Versão Portuguesa
AI Solutions Logo

Privacy Policy

Last updated: 14/07/2025

1. Identification

AI Solutions is a technology service provided by Tec2GO Solutions, Lda., a company legally incorporated in Portugal, headquartered at Rua Pedro Ivo 11-A 1700-313 Lisbon.

Contacts:
- Email: [email protected]
- Phone: +351 914 169 741
- Address: Rua Pedro Ivo 11-A 1700-313 Lisbon

2. Data Collected

Through our integration with Meta's official API (Facebook/Instagram), we collect and process the following data from end users:

  • Public Profile Data: Username, Profile picture, Unique user ID
  • Communication Content: Direct message text, Images, videos, and other media files, Interaction timestamps
  • Comment Content: Public comment text, Replies to comments, Comment date and time
  • Technical Identifiers: Instagram/Facebook user IDs, Page and business account IDs, Access tokens

3. Purpose of Collection

  • Operation of automated chatbot services
  • Automated comment moderation
  • Automated message responses
  • Technical performance analysis

Important: AI Solutions acts as a data processor. The owner of the Instagram/Facebook page/account (our client) is the data controller and determines the purposes of processing.

4. Legal Basis

  • Performance of contract with the page/account owner
  • Legitimate interests for providing technology services
  • User consent when interacting with accounts using our services

5. Collection Method

Data is obtained exclusively through Meta's official API, after the page/account owner has granted us the necessary permissions via the official OAuth authorization process.

  • We do not collect data via web scraping, unauthorized methods, or direct access to user accounts.

6. Storage and Security

  • Location: Data is securely stored in a PostgreSQL database hosted on servers located in the European Union (GDPR compliant)
  • Measures: Encryption in transit and at rest, restricted access, continuous monitoring, secure backups
  • Retention: Messages and comments retained while the service is active, tokens renewed/deleted, logs for 90 days

7. Data Sharing

We do not share end user data with third parties. Data is only disclosed if required by law, to protect rights, or with explicit consent.

8. User Rights

  • Access, rectification, erasure, restriction, portability, and objection

To exercise your rights, contact the page/account owner or [email protected]. Response time: maximum 30 days.

9. Minors

Services are for users aged 13+. We do not intentionally process data of children under 13.

10. International Transfers

Data is processed within the EU. Any international transfer will be carried out with appropriate safeguards.

11. Privacy Contact

Data Protection Officer: [email protected]
Address: Rua Pedro Ivo 11-A 1700-313 Lisbon

Supervisory Authority: CNPD - www.cnpd.pt | [email protected]

12. Changes

This policy may be updated occasionally. Changes will be published on this page with the date of the last update.

13. Automated Decision Making and AI Processing

Our service uses artificial intelligence and automated systems to process your data:

  • Automated Responses: AI systems automatically generate responses to messages and comments
  • Content Moderation: Automated systems may hide, approve, or flag content based on predefined rules
  • Intent Classification: Messages are automatically categorized (query, spam, praise, etc.)
  • Human Oversight: All automated decisions can be reviewed and overridden by human operators
  • Right to Review: You can request human review of any automated decision affecting you
  • Opt-out Rights: You can request to opt-out of automated processing by contacting the page owner

Legal Basis: Legitimate interests for service functionality, with safeguards for your rights and freedoms.

14. Real-time Data Processing

  • Webhook Integration: We receive real-time notifications when you interact with connected accounts
  • Immediate Processing: Your messages and comments are processed within seconds for automated responses
  • Temporary Caching: Data may be temporarily cached (up to 24 hours) for performance optimization
  • Processing Logs: All automated actions are logged with timestamps for audit purposes
  • Response Time: Our systems respond to interactions within 30 seconds as required by Meta policies

15. Meta Platform Integration

  • Meta API Compliance: All data processing complies with Meta's Platform Terms and Data Policy
  • Token Management: Access tokens are securely stored and automatically renewed as required
  • Platform Changes: Data processing may be updated to comply with Meta platform changes
  • Account Linking: We may process data across linked Facebook and Instagram business accounts
  • API Limitations: Data availability subject to Meta's API access policies and rate limits

Detailed Retention Policy

  • Message Data: Retained while service is active, deleted within 30 days after service termination
  • Comment Data: Processed in real-time, stored for 90 days for quality assurance
  • Processing Logs: Retained for 12 months for technical analysis and compliance
  • Access Tokens: Automatically refreshed, invalid tokens deleted immediately
  • Audit Trails: Security and compliance logs retained for 7 years as required by law

International Data Transfers

  • Primary Processing: All data processed within the European Union
  • Meta Integration: Some data may transit through Meta's global infrastructure
  • Adequacy Decisions: Transfers only to countries with EU adequacy decisions
  • Standard Contractual Clauses: Used when adequacy decisions unavailable
  • Additional Safeguards: Encryption and access controls applied to all transfers

16. Facebook and Instagram Comment Management (Meta Platform Permissions)

Effective: 19/07/2025

Scope: This section applies when page owners grant our application specific Meta permissions for comment and engagement management.

16.1 Specific Meta Permissions Used

Our application requests the following Meta API permissions:

  • pages_read_user_content - Read visitor posts, comments, and ratings on Facebook Pages
  • pages_manage_engagement - Create, edit, hide, or delete comments on Facebook Pages
  • pages_read_engagement - Read Page posts, reactions, and follower data
  • instagram_business_basic - Read Instagram Business account profile information
  • instagram_business_manage_comments - Create, hide, delete, or reply to Instagram comments
  • pages_messaging - Manage Page conversations in Messenger
  • pages_show_list - Display list of Pages a person manages
  • pages_manage_metadata - Subscribe to webhooks about Page activity

16.2 Additional Data Categories for Comment Management

When these permissions are granted, we additionally process:

  • Comment metadata: Comment IDs, parent comment IDs, reply threads
  • User identifiers: Usernames of comment authors, profile picture URLs
  • Engagement data: Reaction counts, like/share/comment timestamps
  • Media references: URLs of images/videos attached to comments
  • Mention data: Tags and mentions in comments and Instagram Stories

16.3 Comment-Specific AI Processing

  • Contextual responses: AI analyzes original post content and comment text to generate relevant customer service responses
  • Spam detection: Automated classification of promotional, inappropriate, or off-topic comments
  • Intent analysis: Comments are categorized (customer inquiry, complaint, praise, spam) for appropriate routing
  • Auto-moderation: Flagged content is automatically hidden pending human review
  • Human oversight: All automated comment actions can be reviewed and overridden by page administrators

16.4 User Rights for Comment Data

Deletion requests: Any Facebook or Instagram user whose comments are processed by our system may request deletion by:

  • Email: [email protected] (include comment URL or text)
  • Response time: Maximum 30 days
  • Scope: We will delete comment content, metadata, and associated processing logs from our systems

Appeal process: Users can request human review of any automated moderation decisions affecting their comments.

16.5 Comment Data Retention

  • Comment content: Stored for maximum 90 days for quality assurance and customer service
  • Comment metadata: Retained for 90 days for analytics and moderation audit trails
  • Processing logs: Comment-related automated actions logged for 12 months for compliance
  • Upon deletion request: All associated data permanently removed within 30 days

16.6 Technical Implementation

  • Webhook security: All Meta webhook payloads validated using SHA-256 signatures
  • Real-time processing: Comments processed within 30 seconds as required by Meta policies
  • Access control: Comment data access restricted to authorized customer service functions only
  • Encryption: Comment content encrypted at rest and in transit

AI Solutions - A service by Tec2GO Solutions, Lda.
Smart technology for automated communication