CIERA Privacy Policy
Last updated: May 2026
1. Introduction
CIERA (“we”, “our”, or “us”) operates the WhatsApp AI Dashboard Platform. This Privacy Policy explains what personal data we collect, why we collect it, how we store and protect it, and how you can exercise your rights. We process data in line with applicable law, including the GDPR (where applicable) and POPIA (South Africa).
2. Data we collect
- Account information: email address, display name, and authentication data when you sign up or sign in.
- WhatsApp-related data: phone numbers, message content, conversation history, and metadata that we receive in connection with your use of our platform to handle and display WhatsApp AI agent conversations.
- Usage and product data: how you use the dashboard (e.g. KPIs, analytics views) and any configuration you provide (e.g. tenant connections, webhooks).
- Google Calendar data: if you choose to connect your Google account, we receive an OAuth access token and refresh token, and read and write calendar events on the calendar you authorise. We use this only to let the AI agent check availability and create, view, or update bookings on your behalf.
- Technical data: device and browser information, IP address, and logs where necessary for security and operation.
3. Purposes of processing
We use your data to: provide and operate the dashboard; handle and display WhatsApp conversations; authenticate and manage your account; improve our service and analytics; comply with legal obligations; and protect the security and integrity of our systems.
4. Storage and security
Data is stored using Supabase and related infrastructure. We use industry-standard measures including encryption in transit and at rest, access controls, and secure authentication. Data may be processed in the regions where our service providers operate; we ensure appropriate safeguards where required by law.
5. Google user data and Limited Use
When you connect a Google account, CIERA requests the calendar.events and calendar.readonly scopes. We use the resulting access strictly to read your availability and to create, view, and update calendar events that you or your customers schedule through the AI agent. You can revoke this access at any time from your Google Account permissions page or by disconnecting the calendar in the CIERA dashboard.
CIERA’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google Calendar data for advertising, do not sell it, do not transfer it to third parties except as needed to provide or improve the calendar feature (or as required by law), and do not allow humans to read it except with your consent, for security, to comply with applicable law, or where the data is aggregated and anonymised. We do not use Google user data to train generalised AI or machine learning models.
6. Retention
We retain your data for as long as your account is active and as needed to provide the service, comply with legal obligations, and resolve disputes. You may request deletion at any time (see our Data Deletion page).
7. Your rights
Depending on your location, you may have the right to: access your data; correct inaccuracies; request deletion; object to or restrict certain processing; data portability; and withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority (e.g. your data protection authority). To exercise these rights, contact us using the details below.
8. Contact
For privacy-related requests or questions, email us at willemcnalbertyn@gmail.com or use the contact options on our website. We will respond within a reasonable time and in line with applicable law.