Privacy Policy
Last updated: June 24, 2026
1. Controller details
This Privacy Policy describes how Arenix Ltd. ("we", "us", "our") processes personal data when you use Agent I.
Controller details (to be completed):
Legal entity: Arenix Ltd.
EIK/BULSTAT: 208781058
Registered address: Varna, Bulgaria
Contact email: support@arenix.info
Privacy contact: support@arenix.info
2. Data we process
- Account and authentication data (for example name, email, user IDs).
- Organization, team, and service configuration data.
- Booking data (client name, service, staff member, dates, statuses).
- Communication data from connected channels (for example Facebook/Instagram conversation content and metadata).
- Phone and voice call data when the Phone Number Add-on is active (for example caller ID, call duration, audio, transcripts, and call metadata).
- Connected calendar data needed for availability and sync (calendar IDs, event metadata, synchronization tokens).
- Billing and subscription metadata (plan, billing period, payment status).
- Technical, security, and audit data (IP logs, request metadata, error logs).
3. Purposes and legal bases
We process personal data for the following purposes:
- Providing and operating the service (GDPR Art. 6(1)(b) contract).
- Managing subscriptions, billing, and invoices (Art. 6(1)(b)/(c)).
- Maintaining security, preventing abuse, and auditing (Art. 6(1)(f)).
- Supporting customers and troubleshooting issues (Art. 6(1)(b)/(f)).
- Complying with legal and regulatory obligations (Art. 6(1)(c)).
4. Stripe payments
Payments are processed by Stripe. We do not store full payment card details such as card number or CVC on our servers. Stripe processes payment data according to its own privacy and security documentation.
5. Clerk authentication
Authentication and identity management are provided by Clerk. Clerk acts as our processor for relevant account/authentication data under its contractual terms and data processing terms.
6. Meta (Facebook/Instagram) integration
If you connect Meta channels, we process channel messages and related metadata to provide conversation handling, booking assistance, and response automation. Photos clients send in Messenger or Instagram chats may be stored so the AI assistant can understand reference images (for example hairstyle inspiration); retention follows the same rules as other conversation data in your workspace.
In line with Meta platform requirements, users can request deletion of their platform data. Meta processes deletion requests automatically via our registered data deletion callback at https://URL/api/meta/deletion. You can also email support@arenix.info to request deletion manually.
Meta OAuth credentials (such as long-lived/page access tokens), when stored by the service, are treated as sensitive credentials and are intended to be stored encrypted at rest with restricted access controls.
7. Google Calendar connection and sync
If you connect Google Calendar, we access and process calendar data only as needed for availability checks, booking conflict prevention, and synchronization.
The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We do not use Google API data for advertising, data brokering, or unrelated model training. You can disconnect Google integration at any time in your account settings.
Google OAuth credentials (for example access/refresh tokens), when stored by the service, are treated as sensitive credentials and are intended to be stored encrypted at rest with restricted access controls.
8. Recipients and processors
We share data with trusted processors only where necessary to provide the service, such as hosting providers, authentication providers, payment processors, messaging/API providers, voice AI providers (including ElevenLabs for AI phone reception), and telecom providers (for example DIDWW for phone number provisioning and call routing).
9. International transfers
Some processors may process data outside the EEA. Where applicable, transfers rely on recognized safeguards (for example SCCs, DPF participation, or equivalent mechanisms).
10. Retention
We retain personal data only for as long as necessary for the purposes in this policy, including legal, accounting, security, and contractual obligations.
- Account and subscription records: retained while account is active, plus legal retention period.
- Booking and channel records: retained for service operation, audit, and dispute handling.
- Security logs: retained for a limited period unless needed for incident investigation.
11. Security measures
- Encryption in transit (HTTPS/TLS) for data transmitted to and from the service.
- Sensitive credential protection, including encrypted-at-rest token storage.
- Access controls based on least-privilege principles.
- Security monitoring, logging, and auditability for critical actions.
- Reasonable incident response procedures for suspected security events.
12. Your GDPR rights
You may have the right to:
- Access your personal data.
- Request correction of inaccurate data.
- Request deletion in certain circumstances.
- Restrict or object to certain processing.
- Request data portability where applicable.
- Withdraw consent where processing is based on consent.
To exercise rights, contact: support@arenix.info.
13. Complaints
You can lodge a complaint with your local supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP).
14. Cookies and similar technologies
We use cookies and similar technologies in your browser to run Agent I, remember your preferences, and help you contact support. Below is what you can expect as a user of the service.
- Sign-in and security. Cookies that keep you logged in, protect your account, and help prevent misuse. These are needed to use Agent I.
- Language preference. Remembers whether you use the app in English or Bulgarian so you do not have to select your language on every visit.
- Customer support chat. If you open Contact support in the app, we use a third-party chat service to handle your message. Cookies for that chat are only used after you open it, so we can continue your conversation if you return later.
- Facebook and Instagram connection. If you connect Messenger or Instagram in settings, related cookies or similar storage may be used so those channels can work with your salon account.
You can block or delete cookies in your browser settings. If you block sign-in cookies, you may not be able to log in. Support chat cookies apply only after you choose to open the chat.
Questions about cookies or your data: support@arenix.info.
16. Phone and AI voice channel
If you activate the Phone Number Add-on, inbound calls to your dedicated Agent I number are answered by an AI voice assistant. At the start of each call, callers hear a verbal disclosure identifying the assistant as AI and noting that the call may be recorded and shared with our service providers.
Voice calls are processed using ElevenLabs conversational AI and routed through third-party telecom providers. Call audio and conversations may be recorded, transcribed, stored, and shared with ElevenLabs and its third-party large language model providers to provide the service, maintain call quality, troubleshoot issues, and improve our products. ElevenLabs processes voice data under its platform terms (including the ElevenAgents terms).
Call transcripts and related metadata are stored in your workspace (for example in the Conversations area) so you can review calls and operate your salon. Retention follows the same operational and legal rules as other conversation and booking records in Agent I.
If you are a salon client calling a salon that uses Agent I, your call data is processed to handle your request and is accessible to the salon account that operates the phone line. To exercise data rights related to a specific salon, contact that salon or email support@arenix.info.
17. Policy changes
We may update this Privacy Policy from time to time. Material updates will be posted on this page with a new "Last updated" date.