Legal

Privacy Policy

Last updated: July 2025

1. Introduction

This Privacy Policy explains how Colabe ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform. We are committed to protecting your privacy in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), California Consumer Privacy Act (CCPA), and other applicable privacy frameworks.

2. Data We Collect

Account data: Name, email address, phone number, country, preferred language, and currency.

Business data: Business name, category, segment, address, documents, logo, and operational information.

Payment data: Payment processing is handled by Stripe. We do not store credit card numbers. We store transaction references, amounts, and payment status.

Usage data: Pages visited, features used, device information, IP address, browser type, and session duration.

Communication data: Messages sent through AI employees, customer interactions, and support tickets.

3. How We Use Your Data

We use your data to: (a) provide and improve the Service; (b) process payments; (c) send transactional communications (receipts, status updates); (d) personalize your experience; (e) provide analytics and insights; (f) comply with legal obligations; (g) detect and prevent fraud.

We process data based on: contract performance, legitimate interest, legal obligation, and your consent where required.

4. Data Sharing

We share data only with:

  • Stripe: Payment processing (PCI DSS compliant).
  • AWS: Cloud infrastructure (data stored in AWS regions).
  • OpenAI: AI processing for AI employee features (no personal data sent beyond conversation context).
  • Communication providers: Email and SMS delivery services for transactional messages.

We do not sell personal data to third parties. We do not use personal data for advertising purposes.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion, we retain data for up to 90 days for backup recovery, then permanently delete it. Financial records are retained for the period required by applicable tax and accounting laws (typically 5-10 years).

6. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Restrict processing of your data.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at privacy@colabe.app. We respond within 30 days (or the timeframe required by your local law).

7. International Data Transfers

Your data may be processed in the United States, European Union, or other regions where our infrastructure providers operate. For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions. For transfers from Brazil, we comply with LGPD's international transfer mechanisms.

8. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, regular security audits, and incident response procedures. Despite our efforts, no method of electronic storage is 100% secure.

9. Cookies & Tracking

We use essential cookies for authentication and session management. We use analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings. We respect Do Not Track browser signals.

10. Children's Privacy

The Service is not directed to children under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before changes take effect.

12. Contact & Data Protection Officer

For privacy inquiries, contact our Data Protection Officer at dpo@colabe.app.

For EU/EEA residents, you have the right to lodge a complaint with your local supervisory authority.

For Brazilian residents, you may contact the ANPD (Autoridade Nacional de Proteção de Dados).

Ready to get started?

Hire your first AI employee and see results from day one.

Create accountSee demo