Legal
Privacy Policy
Last updated: December 20, 2025
In this section
Introduction
RICKY AI, S.EP.("we," "us," or "our") operates the website getricky.ai and provides AI automation services for WhatsApp (the "Service"). We are committed to protecting your privacy and complying with Meta's Platform Terms and applicable data protection laws in Panama and internationally.
The Service currently supports WhatsApp only. Additional messaging channels may be introduced in the future, in which case this Policy will be updated.
This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
Scope and Roles
We process personal data in two distinct capacities, and your rights may differ depending on which applies to you:
As a Data Controller
If you visit our website, contact us about the Service, or are a direct client, we act as the controller of the information you provide directly to us. This means we determine the purposes and means of processing your personal data.
As a Data Processor
If you are a person messaging a business that uses Ricky on WhatsApp ("End User"), that business is typically the controller of your message data, and we process that data on the business's behalf as its service provider. We strictly adhere to our clients' instructions and do not use this data for any purpose other than providing the Service.
Privacy requests about a business's WhatsApp messages should be directed to that business first. We assist our clients as required by contract and applicable law.
Data We Collect
We collect specific data to provide our AI services:
Account Information
Name, email address, phone number, and business details provided by our direct clients during registration and account setup.
Message Data
When you enable our Service on a WhatsApp Business Account, we process the content of incoming and outgoing messages, phone numbers, profile names, and message metadata to generate AI responses.
Technical Data
IP addresses, browser types, device information, operating system, and server logs required for security, debugging, and Service optimization.
Usage Data
Information about how you interact with our Service, including features used, actions taken, and performance metrics.
How We Use Your Data
We strictly use collected data for the following purposes:
Service Delivery
To read incoming WhatsApp messages and generate appropriate AI responses on behalf of our clients. This is the core function of our Service.
Service Improvement
To analyze message accuracy, identify issues, and improve the quality and reliability of our AI models and Service infrastructure.
Compliance and Security
To verify accounts, prevent spam or abuse, detect fraud, and ensure compliance with Meta's policies and applicable laws.
Communication
To send you Service-related notices, updates, security alerts, and support messages. We do not send marketing communications without your explicit consent.
Data Sharing and Third Parties
We do not sell your personal data. We may share data with trusted third-party infrastructure providers solely to operate our Service:
Meta Platforms, Inc.
To send and receive messages via the WhatsApp Cloud API. Messages are transmitted through Meta's infrastructure as required for WhatsApp functionality.
AI Service Providers
To process text and generate responses. These providers are bound by strict data confidentiality agreements and process data solely to provide AI inference capabilities.
Infrastructure Providers
Cloud hosting, database, and security service providers necessary for operating our Service. All providers are selected for their security practices and compliance standards.
We may also disclose your information if required by law, court order, or government request, or to protect our rights, privacy, safety, or property.
AI Processing and Model Training
The Service sends message content to AI providers solely to generate responses for our clients in real-time. We are committed to responsible AI practices:
Our Commitment
We do not use Business Solution Data (as defined in WhatsApp's Business Solution Terms), including anonymous, aggregate, or derived forms, to create, develop, train, or improve AI models. The only exception is fine-tuning a model for a client's exclusive use when explicitly authorized by that client under a separate written agreement.
Data Retention and Deletion
Retention Period
We retain chat logs and account data only as long as necessary to provide the Service, typically for the duration of your subscription plus a reasonable period for backup and compliance purposes. Technical logs are retained for up to 90 days.
Deletion Process
You have the right to request the deletion of your personal data. To request deletion of your data (including phone numbers and chat history), please contact us at ricardo@getricky.ai. We will process verified requests within 30 days.
Legal Requirements
Some data may be retained longer if required by applicable law, regulation, or legal proceedings.
Your Data Protection Rights
Depending on your location and applicable laws, you may have the following rights regarding your personal data:
Access
Request confirmation of whether we process your personal data and obtain a copy of it.
Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Erasure
Request deletion of your personal data under certain circumstances.
Restriction
Request that we limit how we use your data while concerns are resolved.
Portability
Receive your personal data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Complaint
Lodge a complaint with a supervisory authority in your jurisdiction.
To exercise any of these rights, please contact us at ricardo@getricky.ai. We will respond to your request within 30 days.
Legal Basis for Processing
For individuals in the European Economic Area (EEA), United Kingdom, Brazil, or other jurisdictions requiring a legal basis for processing, we rely on the following:
Contract Performance
Processing necessary to perform our contract with you, including providing the Service, managing your account, and processing payments.
Legitimate Interests
Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your rights.
Legal Obligations
Processing necessary to comply with applicable laws and regulations.
Consent
Where required by law, we obtain your consent before processing, such as for marketing communications or certain cookies.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
When we transfer personal data internationally, we implement appropriate safeguards to ensure your data receives adequate protection, including:
- •Standard Contractual Clauses approved by relevant data protection authorities
- •Transfers to countries recognized as providing adequate data protection
- •Binding contractual obligations with our service providers
Children's Information
Our Service is not intended for use by anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from Children.
If you are a parent or guardian and you become aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we will take steps to remove that information from our servers promptly.
Security
We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:
- •Encryption of data in transit (TLS/HTTPS) and at rest
- •Secure access controls and authentication mechanisms
- •Regular security assessments and monitoring
- •Employee access limited to those who need it for their role
In the event of a security breach that affects your personal data, we will notify you and relevant authorities as required by applicable law.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated Privacy Policy on our website with a new "Last Updated" date.
Your continued use of the Service after changes are posted constitutes acceptance of the modified Privacy Policy. We encourage you to review this Privacy Policy periodically.
Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us:
Urbanización Marbella, PH La Concha, Apartamento 6-B, Corregimiento de Bella Vista, Distrito de Panamá, Provincia de Panamá, República de Panamá
Related Documents
Terms of Service →