AI Auto Lab

Privacy Policy

Effective Date: April 2, 2026
Last Updated: April 2, 2026

1. Introduction

AI Auto Lab ("we," "us," or "our") operates an AI-powered sales automation platform that integrates with WhatsApp Business API to help businesses automate customer conversations, lead qualification, and appointment booking.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

2. Information We Collect

2.1 Account Information

  • Business name and contact details
  • User names and email addresses
  • Phone numbers (for WhatsApp Business API integration)
  • Billing and payment information

2.2 Customer Conversation Data

  • WhatsApp messages between your business and your customers
  • Customer contact information (names, phone numbers)
  • Lead qualification data and responses
  • Appointment scheduling information
  • Conversation metadata (timestamps, message status)

2.3 Usage Data

  • Login activity and access logs
  • Feature usage analytics
  • Device information (IP address, browser type, operating system)
  • Performance and error logs

2.4 AI Training Data

  • We do NOT use your customer conversations to train our AI models
  • Only anonymized, aggregated usage patterns may be analyzed for service improvement

3. How We Use Your Information

3.1 Primary Purposes

  • Service Delivery: Operating the AI sales assistant, processing conversations, and automating workflows
  • Lead Management: Qualifying leads, scoring conversations, and managing your CRM
  • Appointment Booking: Scheduling meetings with your customers
  • Analytics & Reporting: Providing insights on lead quality, conversion rates, and AI performance

3.2 AI Automated Decision-Making

Our AI makes automated decisions including:

  • Lead qualification scoring (BANT framework)
  • Conversation routing and response generation
  • Appointment slot recommendations

Your Rights: You can review, override, or disable any AI-automated decision. Human review is always available.

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract Performance: To provide the services you subscribed to (Art. 6(1)(b) GDPR)
  • Legitimate Interests: To improve our services and prevent fraud (Art. 6(1)(f) GDPR)
  • Consent: For optional features like marketing communications (Art. 6(1)(a) GDPR)

5. Data Sharing and Third Parties

5.1 WhatsApp Business API

  • We use WhatsApp Business API (Meta) as our messaging infrastructure
  • WhatsApp provides end-to-end encryption for message content
  • Metadata (timestamps, delivery status) is processed by Meta under EU-US Data Privacy Framework
  • We have a Data Processing Agreement (DPA) with our WhatsApp Business Solution Provider

5.2 Service Providers

  • Cloud Hosting: AWS or Google Cloud (data stored in Singapore or EU regions)
  • Payment Processing: Stripe (PCI-DSS compliant)
  • Analytics: Anonymized usage analytics only

5.3 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

6. Data Retention and Deletion

6.1 Retention Periods

  • Active Accounts: Data retained while your subscription is active
  • Conversation History: Retained for 24 months or as configured in your plan
  • Billing Records: Retained for 7 years for accounting compliance
  • Logs and Analytics: Anonymized after 90 days

6.2 Deletion Rights

You can request deletion of your data at any time by:

  1. Contacting [email protected]
  2. Using the "Delete Account" option in your dashboard
  3. We will delete all data within 30 days, except where legally required to retain

7. Your Rights (GDPR & CCPA)

7.1 Access & Portability

  • Request a copy of all your data in machine-readable format (CSV, JSON)
  • Export your conversation history and lead database

7.2 Correction & Deletion

  • Correct inaccurate personal information
  • Request deletion of your account and all associated data
  • No 12-month lookback limits apply

7.3 Opt-Out & Consent Withdrawal

  • Opt out of marketing communications anytime
  • Withdraw consent for optional data processing
  • Use Global Privacy Control (GPC) signals

To Exercise Your Rights: Email [email protected] or use the Privacy Center in your dashboard.

8. Data Security

8.1 Technical Measures

  • End-to-end encryption for WhatsApp messages
  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Regular security audits and penetration testing

8.2 Access Controls

  • Role-based access controls (RBAC)
  • Multi-factor authentication (MFA) required for admin accounts
  • Audit logs for all data access

8.3 Breach Notification

In the event of a data breach affecting your personal data, we will:

  • Notify you within 72 hours
  • Provide details of the breach and remediation steps
  • Report to relevant authorities as required by law

9. Contact Us

For All Inquiries:

Email: [email protected]

WhatsApp: [Your WhatsApp Business Number]

Privacy Center:

https://aiautoslab.com/privacy-center

Governing Law:

This Privacy Policy is governed by Malaysian law, including the Personal Data Protection Act 2010 (PDPA). For matters related to data protection, you may contact the Personal Data Protection Department of Malaysia.