Platform Integrations

Our social media automation features may access your social media accounts to post content, respond to messages, and analyze engagement. We only access the minimum permissions necessary for our services and respect each platform’s data usage policies.

Data Sharing with Platforms

We may share necessary data with integrated platforms to provide our services. This sharing is limited to what’s required for functionality and is governed by data processing agreements that ensure appropriate privacy protections.

---

Cookies & tracking

We use cookies and similar tracking technologies to enhance your experience and provide our services effectively:

Essential Cookies

We use essential cookies that are necessary for our website and platform to function properly. These include session cookies, authentication cookies, and security cookies that cannot be disabled without affecting core functionality.

Analytics Cookies

With your consent, we use analytics cookies to understand how users interact with our platform. These cookies help us identify popular features, measure performance, and improve user experience.

Marketing and Advertising Cookies

We may use marketing cookies to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These cookies are only placed with your explicit consent and can be managed through your browser settings.

Third-Party Cookies

Some of our integrated services may place their own cookies. We ensure that third-party cookie usage aligns with our privacy standards and provide you with information about these cookies in our cookie policy.

Cookie Management

You can control cookie settings through your browser preferences. However, disabling certain cookies may limit your ability to use some features of our platform.

---

Analytics & sub-processors

We work with carefully selected sub-processors and analytics providers to deliver our services:

Analytics Providers

We use analytics services to understand user behavior, measure platform performance, and improve our services. These providers may include Google Analytics, Bing analytics, and similar services that help us gather insights while maintaining user privacy.

Cloud Infrastructure Providers

Our services are hosted on secure cloud infrastructure provided by reputable providers such as Amazon Web Services, Google Cloud Platform, or Microsoft Azure. These providers maintain high security standards and comply with relevant data protection regulations.

Payment Processors

We work with secure payment processors like Stripe to handle billing and payment transactions. These processors maintain PCI DSS compliance and implement strong security measures to protect financial data.

Customer Support Tools

We may use customer support platforms and tools to manage user inquiries and provide assistance. These tools are configured to maintain appropriate privacy protections and data security.

AI and Machine Learning Services

We may use third-party AI and machine learning services to enhance our platform capabilities. All such services are carefully vetted for privacy compliance and data protection standards.

Sub-Processor Oversight

We maintain contracts with all sub-processors that include appropriate data protection clauses, security requirements, and privacy safeguards. We regularly review and audit our sub-processors to ensure ongoing compliance.

---

Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account Data Retention

We retain account information and profile data for the duration of your active subscription plus an additional period as required for legal, accounting, or business purposes, typically not exceeding seven years after account closure.

Conversation and Interaction Data

Chatbot conversations and user interactions are typically retained for up to two years to maintain service quality, provide customer support, and improve AI performance. Aggregated and anonymized data may be retained longer for analytical purposes.

Technical and Usage Data

Technical logs, usage analytics, and performance data are generally retained for up to one year, unless required for security investigations or legal compliance.

Marketing and Communication Data

Marketing communication preferences and related data are retained until you withdraw consent or close your account, whichever occurs first.

Legal and Compliance Data

Data required for legal compliance, tax purposes, or regulatory requirements may be retained for periods specified by applicable laws, typically ranging from three to seven years.

Data Deletion Procedures

We implement systematic data deletion procedures to ensure that personal data is removed when retention periods expire. Users can request early deletion of their data, subject to legal and contractual obligations.

---

Security

We implement comprehensive security measures to protect your personal data:

Technical Security Measures

Our security infrastructure includes encryption in transit and at rest, secure data centers, regular security updates, multi-factor authentication, and access controls that limit data access to authorized personnel only.

Organizational Security Measures

We maintain security policies, conduct regular staff training, perform background checks on employees with data access, and implement incident response procedures to address potential security breaches.

Data Breach Response

In the event of a data breach, we will notify relevant authorities within 72 hours and inform affected users without undue delay, providing clear information about the nature of the breach and steps being taken to address it.

Regular Security Assessments

We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential security risks proactively.

---

International transfers

We may process data in multiple countries. Where required, we use appropriate safeguards (e.g., SCCs/UK Addendum) for transfers outside your region:

Adequacy Decisions

Where possible, we transfer data to countries with adequacy decisions from the UK government, ensuring equivalent levels of data protection.

Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by UK authorities to ensure appropriate safeguards for your personal data.

Additional Safeguards

We implement additional technical and organizational measures when transferring data internationally, including encryption, pseudonymization, and strict access controls.

Transfer Impact Assessments

We conduct Transfer Impact Assessments to evaluate the level of protection provided in destination countries and implement supplementary measures where necessary.

---

Your rights

Under UK GDPR and applicable data protection laws (CCPA/CPRA), you have several rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data where we no longer have a lawful basis to process it.

Right to Restrict Processing

You can request that we limit how we process your personal data in certain circumstances.

Right to Data Portability

You can request that we provide your personal data in a structured, commonly used format for transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to automated decision-making that produces legal effects or significantly affects you, and you can request human intervention in such decisions.

Exercising Your Rights

To exercise any of these rights, contact us using the information provided in the Contact section. We will respond to your request within one month, or sooner where possible.

---

Children

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete such information promptly. If you believe we have collected information from a child under 16, please contact us immediately.

---

Third-party links and content

Our platform may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

When you integrate third-party services with our platform, those services may collect and process data according to their own privacy policies. We recommend reviewing these policies to understand how your data will be handled.

---

Refund Policy

We offer a 7-day refund policy for new subscribers. If you are not satisfied with our services within 7 days of your initial subscription, you may request a full refund. Refund requests must be submitted through our customer support system within the 7-day period. Refunds will be processed within 5-10 business days using the original payment method. This refund policy does not apply to renewals or additional service purchases after the initial subscription period.

---

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy

• Notify you by email or through our platform

• Provide a summary of significant changes

• Give you the opportunity to review the updated policy

Continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

---

Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: Markleyo Ltd

OFFICE 347, 60 TOTTENHAM COURT ROAD

FITZROVIA

LONDON

UNITED KINGDOM, W1T 2EW

Email: [email protected]

---