Privacy Policy

Last updated: April 30, 2026

1. Controller details

This Privacy Policy describes how Arenix Ltd. ("we", "us", "our") processes personal data when you use Agent I.

Controller details (to be completed):
Legal entity: Arenix Ltd.
EIK/BULSTAT: 208781058
Registered address: Varna, Bulgaria
Contact email: support@arenix.info
Privacy contact: support@arenix.info

2. Data we process

  • Account and authentication data (for example name, email, user IDs).
  • Organization, team, and service configuration data.
  • Booking data (client name, service, staff member, dates, statuses).
  • Communication data from connected channels (for example Facebook/Instagram conversation content and metadata).
  • Connected calendar data needed for availability and sync (calendar IDs, event metadata, synchronization tokens).
  • Billing and subscription metadata (plan, billing period, payment status).
  • Technical, security, and audit data (IP logs, request metadata, error logs).

3. Purposes and legal bases

We process personal data for the following purposes:

  • Providing and operating the service (GDPR Art. 6(1)(b) contract).
  • Managing subscriptions, billing, and invoices (Art. 6(1)(b)/(c)).
  • Maintaining security, preventing abuse, and auditing (Art. 6(1)(f)).
  • Supporting customers and troubleshooting issues (Art. 6(1)(b)/(f)).
  • Complying with legal and regulatory obligations (Art. 6(1)(c)).

4. Stripe payments

Payments are processed by Stripe. We do not store full payment card details such as card number or CVC on our servers. Stripe processes payment data according to its own privacy and security documentation.

5. Clerk authentication

Authentication and identity management are provided by Clerk. Clerk acts as our processor for relevant account/authentication data under its contractual terms and data processing terms.

6. Meta (Facebook/Instagram) integration

If you connect Meta channels, we process channel messages and related metadata to provide conversation handling, booking assistance, and response automation.

In line with Meta platform requirements, users can request deletion of their platform data. Meta processes deletion requests automatically via our registered data deletion callback at https://URL/api/meta/deletion. You can also email support@arenix.info to request deletion manually.

Meta OAuth credentials (such as long-lived/page access tokens), when stored by the service, are treated as sensitive credentials and are intended to be stored encrypted at rest with restricted access controls.

7. Google Calendar connection and sync

If you connect Google Calendar, we access and process calendar data only as needed for availability checks, booking conflict prevention, and synchronization.

The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not use Google API data for advertising, data brokering, or unrelated model training. You can disconnect Google integration at any time in your account settings.

Google OAuth credentials (for example access/refresh tokens), when stored by the service, are treated as sensitive credentials and are intended to be stored encrypted at rest with restricted access controls.

8. Recipients and processors

We share data with trusted processors only where necessary to provide the service, such as hosting providers, authentication providers, payment processors, and messaging/API providers.

9. International transfers

Some processors may process data outside the EEA. Where applicable, transfers rely on recognized safeguards (for example SCCs, DPF participation, or equivalent mechanisms).

10. Retention

We retain personal data only for as long as necessary for the purposes in this policy, including legal, accounting, security, and contractual obligations.

  • Account and subscription records: retained while account is active, plus legal retention period.
  • Booking and channel records: retained for service operation, audit, and dispute handling.
  • Security logs: retained for a limited period unless needed for incident investigation.

11. Security measures

  • Encryption in transit (HTTPS/TLS) for data transmitted to and from the service.
  • Sensitive credential protection, including encrypted-at-rest token storage.
  • Access controls based on least-privilege principles.
  • Security monitoring, logging, and auditability for critical actions.
  • Reasonable incident response procedures for suspected security events.

12. Your GDPR rights

You may have the right to:

  • Access your personal data.
  • Request correction of inaccurate data.
  • Request deletion in certain circumstances.
  • Restrict or object to certain processing.
  • Request data portability where applicable.
  • Withdraw consent where processing is based on consent.

To exercise rights, contact: support@arenix.info.

13. Complaints

You can lodge a complaint with your local supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP).

14. Policy changes

We may update this Privacy Policy from time to time. Material updates will be posted on this page with a new "Last updated" date.

Read Terms of Service