1. Who We Are
My Clienta is operated by a sole proprietor based in North Macedonia. We provide AI-powered automation tools for small businesses across Europe, including chat assistants, booking management, lead capture, and voice AI services.
Data Controller: My Clienta (Sole Proprietor)
Location: North Macedonia
Contact: [email protected]
2. What Data We Collect
We collect and process the following categories of personal data:
- Account information: Name, email address, phone number, business name, business type, and country.
- Booking data: Customer names, email addresses, phone numbers, service details, dates, and booking status.
- Chat conversations: Messages exchanged between website visitors and the AI chat assistant, including any personal information shared during the conversation.
- Voice recordings: Recordings of phone calls handled by the AI voice assistant, including transcriptions.
- Lead data: Names, email addresses, phone numbers, and interaction details captured through chat, phone, or forms.
- Business information: Services offered, business hours, pricing, location, and website content used to train the AI assistant.
- Payment information: Processed by Stripe. We do not store credit card numbers directly.
- Technical data: IP addresses, browser type, device information, and usage analytics.
3. Why We Collect Your Data
- Service delivery: To provide AI chat, voice, and booking automation to our clients and their customers.
- Account management: To create and manage client accounts, process subscriptions, and provide support.
- Billing: To process payments, generate invoices, and manage subscriptions through Stripe.
- Communication: To send booking confirmations, reminders, welcome emails, and service-related notifications.
- Service improvement: To analyze usage patterns, improve AI responses, and enhance platform features.
- Marketing (B2B only): To contact businesses about our services through outreach emails. All marketing emails include an unsubscribe option.
4. Legal Basis
We process personal data under the following legal bases as defined by the GDPR:
- Contract (Art. 6(1)(b)): Processing necessary to fulfill our service agreement with clients, including account management, booking handling, and AI assistant operation.
- Legitimate interest (Art. 6(1)(f)): B2B outreach to businesses that may benefit from our services, platform security, and fraud prevention.
- Consent (Art. 6(1)(a)): Where required for processing personal data of end-users interacting with chat or voice assistants. Consent can be withdrawn at any time.
- Legal obligation (Art. 6(1)(c)): Where we are required to retain data for tax, accounting, or regulatory purposes.
5. Data Processors (Third Parties)
We use the following third-party services to process data on our behalf:
| Provider | Purpose | Location |
|---|
| Supabase | Database and authentication | EU / US |
| Vercel | Website hosting and deployment | US (global CDN) |
| Amazon Web Services (SES) | Email delivery | EU (eu-west-1) |
| Stripe | Payment processing | US / EU |
| Groq | AI language model inference | US |
| Retell AI | AI voice calling | US |
| Apify / SerpAPI | Public business data collection | EU / US |
All processors are bound by data processing agreements (DPAs).
6. International Data Transfers
Some of our data processors are based in the United States. Where personal data is transferred outside the EU/EEA, we ensure adequate protection through:
- The EU-US Data Privacy Framework (DPF) for certified US companies.
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions where applicable.
7. Data Retention Periods
We retain personal data only as long as necessary for the purposes described above:
| Data Type | Retention Period |
|---|
| Account data | Until deletion requested |
| Booking data | 24 months |
| Lead data | 18 months |
| Chat conversations | 12 months |
| Voice recordings | 6 months |
| Outreach logs | 12 months |
| Payment records | As required by law (typically 5-10 years) |
After the retention period expires, data is automatically deleted or anonymized.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of your personal data.
- Right to rectification (Art. 16): Request correction of inaccurate data.
- Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interest, including direct marketing.
- Right to restriction (Art. 18): Request restriction of processing in certain circumstances.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at [email protected] or use our data request form. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. For North Macedonia, this is the Directorate for Personal Data Protection (DZLP).
9. Cookies
We use only essential cookies required for the operation of our platform. These include:
- Authentication cookies: Set by Supabase to manage user sessions. These are strictly necessary and do not require consent.
- Cookie consent: A localStorage entry to remember your cookie banner preference.
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest.
- Row-level security (RLS) in our database to ensure tenant data isolation.
- Role-based access control for administrative functions.
- Regular review of third-party processor security practices.
11. Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated via email to registered users. The “Last updated” date at the top reflects the most recent revision.