The data controller is Digitivia, a company registered in Egypt (Commercial Register 272529, Cairo Investment Court; Tax ID 773-847-731), located at Building No.1, Chillout Lotus Maxim, 3rd Floor, Fifth Settlement, New Cairo, Egypt. For privacy inquiries, contact privacy@digitivia.com.
This policy explains how Digitivia AI Agent collects, uses, stores, and protects personal and operational data processed through the platform, in compliance with Egypt's Personal Data Protection Law (Law 151/2020) and aligned with the EU General Data Protection Regulation (GDPR).
We process: (a) account data — name, email, password hash, organization name; (b) communication data — messages, conversation metadata, contact details from connected channels (WhatsApp, Messenger, Instagram, Telegram); (c) operational data — agent configurations, knowledge base content, CRM leads, orders; (d) usage data — login timestamps, feature usage, platform metrics; (e) billing data — plan selections, payment metadata (card details are processed directly by Stripe and never stored on our servers).
We process data based on: (a) contract performance — to deliver the AI Agent service you subscribed to; (b) legitimate interest — to improve service reliability, prevent abuse, and generate aggregated analytics; (c) legal obligation — to retain invoices and tax records as required by Egyptian law; (d) consent — for optional features such as push notifications and email alerts, which you can withdraw at any time.
Data is used to deliver services, maintain account security, generate analytics, support automations, troubleshoot issues, and comply with applicable legal obligations.
We use the following third-party processors: (a) Supabase Inc. (United States) — database, authentication, file storage, and Edge Functions; (b) OpenAI Inc. (United States) — AI language model processing with 30-day data retention and no model training on customer data; (c) Hostinger International (Lithuania/US) — n8n workflow automation hosting; (d) Meta Platforms (United States/EU) — WhatsApp Business API, Messenger, and Instagram integrations; (e) Stripe Inc. (United States/EU) — payment processing. Where data is transferred outside Egypt, we rely on standard contractual clauses or equivalent safeguards to ensure adequate protection.
Customer-related data is retained for a maximum of one year from the date of collection or last activity, then permanently deleted from active systems and backups. Billing invoices and tax records are retained for five years as required by Egyptian tax law. Upon account deletion, personal data is removed within 30 days, with anonymized aggregated statistics retained for service improvement.
Under applicable data protection laws, you have the right to: (a) access — request a copy of your personal data; (b) rectification — correct inaccurate or incomplete data; (c) erasure — request deletion of your data (subject to legal retention requirements); (d) data portability — receive your data in a structured, machine-readable format; (e) restriction — limit processing in certain circumstances; (f) objection — object to processing based on legitimate interest. To exercise any of these rights, contact privacy@digitivia.com. We will respond within 30 days.
You have the right to lodge a complaint with the Egyptian Personal Data Protection Center (PDPC) if you believe your data rights have been violated. If you are located in the EU, you may also contact your local data protection authority.