Privacy Policy for Hellomatik Platform

Controller: HELLOMATIK, S.L. (CIF B22803126)
Contact: contact@hellomatik.com

Effective date: 1 October 2025 — Last updated: 1 October 2025

1) Who we are and how this policy applies

This Policy explains how Hellomatik collects, uses, shares and protects personal data. Sometimes we control the data (for account, billing, support, security). Other times we process data on behalf of customers (for content in our Voice/Chat/Procedures modules). When we process data for customers, a Data Processing Agreement (DPA) sets our duties and limits. See sections 9 (Disclosures) and 10 (International transfers) for more details.

2) Data we process

A) Data you provide

Account & billing: name, company, role, business email, phone, payment identifiers (tokenised by our payment provider), invoice details.

Customer content: texts, files, records, call audio, transcripts, chat messages, workflow payloads, and metadata from your users.

Support & communications: requests and messages (including attachments).

B) Data we collect automatically

Technical & usage data: IP address, device/browser type, pages or features used, timestamps, logs and error events, telemetry needed to secure and run the Services.

C) Data from third parties

Integrations you connect (like CRM/ERP, messaging, telephony, authentication, analytics) may provide identifiers or content needed for your workflow. When we get personal data not directly from you, we tell you the source and categories. We provide the Article 14 GDPR information within one month or at the first contact or disclosure, whichever comes first. Our Cookie Policy covers cookie-related identifiers and consent for non-essential cookies.

3) Purposes and legal bases

We process personal data only for these purposes and legal bases:

Right to object or withdraw consent. When we rely on legitimate interests (Art. 6(1)(f)), you can object at any time based on your situation. When we rely on consent, you can withdraw it at any time. This does not affect past processing. Contact: contact@hellomatik.com. We can provide a short summary of our legitimate-interest assessment (LIA) on request.

4) Model training and product improvement

No default training on your content. We do not use customer content (inputs, outputs, call audio, transcripts, chats, workflow payloads) to train AI models by default.

Opt-in only. Any optional data-sharing for training will be clear, specific and revocable. Without your consent, we do not use your content for training.

Safety and abuse review. If content is flagged for security or misuse, we may review minimal snippets needed to investigate and enforce policies.

These commitments follow purpose limitation and data minimisation rules.

5) Retention

We keep personal data only as long as needed for these purposes or as required by law. Current defaults:

Is it required to provide data? Some data are needed for the contract (like account and billing). Without it, we cannot create or maintain your subscription. When we ask for data not needed for the contract, we will tell you and explain what happens if you don't provide it.

6) Your rights

You can exercise these rights: access, correction, deletion, restriction, objection, portability. You also have the right not to be subject to decisions based only on automated processing that produce legal or similar effects.

Response time: 1 month or less. Contact: contact@hellomatik.com. You can file a complaint with the Agencia Española de Protección de Datos (AEPD): https://www.aepd.es.

16) Contact

Questions or requests about this Policy or your rights:

Email: contact@hellomatik.com