Privacy Policy

Kweekly is a multi-tenant AI-agent platform operated by Kinetia (Mexico). Business customers (“Customers”) provision conversational agents that talk to the Customers’ own end customers over WhatsApp, Telegram and an embeddable web chat widget, and publish content to social networks.

Controller vs. processor. For Customer account data (users, billing, usage telemetry) Kinetia is the data controller. If you interact with an AI agent operated for one of our business customers (for example, via WhatsApp), that business is the data controller and we process your data on its behalf under a data processing agreement. Privacy requests should be directed to that business first; we will assist it in fulfilling them.

• To operate the conversational agents our Customers configure (necessary purpose).
• To manage conversations, quotes and follow-ups on the Customer’s behalf.
• To operate accounts, billing, support and platform security.
• To comply with legal obligations.
• Quality improvement through aggregated, de-identified analysis (voluntary purpose — you may object at privacidad@kinetia.mx).

We use third-party AI models (e.g., OpenAI; or an alternative provider chosen and contracted by the business customer) to classify intents, generate responses, transcribe voice notes, describe images and embed documents for retrieval. Your conversation content is sent to these providers solely to produce the response. We do not use your data, nor permit our AI providers to use it, to train generalized AI models. Where a business customer brings its own AI provider credentials, that provider acts under the business customer’s instructions.

Human oversight is built into the platform: conversations are escalated to a human when the agent’s confidence is low or a complaint is detected, any conversation can be taken over by a human operator at any time, and AI-generated social content is only published after explicit human approval.

We share personal data only with the service providers needed to run the platform — hosting, messaging delivery (Meta, Telegram), AI providers, media storage — listed in our subprocessor register. We do not sell or share personal information as defined by the CCPA/CPRA, and we act as a “service provider” with respect to personal information processed on behalf of our business customers.

Our infrastructure and several subprocessors are located outside Mexico (including the United States). Transfers are protected by contractual clauses imposing data-protection obligations consistent with this policy and applicable law.

We retain personal data only while a purpose or legal obligation subsists, per our retention and deletion policy. Upon termination of a customer agreement, we make customer data available for export, after which personal data is deleted from production systems and ages out of encrypted backups with the backup rotation cycle, except where retention is required by law.

Customer data is logically isolated per tenant: every database query and background task is scoped by a company identifier derived from the authenticated session, never from request input. Channel, AI-provider and connector credentials are encrypted at rest and decrypted only at call time; they are never written to conversation state or logs. Traffic is encrypted in transit (TLS). Webhooks are authenticated per tenant and signature-verified.

• Mexico (LFPDPPP): access, rectification, cancellation, opposition (ARCO) and consent revocation — see the aviso de privacidad for the procedure and statutory deadlines.
• United States (state privacy laws): depending on your state — know / access, delete, correct, portability, opt out of sale/share/targeted advertising, limit use of sensitive personal information, and appeal. You may exercise these rights by emailing privacidad@kinetia.mx. We will verify your identity, respond within 45 days, and explain how to appeal if we decline your request. We honor opt-out preference signals such as Global Privacy Control where required. We will not discriminate against you for exercising your rights.
• End customers of our business customers: we forward your request to the responsible business without undue delay and execute its instructions.

Messaging opt-out: reply STOP (or BAJA) on the channel to stop business-initiated messages at any time; reply START (ALTA) to resume.

Kweekly is a business tool and is not directed to children. We do not knowingly process personal data of minors; if we learn that a minor’s data was collected without valid authorization, we will delete it.

The dashboard keeps authentication tokens in session storage and sets no advertising or analytics cookies. Our embeddable chat widget does not set advertising or analytics cookies on our customers’ websites; it uses a single first-party identifier strictly necessary to maintain your conversation. Details in the cookie policy.

Meta Platforms. Where agents operate over WhatsApp, Instagram or Facebook, we receive message identifiers and content through Meta’s Business APIs and use them solely to deliver the conversational service configured by the business customer. Data deletion: you may request deletion of your conversation data via privacidad@kinetia.mx or through the responsible business.

Google API Services. If and where Kweekly uses Google APIs, Kweekly’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide the features you explicitly enable, never for advertising, and never transfer it except as necessary to provide those features, for security, or to comply with law.

We review this policy at least every 12 months and post updates on this page with a new version and date. Contact for privacy matters (including authorities): privacidad@kinetia.mx.