Privacy Policy
Last updated: 2 Dec 2025
Philoxenia Agency SRL
Bld Roman-Mușat nr. 36, Roman, Neamț, Romania
Website: https://philoxenia-agency.com
Philoxenia Agency SRL (“we”, “our”, “us”) provides AI-powered messaging automation and knowledge assistance services for business clients. This Privacy Policy explains how we handle personal data under GDPR, CCPA, and other applicable data protection laws.
By using our website or services, you consent to the practices described below.
1️⃣ Information We Collect
We may collect and process the following categories of personal data:
1. Data provided directly
Name, business name
Email address or phone number
Social media account details (e.g., Instagram handles)
Messages and communication content provided by the business owner
2. Data processed on behalf of our customers
Messages, user IDs, and lead details provided through platforms such as:
Instagram / Facebook Messenger
SMS
CRM systems
In this case, the business owner is the Data Controller, and we act as Data Processor.
3. Technical data (cookies + analytics)
IP address, device type, browser type
Usage statistics
Pages visited
Interaction with website elements
4. Billing-related data
Only processed by third-party payment providers (e.g. Stripe, Revolut, Wise)
We do not store or directly process credit card details.
2️⃣ How We Use Personal Data
We use personal data only for the following purposes:
To deliver our AI messaging and knowledge services
To set up and train AI systems using the client-provided data
To provide customer support and onboarding
To maintain platform security and prevent abuse
To improve the quality, accuracy, and performance of our AI systems
To send service-related communications
To comply with legal obligations
We do not sell personal data.
3️⃣ Automated AI Processing
Messages processed by our AI systems may involve:
automated responses
intent detection
knowledge retrieval and matching
qualification logic for business workflows
These automations do not make legal, financial, or employment decisions about individuals.
4️⃣ Data Processed on Behalf of Our Customers (GDPR Article 28)
For customer prospect interactions (DMs, WhatsApp, email, etc.), we process data only according to the customer’s instructions and contracts.
Each customer remains fully responsible for:
providing necessary consents to their leads
the legality of their data collection
the content of the conversations occurring through their channels
We can provide a Data Processing Agreement (DPA) upon request.
5️⃣ Legal Grounds for Processing (GDPR)
We process personal data based on:
Contractual necessity — delivering our AI services
Legitimate interest — maintaining platform security & improving services
Consent — for cookies or marketing where required
6️⃣ Third-Party Service Providers
We use trusted vendors to operate our service, including but not limited to:
GoHighLevel — CRM & website services
OpenAI, Anthropic (Claude), Grok — AI model processing
Twilio — messaging communications
Payment processors — Stripe / Revolut / Wise
Analytics — Google Analytics
Data may be stored on secure servers located in the EU or USA.
All third parties comply with GDPR-equivalent protections.
7️⃣ Data Sharing
We may share processed personal data only with:
Contractors or virtual assistants under NDA
Third-party services required for platform functionality
We do not share personal data with unrelated third parties.
8️⃣ International Data Transfers
Some data may be transferred outside the EU (e.g., to US-based platforms).
When this occurs, industry-standard safeguards such as Standard Contractual Clauses (SCCs) are applied.
9️⃣ Data Retention
Data is stored only as long as necessary to:
deliver the contracted services, or
until a deletion request is received
Once removed, data is permanently deleted from active systems and backups following normal retention cycles.
🔟 Security Measures
We protect personal data using:
Encryption in transit (HTTPS/TLS)
Secure credential & access control
Password-protected systems
Role-based access (only authorized staff can view data)
Confidentiality agreements with employees & contractors
Despite strong safeguards, no system can guarantee 100% security.
1️⃣1️⃣ User Rights (GDPR)
Users whose data is processed may request:
Access — what data we hold
Correction — fix incorrect information
Deletion — removal of data
Opt-out — from marketing communications
Requests can be submitted at:
📬 [email protected]
We will respond within the legal timeframe (30 days under GDPR).
1️⃣2️⃣ Children’s Data
We do not knowingly collect data from individuals under the age of 18.
If such data is discovered, it will be deleted immediately.
1️⃣3️⃣ Changes to This Policy
We may update this policy from time to time.
The “Last Updated” date at the top will reflect the latest version.
1️⃣4️⃣ Contact Information
For any privacy questions or requests:
Philoxenia Agency SRL
📍 Bld Roman-Mușat nr. 36, Roman, Neamț, Romania
📧 Email: [email protected]