flametalk
Your Privacy Matters

Privacy Policy

We are committed to protecting your privacy and being transparent about how we handle your data.

Last Updated: January 8, 2025 • Effective Date: January 8, 2025

Ver en Español
Data CollectionHow We Use DataYour RightsSecurity

1. Introduction

Welcome to Flametalk, an AI-powered customer communication platform operated by Hillflare SAPI de CV("Flametalk," "we," "us," or "our"), a company incorporated under the laws of Mexico.

Legal Entity Information:

  • Company Name: Hillflare SAPI de CV
  • RFC: HIL171118IJ9
  • Address: Lomas del Valle #430 Int. 2 Loc. 5, Col. Lomas del Valle, CP 66256, San Pedro Garza García, Nuevo León, México

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and related services (the "Service"). This policy applies to all users of Flametalk, including business customers, their employees, and end-users who interact with AI agents powered by our platform.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

AInformation You Provide Directly

Account Information

  • Name, email address, and password (encrypted)
  • Company/organization name and details
  • Phone number for verification and voice services
  • Billing information and payment details (processed by Stripe)

Business Configuration Data

  • AI agent configurations, prompts, and settings
  • Connected channel credentials (WhatsApp, Voice, Instagram, Messenger)
  • Webhook configurations and API integrations
  • Team member information and role assignments

Contact Lists and Campaign Data

  • Customer contact information you upload or import
  • Campaign configurations and scheduling preferences
  • Message templates and outreach content

BCommunication Data

Messages and Conversations

  • Text messages sent and received through WhatsApp, Instagram, and Messenger
  • Voice call recordings and real-time transcripts
  • Media files (images, documents, voice notes) shared in conversations
  • Message delivery status and read receipts

End-User Information

  • Phone numbers and identifiers of people who contact your business
  • Profile information provided by messaging platforms (name, profile picture)
  • Conversation history and interaction patterns

CAutomatically Collected Information

  • Device information (IP address, browser type, operating system)
  • Usage data (features accessed, time spent, click patterns)
  • Log data (access times, error reports, performance metrics)
  • Cookies and similar tracking technologies (see Cookie Policy below)

AIAI Processing Disclosure

Important: Flametalk uses artificial intelligence (AI) to power automated responses and agent functionality. When you use our Service:

  • Conversation content is processed by AI models (including OpenAI) to generate responses
  • We may use conversation data to improve AI performance and accuracy
  • AI-generated responses are clearly identifiable as automated when required by law
  • You can request human review of AI decisions that significantly affect you

3. How We Use Your Information

Service Delivery

  • • Process and respond to messages via AI agents
  • • Execute voice calls and manage recordings
  • • Run outbound campaigns and workflows
  • • Provide real-time conversation management

Platform Improvement

  • • Analyze usage patterns to improve features
  • • Train and improve AI model performance
  • • Develop new capabilities and services
  • • Monitor system performance and reliability

Security & Compliance

  • • Detect and prevent fraud and abuse
  • • Enforce our terms of service
  • • Comply with legal obligations
  • • Respond to legal requests and protect rights

Business Operations

  • • Process payments and manage billing
  • • Send service updates and notifications
  • • Provide customer support
  • • Communicate important changes

4. Data Sharing and Disclosure

Categories of Service Providers

We share data with carefully selected service providers who help us deliver our Service. All providers are bound by contractual obligations to protect your data and use it only for the purposes specified.

Cloud Infrastructure & Hosting

Data storage, servers, and application deployment services

AI Service Providers

Language model processing, speech recognition, and voice synthesis

Messaging Platform APIs

Integration with WhatsApp, Instagram, and other messaging channels

Voice & Telecommunications Providers

Phone number provisioning, call routing, and telephony services

Payment Processing Services

Secure payment handling and billing management

Analytics & Monitoring Platforms

Performance monitoring, error tracking, and service reliability

All providers are located in jurisdictions that offer adequate data protection or have Standard Contractual Clauses (SCCs) in place for international transfers.

We Never Sell Your Data

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We only share data as necessary to provide our Service or as required by law.

5. Data Retention

Data TypeRetention Period
Account InformationActive + 90 days after deletion
Conversation LogsConfigurable (default: 1 year)
Call RecordingsConfigurable (default: 90 days)
Usage Analytics2 years
Billing Records7 years

6. Data Security

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Sensitive credentials are additionally encrypted at the application layer.

Access Controls

Role-based access controls (RBAC) limit data access to authorized personnel only. All access is logged and auditable.

Monitoring

24/7 security monitoring, intrusion detection, and automated threat response protect against unauthorized access.

Infrastructure

Our infrastructure is hosted on SOC 2 Type II certified providers with regular security audits and penetration testing.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

Right to Data Portability

Receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us at privacy@flametalk.ai. We will respond within 30 days (or sooner if required by applicable law).

8. Mexican Data Protection (LFPDPPP)

As a Mexican company, we comply with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its regulations.

ARCO Rights

Under Mexican law, you have ARCO rights (Acceso, Rectificación, Cancelación, Oposición):

  • Acceso: Access your personal data we hold
  • Rectificación: Correct inaccurate or incomplete data
  • Cancelación: Request deletion of your data
  • Oposición: Object to processing of your data

To exercise ARCO rights, send a written request to privacy@flametalk.ai including: your full name, contact information, description of the data concerned, and the right you wish to exercise. We will respond within 20 business days.

9. International Privacy Compliance

European Union (GDPR)

If you are in the EU/EEA, we process your data under the following legal bases:

  • Contract: Processing necessary to provide our Service
  • Legitimate Interest: Analytics, security, and service improvement
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

For international transfers, we use Standard Contractual Clauses (SCCs) approved by the European Commission.

California (CCPA/CPRA)

California residents have additional rights under CCPA/CPRA:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

10. Meta Platform Integration

When you connect WhatsApp, Instagram, or Messenger to Flametalk:

  • We access your business account through Meta's official APIs using OAuth 2.0 authentication
  • We process messages sent to and from your business accounts
  • We store message content and metadata to provide AI agent functionality
  • We subscribe to webhooks to receive real-time message notifications
  • We comply with Meta Platform Terms, WhatsApp Business Policy, and Commerce Policy

Note: Meta's Privacy Policy also applies to data collected through their platforms. By connecting your accounts, you acknowledge that both our Privacy Policy and Meta's Privacy Policy govern the use of your data.

11. Voice Calls and Recording

When you use our voice calling features:

  • Calls may be recorded for quality assurance, training, and compliance purposes
  • Real-time transcription is performed to enable AI agent responses
  • You are responsible for providing appropriate notice and obtaining consent from call participants as required by applicable law
  • Recordings are stored securely and retained according to your configured settings
  • You can disable call recording in your channel settings

Important: Many jurisdictions require two-party consent for call recording. It is your responsibility to ensure compliance with local recording consent laws.

12. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential: Maintain your session and remember your preferences
  • Analytics: Understand how you use our Service to improve it
  • Performance: Monitor and optimize platform performance

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Service.

13. Children's Privacy

Our Service is designed for businesses and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@flametalk.ai, and we will take steps to delete such information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying a notice in our application

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Hillflare SAPI de CV

Lomas del Valle #430 Int. 2 Loc. 5
Col. Lomas del Valle, CP 66256
San Pedro Garza García, Nuevo León
México

Privacy Contact

Summary

We Protect Your Data

Industry-standard encryption and security measures

We're Transparent

Clear information about how we use your data

You're In Control

Exercise your rights at any time

Privacy Policy | Flametalk | Flametalk