Privacy Policy

Effective Date: January 3, 2026
Last Updated: January 19, 2026

Introduction

Alobam AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered booking assistant platform (the "Service").

Information We Collect

1. Business Information

When you register for the Service, we collect:

  • Business name, address, and phone number
  • Business owner name and email address
  • Business hours and timezone
  • Services offered and pricing
  • Staff information

2. Customer Information

When customers interact with your AI assistant, we collect:

  • Name, email address, and phone number
  • Appointment details (service type, date, time)
  • Communication history with the AI

3. Usage and Technical Information

  • Log data (IP address, browser type, device information)
  • Cookies and similar tracking technologies
  • Service usage statistics and analytics
  • Error reports and performance data

4. Third-Party Integration Data

When you connect third-party services:

  • Google Calendar: Event details, calendar metadata
  • Facebook/Instagram/WhatsApp: Message content, sender information
  • Stripe: Payment transaction data
  • Email Services: Email addresses, delivery status

How We Use Your Information

We use collected information for:

  1. Service Delivery:

    • Operating and maintaining the AI assistant
    • Managing appointments and bookings
    • Sending confirmation emails and reminders
    • Processing payments

  2. Service Improvement:

    • Analyzing usage patterns
    • Improving AI accuracy and responses
    • Developing new features
    • Troubleshooting technical issues

  3. Communication:

    • Sending service updates and announcements
    • Responding to support requests
    • Providing training and onboarding

  4. Legal Compliance:

    • Meeting regulatory requirements (GDPR, CCPA)
    • Preventing fraud and unauthorized access
    • Enforcing our Terms of Service

Data Sharing and Disclosure

Third-Party Service Providers

We share data with trusted service providers who assist in operating our Service:

Provider Purpose Data Shared
Supabase Database & Authentication All application data, encrypted
Google Calendar API, AI (Gemini) Calendar events, AI conversation data
Meta/Facebook Messaging integration Message content, sender information
Stripe Payment processing Transaction data, payment information
Vercel Application hosting Application data
Resend Email delivery Email addresses, message content

We Do NOT:

  • ❌ Sell your personal information to third parties
  • ❌ Use your data for marketing without explicit consent
  • ❌ Share data with unauthorized third parties
  • ❌ Allow unauthorized access to customer data

Legal Disclosures

We may disclose information when required by law:

  • In response to valid subpoenas or court orders
  • To protect rights, property, or safety
  • In connection with business transfers (sale, merger, etc.)

Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Audit Logging: Comprehensive logs of all data access
  • Regular Security Audits: Penetration testing and vulnerability assessments
  • Incident Response: Documented breach notification procedures

Data Breach Notification

In the event of a data breach, we will:

  1. Notify affected individuals promptly
  2. Notify relevant authorities as required by law
  3. Provide details of the breach and mitigation steps

Your Privacy Rights

GDPR Rights (for EU residents)

  • Right to Access: Request what data we hold about you
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Data Portability: Receive data in machine-readable format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw consent at any time

CCPA Rights (for California residents)

  • Right to Know: What personal information is collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Not be discriminated against for exercising rights

How to Exercise Your Rights

To exercise any privacy rights:

  1. Email: privacy@alobam.com
  2. Account Settings: Access data portal (when available)

We will respond within:

  • 30 days for CCPA/GDPR requests

Data Retention

Data Type Retention Period Reason
Customer Records 3 years after last activity Service continuity
Appointment History 3 years Business records
Payment Records 7 years Tax and audit requirements
Communication Logs 2 years Service improvement, dispute resolution
Account Information Until account closure + 30 days Service operation

After retention periods expire, data is securely deleted or anonymized.

Cookies and Tracking

We use the following types of cookies:

  1. Essential Cookies: Required for Service functionality (authentication, security)
  2. Analytics Cookies: Understand how you use the Service
  3. Preference Cookies: Remember your settings

You can control cookies through your browser settings. Disabling essential cookies may limit Service functionality.

Third-Party Links

Our Service may contain links to third-party websites (e.g., payment processors, social media). We are not responsible for the privacy practices of these third parties. Please review their privacy policies separately.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards through:

  • Standard Contractual Clauses (EU Commission approved)
  • Data Processing Agreements with all processors

Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on Service dashboard
  • 30-day notice period before effective date

Continued use of the Service after changes constitutes acceptance.

Contact Information

Privacy Officer:
Email: privacy@alobam.com

State-Specific Rights:

  • California: California Civil Code Section 1798.83 permits users to request information regarding disclosure of personal information to third parties.
  • Nevada: Nevada residents may opt-out of sale of personal information (though we don't sell data).
  • Virginia: Virginia Consumer Data Protection Act (VCDPA) rights apply to Virginia residents.

© 2026 Alobam. All rights reserved.