Legal

Privacy Policy

We prioritize the security and privacy of your data

Last updated: May 20, 2026

Introduction

Cloud AI Digital is a CRM, financial management, and WhatsApp automation platform designed for small and medium businesses. This Privacy Policy explains what information we collect, why we collect it, how it is used, and your rights regarding your data.

By accessing or using Cloud AI Digital, you agree to the practices described in this policy. If you are using the platform on behalf of a business, this policy applies to all data processed on that business's behalf.

Data We Collect

Cloud AI Digital collects and stores data that you voluntarily provide and data generated through use of the platform. We collect only what is necessary to deliver our services.

Information we collect:

  • Account information: name, email address, password (hashed), and authentication tokens

  • Business profile: company name, industry, address, phone number, tax ID, and currency

  • Financial data: invoices, quotations, transactions, products, expenses, and revenue records

  • CRM data: leads, contacts, pipeline stages, tasks, notes, and activity history

  • WhatsApp data: connected phone numbers, message content, media, and conversation history for automation

  • Team data: member email addresses, roles, and permission assignments

  • Usage data: page views, feature interactions, and error logs for platform improvement

  • Billing data: subscription plan, billing status, and payment references (card details are handled exclusively by Stripe)

All business data entered into Cloud AI Digital remains your property. We do not sell, rent, or share your data with third parties for marketing, advertising, or any purpose unrelated to delivering our service.

How We Use Your Data

We use your data solely to operate and improve Cloud AI Digital. Specifically:

  • Operate the platform: power CRM workflows, financial reporting, invoicing, and WhatsApp automation

  • AI features: send minimum-required context to AI providers when you use AI Chat, AI Insights, or receipt scanning

  • Billing and subscriptions: process plan upgrades, enforce usage limits, and communicate billing status

  • Support: respond to your inquiries and resolve issues with your account

  • Security: detect and prevent fraud, unauthorized access, and abuse

  • Product improvement: analyze anonymized usage patterns to build better features

WhatsApp & Messaging Data

Cloud AI Digital integrates with the WhatsApp Business API (Meta) to provide automated messaging for your business. When this feature is enabled:

  • Phone numbers and message content are stored in your account to power automations, conversation history, and CRM sync

  • Media files (images, documents) sent via WhatsApp may be temporarily stored for processing and delivery

  • Webhook events received from Meta are processed to update conversation state and trigger workflows

  • We do not use WhatsApp message content to train AI models or for any purpose beyond the automation you configure

Note: You are responsible for obtaining appropriate consent from your customers before messaging them through the WhatsApp Business API, in compliance with Meta's policies and applicable law.

Third-Party Services

Cloud AI Digital relies on trusted third-party infrastructure providers to deliver platform functionality. Each provider is bound by data processing agreements and operates under their own privacy standards.

  • Backend infrastructure: Your business and CRM data is stored and processed on secure cloud backend infrastructure with encryption at rest and in transit.

  • Payment processing: Subscription billing is handled by a PCI-compliant payment processor. Cloud AI Digital never stores raw card numbers or payment credentials.

  • Messaging infrastructure: WhatsApp messaging automation is powered via an approved messaging API. Message content transits through this infrastructure solely to deliver your configured automations.

  • AI processing: When you use AI features, limited request context is processed by a third-party AI service provider. Only the minimum data required for the specific request is sent.

  • Email delivery: Transactional emails such as invoice deliveries, team invitations, and confirmations are delivered via a third-party email service provider.

Security

Encrypted in Transit & at Rest

All data transmitted between your browser and our servers is protected with TLS encryption. Data stored in Convex is encrypted at rest.

We implement industry-standard security practices to protect your data:

  • Encrypted transmission: All data is transmitted over HTTPS/TLS. Unencrypted connections are rejected.

  • Access controls: Authentication tokens, role-based permissions, and team-level isolation prevent unauthorized access to your business data.

  • Hashed credentials: Passwords are never stored in plain text. We use secure hashing algorithms before storage.

Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password and enable any available multi-factor authentication.

AI Usage

Cloud AI Digital uses artificial intelligence to provide insights, automate tasks, and assist with CRM and financial workflows. We apply the minimum-data principle: AI providers only receive what is necessary for the specific request.

How AI data is handled:

  1. Scoped context: Only the data required for your specific request is sent — not your full database.
  2. Transient processing: Data sent to AI providers is processed for that request only and is not retained by the provider beyond the request.
  3. Encrypted transit: All AI requests are sent over encrypted (HTTPS/TLS) connections.
  4. Anonymization: Where practical, identifying fields are removed or pseudonymized before being sent to AI providers.
  5. No training: Your data is not used to train or fine-tune AI models.

AI processing is triggered only when you explicitly use an AI feature (AI Chat, AI Insights, receipt scanning). You can choose not to use these features at any time.

Third-Party AI Processing

When you use AI features, relevant context is sent to a third-party AI service provider via an encrypted API connection. Under our data processing terms with that provider, your submitted data is not used to train or improve their general AI models. Data is processed transiently for the duration of your request only.

AI Chat

When you use AI Chat, your message and only relevant CRM or financial summaries (e.g. recent totals, open invoices) are sent to generate a response. Raw records and identifying customer data are minimized.

AI Insights

AI Insights sends aggregated financial metrics (revenue, expenses, trends) required for the analysis you request. Individual transaction identifiers are reduced where practical.

Receipt & Document Parsing

When parsing receipts or finance documents, only the extracted text and required fields for categorization are sent. Data is processed per-request and is not retained.

AI Data Handling Summary

  • All AI request data is transmitted via encrypted (HTTPS/TLS) connections.

  • Only the minimum finance or business context required for the task is sent.

  • Identifying fields are anonymized or pseudonymized where practical.

  • Data sent for AI requests is not retained beyond the scope of that request.

Data Retention

We retain your data for as long as your account is active or as needed to provide you with the service. Specific retention guidelines:

  • Account and business data: Retained while your account is active. After account deletion, data is purged within 30 days unless required by law.

  • Financial records: Invoices, transactions, and related records may be retained for up to 7 years to comply with applicable accounting and tax regulations.

  • WhatsApp conversation logs: Retained for the period necessary to support your automation workflows. You can delete individual conversations at any time.

  • AI request data: Not retained beyond the scope of each individual request (see AI Usage above).

  • Backup snapshots: Retained for a short rolling period (typically 30 days) for disaster recovery purposes, after which they are permanently deleted.

Your Rights

You have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@cloudaidigital.com.

  • Access: Request a copy of the personal data we hold about you.

  • Correction: Request that inaccurate or incomplete data be corrected.

  • Deletion: Request deletion of your account and associated personal data, subject to legal retention obligations.

  • Portability: Request your business data in a machine-readable format (CSV or JSON export).

  • Objection: Object to certain processing of your data, such as analytics.

  • Withdrawal of consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Cookies

Cloud AI Digital uses a minimal set of cookies strictly necessary for the platform to function:

  • Session cookies: Used to maintain your authenticated session. These expire when you close your browser or log out.

  • Preference cookies: Store your interface preferences such as language, theme, and sidebar state. These are stored locally.

  • No third-party tracking: We do not use advertising cookies, cross-site tracking, or analytics cookies from third parties.

Policy Changes

We may update this Privacy Policy from time to time to reflect changes to the platform, new features, or evolving legal requirements. When we make significant changes, we will notify you via in-app notice or email if available.

The updated policy will be posted on this page with a revised 'Last updated' date. Continued use of Cloud AI Digital after a policy change takes effect constitutes acceptance of the updated policy.

Contact

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your data, please contact us:

Cloud AI Digital

Email: hello@cloudaidigital.com

© 2026 Cloud AI Digital. All rights reserved.