User Data Policy

Effective Date: 16 June 2026  |  Version 2.0

1. Purpose of This Document

This User Data Policy is a plain-language companion to our Privacy Policy. It explains in practical terms what data AssistantLabs collects, how it flows through our systems, where it is stored, and how you can manage or delete it. It is intended for both Customers (businesses using our platform) and their end-users.

2. Data Categories in Detail

2.1 Account & Profile Data

Collected when you sign up and maintained throughout your account's lifetime.

FieldSourcePurpose
displayNameUser input / OAuth providerDisplayed in dashboard, collaboration features
emailUser input / OAuth providerAuthentication, notifications, billing receipts
profilePictureOAuth provider (optional)Dashboard avatar
lastLoginAtSystem-generatedSecurity monitoring, session management
settings.languageUser preferenceInterface localization

2.2 Billing & Payment Data

Collected when you add a payment method or subscribe to a plan.

FieldSourcePurpose
cardHolderNamePayment form inputCard verification, invoice generation
cardHolderIdPayment form inputIsraeli tax/invoicing requirements
lastFourDigitsTranzila (tokenized)Display card on file in dashboard
cardTypeTranzila (tokenized)Display card brand
tokenTranzilaRecurring & usage charges (no full card number stored by us)
businessName / businessIdBilling settings formInvoice and receipt generation
receiptEmailBilling settings formDelivery of receipts and invoices
Standing order & usage records (stoId, billing dates, pricing, usage counts)Tranzila / systemAutomated monthly subscription billing and usage-based charges

2.3 Assistant Configuration Data

Provided by Customers (directly or via the Logos AI configuration assistant) to build and customize their AI assistants.

Data TypeSourcePurpose
Business information & guidelinesCustomer input / website scanAI assistant context and personality
FAQsCustomer input / website scanKnowledge base for automated responses
Product catalogsCustomer input / import / integrationProduct recommendations and info
Links & resourcesCustomer inputReference URLs shared in conversations
Persona, scenarios & labelsCustomer inputTone, conversation routing and categorization

2.4 CRM Contact Data

Contacts are created when end-users interact with assistants or when Customers import/add contacts manually or via an integration.

FieldSourcePurpose
firstName / lastNameEnd-user message, manual entry, import, integration syncContact identification
phoneChannel identifier (WhatsApp), manual entryMessaging, contact lookup
emailManual entry, import, integration syncContact record, notifications
notesCustomer inputFree-form CRM notes
customFieldsCustomer-definedFlexible data storage per business needs
labelsCustomer assignmentCategorization and filtering
sourceSystem-detectedTrack contact origin (WhatsApp, Instagram, Messenger, Web, LinkedIn, Wix, Monday.com, Shopify, WooCommerce, import, manual, API)
consentStatus / marketingConsent / optedOutEnd-user action or Customer inputPrivacy compliance and marketing preferences, including WhatsApp template messaging
threadIds / channelIdsSystem-generatedLink conversations to contacts
External IDs & synced ordersIntegration syncCross-platform synchronization (e.g., wixContactId, mondayItemId, WooCommerce/Shopify records)

2.5 Conversation & Message Data

Data TypeSourcePurpose
Message text & media contentEnd-user / AI assistant / human agentConversation delivery and history
TimestampsSystem-generatedMessage ordering, analytics, 48-hour classification
Sender type & directionSystem-generatedAutomated-vs-human classification, conversation flow
Channel metadata & message IDsPlatform APIsChannel-specific delivery and mapping

2.6 Technical & Analytics Data

Data TypeSourcePurpose
Conversation counts & message volumesSystem-generatedQuota tracking, usage-based billing, analytics
Session data, IP address, browser/device infoFirebase AnalyticsService improvement, debugging
Feature interaction metricsFirebase AnalyticsProduct development

3. Data Processing Flow

The following diagram illustrates how data flows through the AssistantLabs platform when an end-user sends a message:

End-User → Channel (WhatsApp / Instagram / Messenger / Web Chat / LinkedIn)

Channel API (Meta / LinkedIn) → AssistantLabs Backend (Google Cloud Run, Iowa, USA)

Message stored in Firestore → AI Processing via AI Provider API (OpenAI / Anthropic / Google)

AI Response → AssistantLabs Backend → Channel API → End-User

Aggregated analytics logged to BigQuery

Key points:

4. Storage Infrastructure

ServiceData StoredLocationEncryption
Google Cloud FirestoreUser accounts, assistants, conversations, CRM contacts, configurationIowa, USAAt rest (AES-256) + in transit (TLS)
Google BigQueryAggregated analytics, conversation metrics, Firestore exportsIowa, USAAt rest (AES-256) + in transit (TLS)
Google Cloud RunApplication runtime (no persistent data storage)Iowa, USAIn transit (TLS)
Firebase AuthenticationAuth tokens, user identity (email, provider ID)USAGoogle-managed encryption
Tranzila (InterSpace)Tokenized credit-card data, transaction recordsIsraelPCI-DSS Level 1 compliant

5. Third-Party Data Sharing

AssistantLabs does not sell, rent or trade personal data. Data is shared only with sub-processors as necessary to provide the Service:

Each sub-processor processes data only for the specific purposes outlined above.

6. Retention & Deletion

6.1 Customer-Controlled Deletion

6.2 Post-Termination

6.3 Backup Retention

Encrypted backups are retained for a rolling 30-day window. Deleted data may persist in backups for up to 30 days before being purged.

7. Customer Responsibilities

When you use AssistantLabs to interact with your own end-users, you are the data controller for their personal data. You are responsible for:

8. Data Security Summary

MeasureImplementation
Encryption in transitTLS 1.2+ on all connections
Encryption at restAES-256 via Google Cloud default encryption
AuthenticationFirebase Authentication with secure token management
Payment securityPCI-DSS Level 1 (Tranzila) – no full card numbers stored by us
Access controlRole-based (viewer, editor, owner) with per-assistant permissions
BackupsEncrypted backups with 30-day retention
InfrastructureHosted on Google Cloud Platform, which maintains enterprise-grade security and SOC 2 / ISO 27001 certifications

9. Questions & Contact

For questions about how your data is handled, to request data export, or to exercise any privacy rights:

AssistantLabs – Legal & Privacy
Email: legal@assistantlabs.io
Address: Ha'Aniya Arinpura 8, Netanya, Israel

We aim to respond to all enquiries within 30 days.