Privacy Policy

Last updated: June 11, 2026 | Effective date: June 11, 2026

    Key principle: We collect only what we need to run the service, store it securely, never sell it, and give you control over your data. We do not use your data to train AI models for other customers.
  

1. Who We Are

WebXess, Inc. DBA WEBii ("WEBii," "we," "our," or "us") is a Texas corporation providing AI-powered customer relationship management, lead qualification, appointment scheduling, messaging automation, and related business services (collectively, the "Services"). Our registered office is in Texas.

Contact: legal@webii.net | Web: crm.webii.net

2. What Information We Collect

We collect information in three categories:

2.1 Information You Provide Directly

Account information: Business name, contact name, email address, password hash, phone number, billing address.
Billing information: Payment card tokens (not raw card numbers — these are tokenized by our payment gateway partner), billing address, transaction history.
CRM data: Lead records, customer names, emails, phone numbers, appointment details, notes, and tags you create or import.
Knowledge base content: Questions, answers, documents, and URLs you upload to train your AI chatbot.
Widget configuration: Website URLs, branding settings, welcome messages, and chatbot behavior rules.

2.2 Information Collected Automatically

Usage data: Log files, IP addresses, browser type, device type, operating system, timestamps, pages visited, and feature usage.
Chatbot conversation logs: Transcripts of conversations between your website visitors and your AI chatbot, including visitor messages and AI responses.
AI processing data: When the AI checks your calendar for availability, reads knowledge base entries, or creates calendar events, we log those API calls for service operation and debugging.
Cookies and similar technologies: Session cookies, analytics cookies, and security tokens. See Section 7.

2.3 Information from Third-Party Integrations

Google Calendar: When you connect your Google Calendar, we access event titles, descriptions, start/end times, attendees, and availability data. We create events on your behalf when visitors book appointments. OAuth tokens are stored encrypted. Limited Use disclosure: see Section 11.
Messaging channels: If you connect WhatsApp, Instagram, Facebook Messenger, or SMS, we access message content, sender identifiers, and delivery status through those platforms' APIs.
Payment processor: Our payment gateway partner processes your payments. We receive tokenized card references and transaction confirmations, never raw card numbers.

3. How We Use Your Information

We use the information we collect for these specific purposes:

To provide the Services: Running your AI chatbot, checking calendar availability, booking appointments, sending messages, storing leads, and displaying your CRM dashboard.
To bill and collect payment: Processing subscription charges, trial verification, and sending invoices and receipts.
To maintain and improve: Debugging, monitoring service health, analyzing usage patterns, and improving features. This may include using aggregated, de-identified data.
To communicate with you: Service notifications, billing alerts, security notices, and support responses.
To enforce our agreements: Detecting fraud, abuse, unauthorized access, and violations of our Terms of Service.
For legal compliance: Responding to lawful requests, subpoenas, or court orders.

    What we do NOT do: We do not sell your personal information. We do not use your data for advertising to you or your customers. We do not use your private business data or customer conversations to train general-purpose AI models that benefit other users.
  

4. Data Sharing and Disclosure

We share data only in these limited circumstances:

Service providers: We use trusted third-party vendors for hosting, payment processing, email delivery, analytics, and AI model inference. Each is bound by contractual obligations to process data only on our behalf and under strict confidentiality.
Legal requirements: When required by law, regulation, valid legal process, or to protect our rights, property, or safety.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data would be transferred subject to the same privacy commitments.
With your consent: When you explicitly authorize sharing, such as connecting a third-party integration.

5. Data Security

We implement industry-standard technical and organizational security measures, including:

Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2 or higher.
Encryption at rest: Sensitive data, including OAuth tokens and password hashes, is encrypted using AES-256.
Access controls: Role-based access, multi-factor authentication for staff, and least-privilege principles.
Regular audits: Security reviews, vulnerability scanning, and monitoring for unauthorized access.
Incident response: Documented procedures for detecting, containing, and notifying affected parties of security incidents.

    Important: No internet-based system is completely secure. You are responsible for maintaining strong passwords, enabling two-factor authentication where available, and promptly reporting any suspected unauthorized access. See our Terms of Service for the full allocation of security risk.
  

6. Data Retention and Deletion

Active accounts: We retain your data as long as your account is active or as needed to provide the Services.
Account cancellation: Upon cancellation, we begin deleting your data within 30 days. Some data may be retained longer if required by law or for legitimate business purposes (e.g., billing records, fraud prevention).
Conversation logs: Chatbot transcripts are retained for the duration of your subscription plus 90 days for support and debugging, unless you delete them earlier.
Backups: Data in backup systems may persist up to 90 days after deletion from production systems.
Google Calendar tokens: Retained until you disconnect your calendar or close your account.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential cookies: Session management, authentication, and security (Cloudflare Turnstile).
Functional cookies: Remembering preferences and settings.
Analytics cookies: Understanding how users interact with our platform to improve it. We do not use cookies for cross-site tracking or advertising.

You can control cookies through your browser settings. Disabling essential cookies may impair site functionality.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

Access and portability: Request a copy of your data. Contact legal@webii.net.
Correction: Update your account information in your CRM dashboard.
Deletion: Cancel your account to initiate data deletion. Some data may be retained as described in Section 6.
Revoke integrations: Disconnect Google Calendar, messaging channels, or other integrations at any time in your dashboard.
Opt out of communications: Unsubscribe from non-essential emails using the link in each message.

We will respond to valid requests within 30 days. We may require identity verification before processing sensitive requests.

9. Children's Privacy

The Services are intended for business use and are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us immediately and we will delete it.

10. International Data Transfers

Your data may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate. By using the Services, you consent to this transfer. We implement appropriate safeguards for cross-border data transfers, including contractual protections and data processing agreements consistent with applicable law.

11. Google API Limited Use Disclosure

WEBii's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only request the minimum Google OAuth scopes necessary (Google Calendar read/write).
We do not transfer Google user data to third parties except as needed to provide the Services.
We do not use Google user data for advertising purposes or to train general AI models.
Users may revoke access at any time via their Google Account permissions page or in the CRM dashboard.

12. AI and Automated Decision-Making

Our Services use artificial intelligence to generate chatbot responses, qualify leads, and suggest appointment times. You acknowledge that:

AI-generated outputs may contain errors, inaccuracies, or inappropriate content.
You are solely responsible for reviewing and verifying all AI outputs before relying on them or sharing them with your customers.
We do not make binding automated decisions about you that produce legal or similarly significant effects without human involvement.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and the CRM dashboard at least 30 days before taking effect, unless immediate changes are required for legal compliance or security. Your continued use of the Services after changes constitutes acceptance.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

WEBii / WebXess, Inc.
Email: legal@webii.net
Web: crm.webii.net