Privacy Policy

1. Who We Are

LOONI is an AI receptionist platform for small businesses. The data controller for personal data processed through the LOONI platform is [TODO: legal entity name + registered address].

If you have any questions about this policy or our data practices, please contact us at [TODO: privacy contact email].

2. Information We Collect

Account data: When you register, we collect information such as your name, email address, and business details (business name, phone number, address, industry).

Customer data processed on your behalf: As part of providing the AI receptionist service, we process data your customers provide when they contact your business — including customer phone numbers, the content of messages and calls, voice transcripts, and appointment details. We act as a data processor for this data; you (the business) are the data controller.

Technical and usage data: We collect IP addresses, device information, browser type, pages visited, and session cookies to operate and improve the service.

3. How and Why We Use Your Data

We use the data we collect to: provide, operate, and maintain the LOONI AI receptionist service; manage appointment bookings and send reminders; provide customer support; ensure the security and integrity of our platform; and improve and develop new features.

The lawful bases we rely on are: performance of a contract (providing the service you signed up for); legitimate interests (security, fraud prevention, service improvement); and consent where required. [TODO: confirm specific lawful bases with counsel for each processing activity].

4. SMS & Messaging Disclosures

LOONI sends service messages on behalf of businesses, including appointment confirmations, reminders, and replies to customer inquiries via SMS, WhatsApp, voice, email, and web chat.

Mobile phone numbers are not shared with third parties or affiliates for marketing or promotional purposes.

Message frequency varies. You may receive recurring service messages such as appointment confirmations and reminders.

Message and data rates may apply. Standard carrier rates apply to SMS and voice messages.

Reply STOP to unsubscribe at any time, or HELP for help. To opt out of SMS messages from a business using LOONI, reply STOP to any message. To get assistance, reply HELP.

5. Third-Party Sub-Processors

We share data with trusted sub-processors that help us deliver the service. These include: Twilio (telephony, SMS, and WhatsApp); OpenAI and Anthropic (AI language processing); Resend (transactional email); Google and Microsoft (calendar and email integrations); Stripe (payment processing); Qdrant and Railway (vector database and infrastructure hosting).

Each sub-processor is bound by data processing agreements and is required to protect your data in accordance with applicable law.

Mobile phone numbers collected through LOONI are never sold or shared with third parties for marketing purposes.

6. Data Retention

We retain personal data for as long as necessary to provide the service and comply with our legal obligations. When you close your account, your data will be deleted or anonymised in accordance with our retention schedule.

[TODO: retention periods — specify exact durations for each data category, e.g. conversation transcripts, call recordings, account data, with counsel].

7. Your Rights

If you are in the European Economic Area or United Kingdom, under the GDPR you have the right to: access your personal data; rectify inaccurate data; request erasure ("right to be forgotten"); restrict or object to processing; receive your data in a portable format; withdraw consent at any time without affecting prior processing; and lodge a complaint with a supervisory authority.

Under Israel's Protection of Privacy Law (5741-1981), you have the right to review personal information held about you and to request corrections.

To exercise any of these rights, please contact us at [TODO: privacy contact email].

8. Cookies

We use essential session cookies to maintain authentication state and remember your language preference. These cookies are strictly necessary for the service to function.

[TODO: confirm with counsel whether any analytics or marketing cookies are used, and update this section accordingly. If analytics are added, a cookie banner / consent mechanism may be required].

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where some of our sub-processors are based. We implement appropriate safeguards for such transfers.

[TODO: confirm the specific transfer mechanism(s) used, e.g. Standard Contractual Clauses (SCCs), adequacy decision, or binding corporate rules, with counsel].

10. Children

The LOONI service is not directed to children under [TODO: 16/18 — confirm applicable age with counsel]. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the service before the change becomes effective.

Your continued use of LOONI after a policy update constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our privacy team at: [TODO: privacy contact email].

Data controller: [TODO: legal entity name + registered address].