Skip to main content
alovibe

Privacy Policy

Last updated 2026-05-25 · Version 2.3 · alovibe

Plain-language summary

You're trusting us with data about your business and your customers. We take that seriously. This summary is not a substitute for the legal text below, but it captures the essentials.

The short version: We store the data you give us so the product works. We never sell it. We never train external AI on your customer data without your explicit opt-in. We comply with the GDPR and equivalent data-protection laws. You can export or delete your data anytime.

1. What we collect

Three buckets — your account, your business, and data your customers send through alovibe to you.

1.1 Account data

  • Email, name, password (hashed with bcrypt, never plaintext)
  • Workspace name, slug, region/timezone
  • Billing info — handled by Stripe; we never see card numbers

1.2 Business data

  • Services, prices, staff, working hours, tax rates
  • Branding — your logo, brand color, fonts
  • Knowledge base files you upload to train the AI

1.3 Customer data routed through alovibe

  • Messages, bookings, receipts, photos your customers send via WhatsApp, Telegram, Instagram, Facebook, email, or the booking page
  • Payment metadata (amounts, methods, references) — never card numbers
  • Phone number, email, name — only fields your customers provide

2. How we use it

We use the data to provide the service — store bookings, send reminders, route messages, train AI replies in your tone, calculate tax. We do not sell data. We do not use customer chat content to train models we sell to other tenants.

3. When we share

We share data only with sub-processors that help deliver the service. The full list is published at alovibe.com/legal/subprocessors and includes:

  • Hostinger (cloud hosting and storage)
  • Stripe (payment processing; PCI DSS Level 1)
  • OpenAI / Anthropic (AI inference — content is sent per-message; not used for training under the API terms we use)
  • Sentry (crash reporting, PII-scrubbed)

4. Your rights

You and your customers have the right to access, rectify, port, and erase your data. We respond to verified data-subject requests within 30 days. Under the GDPR and equivalent data-protection laws, the data controller is alovibe, reachable at dpo@alovibe.com. Applicable privacy laws give you rights to access, correct, delete, and opt out of the "sale" of your data — we don't sell data — and to limit how sensitive data is used.

5. Retention

Active workspace data lives for the lifetime of your subscription. After you delete your workspace, we delete tenant data within 30 days, with a 7-day grace window for accidental deletion. Encrypted backups roll off within 90 days. Audit logs are retained for up to 6 years where required by applicable fiscal and tax law.

6. Security

  • TLS 1.3 in transit, AES-256 at rest
  • 2FA required for owner accounts
  • Per-tenant row-level security (Postgres RLS) — tenants can never see each other's data
  • Pen-tested annually by a third-party CREST-accredited firm
  • SOC 2 Type II report available on request under NDA

7. Minors

alovibe is a B2B product for businesses. We do not knowingly collect personal data from minors under the age of digital consent in their jurisdiction. If you suspect a minor's data has reached us, contact us and we will delete it within 72 hours.

8. Data hosting & transfers

Your tenant data is stored with reputable cloud-hosting providers under encryption in transit and at rest. Where personal data is transferred between regions, we rely on appropriate safeguards and contractual protections required by applicable data-protection law.

9. Google API services user data policy

alovibe's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide the features the workspace explicitly connected (Calendar event sync, booking confirmation emails), never for advertising, never for sale, and never for any purpose unrelated to the connected feature.

10. Changes to this policy

Material changes are emailed to workspace admins at least 30 days before they take effect. Trivial clarifications are posted with the "Last updated" date refreshed.

11. Contact us

alovibe · dpo@alovibe.com