Privacy Policy

1. Who this Policy applies to

This Privacy Policy applies to:

• visitors to our website
• businesses and users who create an account or use the Service
• individuals who interact with a OneTwoAgent-powered chat widget, booking page, meeting flow, or messaging channel operated by one of our customers

If you are an end customer interacting with a business that uses OneTwoAgent, that business may separately control some of the information collected through its workspace. In those cases, OneTwoAgent acts as a service provider or processor on behalf of that business for the data processed through the workspace.

2. Information we collect

We collect the following categories of information.

2.1 Account and workspace information

When you create an account or use the Service, we may collect:

• name
• email address
• business or company name
• workspace settings
• authentication credentials and encrypted passwords
• billing-related information processed by our payment providers

2.2 Business content and configuration

When you configure the Service, we may collect and process:

• website URLs you provide
• website content imported into the workspace
• knowledge sources you upload or connect
• text, documents, files, spreadsheets, and other materials you add to your workspace
• catalog data, services, staff, locations, resources, pricing, durations, and booking rules
• bot, widget, and automation settings
• prompt, routing, and handoff configuration

2.3 Conversation and lead data

When the Service is used for chat, messaging, or booking, we may collect and process:

• chat conversations between your business and end users
• customer or lead contact details collected during the conversation, such as name, email address, phone number, and related booking details
• conversation metadata such as timestamps, channel, message status, and handoff status
• qualification answers, booking intent, routing signals, and next-step outcomes

2.4 Booking and meeting data

When booking, scheduling, or meeting features are used, we may collect and process:

• booking requests
• appointment and meeting details
• service, meeting type, location, staff, and availability information
• meeting links and calendar-related metadata
• schedule and booking confirmations, reminders, and updates

2.5 Connected service data

When you connect third-party services, we may access and process only the data needed to provide the feature you enable.

This may include:

• Google account information necessary to identify the connected account
• Google Calendar availability and event data
• Google Docs, Google Sheets, Google Drive files, or other Google Workspace content selected by you
• WhatsApp, Instagram, Telegram, or other messaging data processed through enabled integrations
• Zoom or Google Meet related meeting data when enabled in your workspace

2.6 Technical and usage data

We may automatically collect:

• IP address
• browser type and version
• device and operating system information
• log data
• analytics and usage information
• cookie and session data

3. How we use information

We use personal data only as necessary to operate, secure, support, and improve the Service and its user-facing features.

We may use information to:

• provide, operate, and maintain the Service
• authenticate users and secure accounts
• configure and run chat, booking, qualification, handoff, and support workflows
• process conversations and generate AI-assisted responses within the workspace
• import, sync, index, refresh, and use knowledge sources selected by you
• display or update booking, meeting, staff, location, catalog, and scheduling information
• send booking confirmations, reminders, notifications, and operational messages
• support handoff from AI to human team members
• provide customer support and respond to requests
• process payments and billing
• monitor security, prevent abuse, investigate incidents, and enforce our terms
• improve the reliability, safety, and user-facing performance of the Service
• comply with legal obligations

We do not sell personal data.

4. Google API services and Google user data

If you connect Google services to OneTwoAgent, we access and use Google user data only to provide the specific Google-enabled features you choose inside the Service.

4.1 Google account information

We may use basic Google account information, such as your account identifier and email address, to:

• identify the connected Google account
• display the connection status in your workspace
• manage authentication and integration settings

4.2 Google Calendar data

If you connect Google Calendar, we may access calendar data needed to:

• read availability and scheduling information
• support booking, meeting, and availability workflows
• create, update, or cancel calendar events when requested by the user
• support automatic meeting setup, including Google Meet links when applicable
• keep staff availability and booking logic aligned

4.3 Google Docs, Sheets, Drive, and other selected Google Workspace content

If you connect Google Docs, Google Sheets, Google Drive, or related Google Workspace content, we may access only the documents, files, or data selected by you to:

• import knowledge sources into your workspace
• sync updates to those selected knowledge sources
• answer questions inside the Service using those selected sources
• support catalog, workflow, and business knowledge features requested by you

4.4 How we limit use of Google user data

We use Google user data only to provide or improve user-facing features that are prominent in OneTwoAgent.

We do not use Google user data for:

• advertising
• selling data
• unrelated profiling
• surveillance
• training, fine-tuning, or improving generalized or foundation AI or machine learning models

We do not transfer Google user data to third parties except as necessary to provide the user-facing features you enable, to comply with law, or as otherwise permitted by Google's policies.

If we change the way we access or use Google user data, we will update this Privacy Policy and, where required, request consent before using Google user data in the new way.

5. AI processing

OneTwoAgent uses AI-assisted systems to help businesses answer questions, qualify leads, support booking, provide handoff context, and perform other user-facing workspace functions.

When AI features are used:

• workspace content, conversation content, and connected knowledge sources may be processed to generate responses or workflow actions within the Service
• AI processing is limited to the business's configured use cases inside the workspace
• Google Workspace data connected to the Service is not used to train generalized or foundation AI or machine learning models

Where possible, we limit processing to the information needed to provide the requested feature.

6. Lawful bases for processing

Where GDPR or similar laws apply, we process personal data on one or more of the following bases:

• Contract: to provide the Service you requested
• Legitimate interests: to secure, maintain, improve, and support the Service
• Consent: where required, including for certain cookies or optional integrations
• Legal obligation: to comply with applicable laws, tax, accounting, or regulatory requirements

7. Cookies and similar technologies

We use cookies and similar technologies for:

• authentication and session management
• security and fraud prevention
• remembering user preferences
• analytics and product usage measurement
• performance and reliability monitoring

Where required by law, we request consent before using non-essential cookies.

8. How we share information

We do not sell personal data. We may share data only in the following situations.

8.1 Service providers and subprocessors

We may share data with trusted service providers that help us operate the Service, such as providers for:

• AI processing
• hosting and infrastructure
• analytics and logging
• email delivery
• payment processing
• customer support and security operations

These providers may process data only on our instructions and only as necessary to provide the relevant service to us.

8.2 Third-party integrations enabled by you

If you connect Google, WhatsApp, Instagram, Telegram, Zoom, or other third-party services, information may be shared as necessary to provide those integrations and the user-facing features you enable.

8.3 Workspace-controlled sharing

If you use OneTwoAgent as a business customer, information may be visible to users you authorize inside your workspace, including administrators, staff members, and team members based on the permissions you configure.

8.4 Legal reasons

We may disclose information if required by law or if reasonably necessary to:

• comply with legal obligations
• respond to lawful requests from public authorities
• enforce our terms
• protect our rights, users, or the security of the Service
• investigate fraud, abuse, or security incidents

8.5 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, data may be transferred as part of that transaction, subject to appropriate safeguards.

9. International data transfers

Your data may be processed in countries outside your country of residence, including outside the European Economic Area.

When we transfer personal data internationally, we use appropriate safeguards where required by law, including contractual protections such as Standard Contractual Clauses or equivalent lawful transfer mechanisms.

10. Data storage and security

We take reasonable and appropriate technical and organizational measures to protect personal data.

These measures may include:

• encryption in transit using TLS
• encryption of sensitive credentials and tokens
• access controls and authentication
• role-based permissions
• logging and monitoring
• backups and recovery measures
• security reviews and incident response processes

No method of transmission or storage is completely secure, but we work to protect data appropriately for the nature of the Service.

11. Data retention

We retain data only for as long as needed for the purposes described in this Privacy Policy unless a longer retention period is required by law.

Unless a different retention period is required or configured:

• account and workspace data are retained while the account is active and for a limited period after closure as needed for support, recovery, and legal compliance
• conversation data may be retained for up to 12 months unless deleted earlier by the customer or required longer for security or legal reasons
• billing and transaction records may be retained for up to 7 years or as required by law
• imported knowledge sources and connected content may be retained while connected or present in the workspace and for a limited period afterward as needed for synchronization, backups, and legal compliance
• logs and security records may be retained for a limited period as necessary for fraud prevention, abuse prevention, and system reliability

12. Your rights

Depending on your location, you may have rights regarding your personal data, including the right to:

• access your personal data
• correct inaccurate data
• delete data
• restrict or object to certain processing
• receive a copy of your data in a portable format
• withdraw consent where processing is based on consent
• lodge a complaint with a supervisory authority

To exercise privacy rights, contact us at privacy@onetwoagent.com.

If you are an end customer interacting with a business that uses OneTwoAgent, you may also need to contact that business directly, because it may control the relevant workspace data.

13. Children's privacy

The Service is not intended for children under 16 and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will update the "Last updated" date and, where required, provide additional notice through the Service or by email. If changes affect how we use Google user data, we will update disclosures and request consent where required before using that data in the new way.

15. Contact us

For privacy-related questions or requests, contact: