RIAL Wellness Logo
Acceder->

Privacy Policy

Last updated: 2026-02-23

This Privacy Policy explains how we collect, use, and protect personal data when you use our platform and services (the “Service”). It also explains how we handle data accessed via Google APIs (such as Google Sign-In and Google Calendar) when you choose to connect them.

1. Who we are

We provide an AI-assisted platform designed to help businesses manage customer communications and operational workflows through channels such as Instagram and WhatsApp, and optional integrations such as Google Calendar for reservation management.

2. Data we collect

  • Business account identifiers (e.g., Instagram or WhatsApp IDs)
  • Messages sent to the business by end users (message content and metadata)
  • Configuration data required to operate the service
  • Reservation and scheduling data (when you use booking features)
  • Technical data such as logs, timestamps, device/browser information, and IP address (for security)
  • Account data (e.g., email address) if you create an account or sign in using a third-party provider such as Google

3. How we use data

We use data exclusively to provide, operate, secure, and improve the Service, including:

  • Operating the AI assistant features (e.g., generating assisted replies on behalf of the business)
  • Enabling reservation and scheduling workflows
  • Providing support and communicating important service updates
  • Security, abuse prevention, debugging, and service analytics

4. Google APIs (Google Sign-In & Google Calendar)

If you choose to use Google features, we handle Google data as follows:

4.1 Google Sign-In

  • Data received: basic account information needed to authenticate you and create/manage your account, such as your Google account identifier (subject/“sub”) and email address. If enabled in your configuration, this may also include basic profile information (e.g., name and profile photo).
  • Purpose: authentication and account management.

4.2 Google Calendar integration

  • What we do: after you connect Google Calendar, we create a dedicated calendar for your business (if applicable) and create, update, and delete events in that calendar to represent bookings or reservations.
  • Data accessed: calendar and event information required to perform the reservation features (e.g., calendar ID, event IDs, event title/summary, date/time, and related event fields that you configure).
  • Scope minimization: we aim to request and use only the permissions necessary to operate the integration.

4.3 How we use Google data (Limited Use)

  • We use information received from Google APIs only to provide the requested features within our Service (authentication and calendar-based reservations).
  • We do not sell Google user data.
  • We do not use Google user data for advertising, retargeting, or marketing profiling.
  • Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.4 Tokens, storage, and revocation

  • If we store Google OAuth tokens (access and refresh tokens), we protect them using appropriate security measures (e.g., encryption at rest and access controls).
  • Disconnect: you can disconnect Google Calendar at any time from the Service settings. When you disconnect, we stop accessing your Google Calendar and attempt to revoke tokens where applicable.

5. Data sharing

We do not sell personal data. We do not share personal data with third parties except:

  • When necessary to integrate with third-party platforms you connect (e.g., Meta/Instagram/WhatsApp or Google Calendar) to provide the Service
  • With infrastructure and service providers acting on our behalf (e.g., hosting, logging) strictly as needed to operate the Service, under appropriate contractual and security safeguards
  • When legally required (e.g., to comply with applicable law or enforce our rights)

6. Data retention

We retain data only as long as necessary to provide the Service, meet contractual obligations, comply with legal requirements, and maintain security.

  • Conversations and messages: retained for the period needed to operate the Service and may be deleted upon request by the business.
  • Technical logs: retained for a limited period for security, diagnostics, and abuse prevention.
  • Google tokens: retained only while the integration is active or as needed to keep it working; removed when you disconnect (subject to technical constraints).

7. Data security

We implement technical and organizational measures to protect data, including encryption, access controls, and secure infrastructure. No method of transmission or storage is 100% secure, but we strive to protect your data using industry-standard practices.

8. Your rights

You have the right to access, rectify, delete, restrict or object to the processing of your personal data, and to data portability where applicable. To exercise these rights, please contact us.

9. Who is responsible for data processing

The data controller of this Service is Alejandro Mezquíriz, acting as a self-employed professional (sole proprietor) based in Spain.
Address: Navarra, Spain
Email: support@rialproject.com

10. Data protection roles

When a business connects its Instagram or WhatsApp account and uses the Service to communicate with its customers, we process message content and related data on behalf of the business. In this context, the business acts as the data controller and we act as a data processor.

11. Legal basis for processing

We process personal data based on the performance of a contract with the business, our legitimate interest in ensuring the security and proper functioning of the Service, compliance with legal obligations, and user consent where applicable.

12. International data transfers

We may use infrastructure and service providers located outside the European Economic Area. Where required, appropriate safeguards such as Standard Contractual Clauses are applied to protect personal data.

13. Data deletion instructions

Requests for data deletion can be submitted by contacting support@rialproject.com or by following the instructions available at https://rialproject.com/data-deletion.

14. Contact

For privacy-related questions or any requests, contact us at support@rialproject.com.

Note: This document is provided for transparency and product compliance purposes. Depending on your specific legal situation, you may need to adapt it with legal counsel (e.g., if you later add new integrations or change data processing practices).