Privacy Policy
Last updated: May 2026
1. Identity of the Data Controller
The controller responsible for processing your personal data is RedAlive (hereinafter "RedAlive", "we"). For any privacy-related matter, contact us at info@redalive.app.
2. Personal Data We Collect
When you contract or use RedAlive services, we may collect:
- Identification data: name, email, phone.
- Business data: legal name, tax ID, fiscal address, industry.
- Authorization credentials (tokens) you grant via Meta OAuth to connect your WhatsApp, Facebook and Instagram accounts. We never ask for your passwords.
- Content of conversations processed by our assistant to respond to your clients.
- Payment data processed via our provider Stripe (we do not store card numbers).
3. Purposes of Processing
Your data is used only to:
- Provide the contracted automation and publishing services.
- Process payments and issue invoices.
- Communicate with you about the service (notifications, support, updates).
- Comply with applicable legal obligations.
We do not sell or share your data with third parties for our own commercial purposes. The data of your end clients that passes through our system is processed solely to provide the service you contracted.
4. Data Transfers
Your data may be transferred to the following third parties strictly to operate the service:
- Meta Platforms, Inc. — operation of WhatsApp Cloud API, Messenger and Instagram.
- Anthropic, PBC — message processing via the Claude model to generate responses.
- OpenAI, Inc. — message classification and embeddings generation for search.
- Stripe, Inc. — payment processing.
- Cloudflare, Inc. — network and security infrastructure.
All providers comply with international data protection standards (GDPR, CCPA) and sign confidentiality commitments with RedAlive.
5. ARCO Rights
You have the right to Access, Rectify, Cancel or Object (ARCO) to the processing of your personal data. To exercise these rights, send a written request to info@redalive.app with the following information:
- Full name and contact method for our response.
- Documents proving your identity.
- Clear and precise description of the ARCO right you wish to exercise.
We will respond to your request within a maximum of 20 business days as required by LFPDPPP.
6. Security Measures
We implement technical and administrative measures to protect your data: AES-256-GCM encryption at rest for credentials, role-based access control, operation auditing, encrypted communication (TLS) in all transfers, and strict separation between data of different clients (multi-tenant architecture).
7. Cookies and Similar Technologies
Our website uses cookies strictly necessary for operation (authentication, session preferences). We do not use third-party advertising tracking cookies without your explicit consent.
8. Changes to the Privacy Policy
We may update this Privacy Policy when necessary. Substantial modifications will be notified by email at least 30 days before their entry into force. The current version will always be available at this URL.
9. Control Authority
If you believe your right to personal data protection has been violated by any conduct of RedAlive, you may turn to the National Institute of Transparency, Access to Information and Personal Data Protection (INAI), at home.inai.org.mx.