Legal

ESEN

Privacy Policy

Last updated: April 19, 2026

1. Who we are

PAOLA (“we”, “us”, or “the platform”) is a service operated from Mexico that provides an AI agent to handle business conversations on WhatsApp, Instagram, and Messenger, qualify leads, schedule appointments, and follow up with prospects on behalf of its customers (the “Businesses”).

For any questions regarding this Privacy Policy or the processing of your personal data, you can contact us at hola@zerep.mx.

2. Scope

This Policy applies to (i) the Businesses that contract PAOLA and use its tools, dashboard, and API; (ii) visitors to our website; and (iii) end users who interact with a Business through a channel operated by PAOLA (for example, a WhatsApp chat handled by our agent).

3. Data we collect

We may collect and process the following categories of data:

  • Business account data: name, email, phone, company name, billing details, and login credentials.
  • Messaging data: conversation content, phone numbers, Instagram/Messenger identifiers, timestamps, and delivery status, when the Business connects its official channels to our platform.
  • Meta Platform Data: information received through the WhatsApp Business, Instagram Graph, and Messenger APIs (tokens, account IDs, message metadata) needed to provide the service.
  • Usage data: pages visited, product usage events, IP address, device and browser type (via cookies and similar technologies).
  • Communications with us: support requests, emails, forms, and demos.

4. How we use your data

  • Operate, maintain, and improve the PAOLA service.
  • Process and respond to incoming messages on behalf of the Business, qualify leads, and book appointments.
  • Authenticate users, bill, prevent fraud and abuse, and comply with legal obligations.
  • Provide support and communicate service changes.
  • Generate aggregated and anonymized service metrics.

We do not sell your personal data to third parties. We do not use the content of end-user conversations to train third-party AI models or for advertising purposes outside the scope of the Business that contracts us.

5. Legal basis for processing

We process data based on: (i) performance of the contract with the Business that contracts us; (ii) our legitimate interest in operating and securing the platform; (iii) end-user consent where applicable; and (iv) compliance with legal obligations.

6. Compliance with Meta’s policies

PAOLA complies with the Meta Platform Terms and Developer Policies. With respect to data obtained through Meta’s APIs (WhatsApp, Instagram, Messenger):

  • We use Platform Data solely to provide and improve the functionality that the Business has enabled.
  • We do not sell, license, or share Platform Data with data brokers, ad networks, or intermediaries.
  • We do not use Platform Data to build profiles, make decisions affecting users’ rights, for surveillance, or to train general AI models.
  • We retain Platform Data only for as long as it is necessary to provide the service or to comply with legal obligations, and delete it when the Business closes its account or requests deletion.

7. Who we share data with

We share data only with:

  • The Business to which the conversation belongs (as data controller with respect to the end user).
  • Infrastructure providers (hosting, database, email delivery, analytics, payment processing, and AI models) acting as processors under confidentiality and data-processing agreements.
  • Meta Platforms, Inc. to the extent strictly necessary to send and receive messages through its APIs.
  • Competent authorities when required by law.

8. International transfers

Some providers process data outside Mexico (for example, in the United States or the European Union). When this occurs, we adopt reasonable measures to ensure a level of protection equivalent to that required by applicable regulation.

9. Retention

We retain data for the duration of the relationship with the Business and for any additional periods required by applicable law (e.g., tax or commercial). When data is no longer necessary, we delete or anonymize it.

10. Security

We implement reasonable technical and organizational measures: encryption in transit (TLS), role-based access control, access logging, backups, and periodic permission reviews. No system is 100% secure, but we work continuously to protect them.

11. Your rights

If you are in Mexico, you have the right to access, rectify, cancel, or oppose the processing of your data (ARCO rights), as well as to revoke your consent. If you are in another jurisdiction, you may have analogous rights (access, rectification, deletion, portability, restriction).

To exercise them, write to us at hola@zerep.mx with the subject “Privacy rights request”. We will respond within applicable legal deadlines. If you are an end user of a customer Business, we will forward your request to the responsible Business.

12. Cookies and similar technologies

Our site uses first- and third-party cookies for technical and aggregated analytics purposes. You can configure your browser to reject them; some features may be limited.

13. Minors

PAOLA is not directed to children under 13 and we do not knowingly collect data from minors. If you become aware that a minor has provided data to us, please contact us to delete it.

14. Changes to this Policy

We may update this Policy to reflect changes to the service or applicable regulation. We will publish the current version at this same URL, indicating the date of last update.

15. Contact

Data controller: PAOLA.
Contact email: hola@zerep.mx.