This User Data Policy is a plain-language companion to our Privacy Policy. It explains in practical terms what data AssistantLabs collects, how it flows through our systems, where it is stored, and how you can manage or delete it. It is intended for both Customers (businesses using our platform) and their end-users.
Collected when you sign up and maintained throughout your account's lifetime.
| Field | Source | Purpose |
|---|---|---|
| displayName | User input / OAuth provider | Displayed in dashboard, collaboration features |
| User input / OAuth provider | Authentication, notifications, billing receipts | |
| profilePicture | OAuth provider (optional) | Dashboard avatar |
| lastLoginAt | System-generated | Security monitoring, session management |
| settings.language | User preference | Interface localization |
Collected when you add a payment method or subscribe to a plan.
| Field | Source | Purpose |
|---|---|---|
| cardHolderName | Payment form input | Card verification, invoice generation |
| cardHolderId | Payment form input | Israeli tax/invoicing requirements |
| lastFourDigits | Tranzila (tokenized) | Display card on file in dashboard |
| cardType | Tranzila (tokenized) | Display card brand |
| token | Tranzila | Recurring & usage charges (no full card number stored by us) |
| businessName / businessId | Billing settings form | Invoice and receipt generation |
| receiptEmail | Billing settings form | Delivery of receipts and invoices |
| Standing order & usage records (stoId, billing dates, pricing, usage counts) | Tranzila / system | Automated monthly subscription billing and usage-based charges |
Provided by Customers (directly or via the Logos AI configuration assistant) to build and customize their AI assistants.
| Data Type | Source | Purpose |
|---|---|---|
| Business information & guidelines | Customer input / website scan | AI assistant context and personality |
| FAQs | Customer input / website scan | Knowledge base for automated responses |
| Product catalogs | Customer input / import / integration | Product recommendations and info |
| Links & resources | Customer input | Reference URLs shared in conversations |
| Persona, scenarios & labels | Customer input | Tone, conversation routing and categorization |
Contacts are created when end-users interact with assistants or when Customers import/add contacts manually or via an integration.
| Field | Source | Purpose |
|---|---|---|
| firstName / lastName | End-user message, manual entry, import, integration sync | Contact identification |
| phone | Channel identifier (WhatsApp), manual entry | Messaging, contact lookup |
| Manual entry, import, integration sync | Contact record, notifications | |
| notes | Customer input | Free-form CRM notes |
| customFields | Customer-defined | Flexible data storage per business needs |
| labels | Customer assignment | Categorization and filtering |
| source | System-detected | Track contact origin (WhatsApp, Instagram, Messenger, Web, LinkedIn, Wix, Monday.com, Shopify, WooCommerce, import, manual, API) |
| consentStatus / marketingConsent / optedOut | End-user action or Customer input | Privacy compliance and marketing preferences, including WhatsApp template messaging |
| threadIds / channelIds | System-generated | Link conversations to contacts |
| External IDs & synced orders | Integration sync | Cross-platform synchronization (e.g., wixContactId, mondayItemId, WooCommerce/Shopify records) |
| Data Type | Source | Purpose |
|---|---|---|
| Message text & media content | End-user / AI assistant / human agent | Conversation delivery and history |
| Timestamps | System-generated | Message ordering, analytics, 48-hour classification |
| Sender type & direction | System-generated | Automated-vs-human classification, conversation flow |
| Channel metadata & message IDs | Platform APIs | Channel-specific delivery and mapping |
| Data Type | Source | Purpose |
|---|---|---|
| Conversation counts & message volumes | System-generated | Quota tracking, usage-based billing, analytics |
| Session data, IP address, browser/device info | Firebase Analytics | Service improvement, debugging |
| Feature interaction metrics | Firebase Analytics | Product development |
The following diagram illustrates how data flows through the AssistantLabs platform when an end-user sends a message:
Key points:
| Service | Data Stored | Location | Encryption |
|---|---|---|---|
| Google Cloud Firestore | User accounts, assistants, conversations, CRM contacts, configuration | Iowa, USA | At rest (AES-256) + in transit (TLS) |
| Google BigQuery | Aggregated analytics, conversation metrics, Firestore exports | Iowa, USA | At rest (AES-256) + in transit (TLS) |
| Google Cloud Run | Application runtime (no persistent data storage) | Iowa, USA | In transit (TLS) |
| Firebase Authentication | Auth tokens, user identity (email, provider ID) | USA | Google-managed encryption |
| Tranzila (InterSpace) | Tokenized credit-card data, transaction records | Israel | PCI-DSS Level 1 compliant |
AssistantLabs does not sell, rent or trade personal data. Data is shared only with sub-processors as necessary to provide the Service:
Each sub-processor processes data only for the specific purposes outlined above.
Encrypted backups are retained for a rolling 30-day window. Deleted data may persist in backups for up to 30 days before being purged.
When you use AssistantLabs to interact with your own end-users, you are the data controller for their personal data. You are responsible for:
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.2+ on all connections |
| Encryption at rest | AES-256 via Google Cloud default encryption |
| Authentication | Firebase Authentication with secure token management |
| Payment security | PCI-DSS Level 1 (Tranzila) – no full card numbers stored by us |
| Access control | Role-based (viewer, editor, owner) with per-assistant permissions |
| Backups | Encrypted backups with 30-day retention |
| Infrastructure | Hosted on Google Cloud Platform, which maintains enterprise-grade security and SOC 2 / ISO 27001 certifications |
For questions about how your data is handled, to request data export, or to exercise any privacy rights:
AssistantLabs – Legal & Privacy
Email: legal@assistantlabs.io
Address: Ha'Aniya Arinpura 8, Netanya, Israel
We aim to respond to all enquiries within 30 days.