Privacy Policy

ParlaCRM Platform

Last updated: 09/03/2026

Confidentiality and security are core values of ParlaCRM. We are committed to always protecting the privacy of our users and to collecting only the information strictly necessary for the operation of our platform. This Privacy Policy explains how we collect, use, and protect your personal data when you use the ParlaCRM CRM platform.

This document describes:

  • Who is responsible for processing your data.
  • The purposes for which we collect the data we request.
  • The legal basis for processing.
  • How long we retain your data.
  • With whom your data may be shared.
  • What rights you have regarding your personal data.

1. Data Controller

ETIC AI S.L.
721177V
Carretera d'Engolasters, s/n, Esc. 2, -1 -1
AD700 – Escaldes-Engordany
Andorra
Privacy contact: contact@parlacrm.com

Hereinafter referred to as "we", "us", or the "Data Controller".

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal data collected and processed by ParlaCRM using the Platform. It applies to:

  • Users of the Platform (sales representatives, managers, and administrators who use the CRM on behalf of their organisation — referred to as "Employees" or "Users").
  • Contacts and enterprise representatives whose data is stored in the CRM as part of commercial relationship management.

ParlaCRM is a multi-tenant B2B CRM platform. Each tenant (client company) operates in an isolated data environment. The Data Controller of end-contact data may be the tenant organisation itself; in such cases, ParlaCRM acts as a Data Processor under the instructions of that organisation.

3. Personal Data Collected

"Personal Data" refers to any information that can identify you directly or indirectly.

3.1 Data provided directly by Users

When you register or use the Platform as an Employee/User, we collect:

  • Identity data: full name, email address, password.
  • Professional data: role (e.g. Sales Representative, Manager, Admin), assigned business area or region.
  • Account preferences: language, notification settings.

3.2 Data entered by Users into the CRM

As part of CRM activity management, Users may enter the following data relating to their commercial contacts:

  • Contact data: name, job title, phone number, email address of business contacts.
  • Enterprise data: company name, address, industry, size, and other commercial information.
  • Interaction records: visit reports, call notes, task descriptions, and commercial activity logs.

3.3 Data collected automatically

When you use the Platform, we may automatically collect:

  • Log data: access logs and error reports for platform security and maintenance.

3.4 Data processed via AI and messaging integrations

The Platform includes a WhatsApp-based CRM bot. When these features are used:

  • Voice messages sent via WhatsApp may be transcribed using AI audio processing services.
  • Text messages may be processed by AI language models to detect intent and extract structured CRM data (e.g. visit dates, contact names, notes).
  • AI-generated summaries, contact profiles, and recommendations may be stored as part of the CRM record.

AI processing is used solely for the purpose of automating CRM data entry and improving the efficiency of commercial activities. Report notes and interaction details are captured literally, without AI summarisation, unless explicitly configured otherwise.

4. Purposes of Processing

Personal data collected through the Platform is used for the following purposes:

4.1 Platform access and user management

  • To register and authenticate Users on the Platform.
  • To manage role-based access controls (Admin, Area Manager, Business Line Manager, Sales Representative).
  • To maintain tenant data isolation in accordance with our multi-tenant architecture.

4.2 CRM functionality

  • To enable Users to manage enterprises and contacts within their assigned scope.
  • To record, track, and retrieve commercial interactions (visits, calls, tasks).
  • To schedule, confirm, and cancel commercial activities.
  • To generate analytics and dashboards on sales performance.

4.3 AI-assisted features

  • To process natural language messages and detect CRM actions (e.g. registering a visit, scheduling a meeting, creating a contact).
  • To generate AI-assisted conversation flows with leads and clients.
  • To maintain AI-generated contact profiles and interaction logs.

4.4 Platform improvement and security

  • To monitor platform performance, detect errors, and ensure service availability.
  • To protect against unauthorised access, fraud, and security threats.
  • To develop, test, and improve Platform features.

4.5 Communications

  • To send service-related communications (updates, security alerts, support messages).
  • To send commercial communications about new features or services, where you have provided explicit consent.

5. Legal Basis for Processing

  • Contractual necessity: Processing required to provide the Platform services in accordance with the subscription agreement between the tenant organisation and ParlaCRM.
  • Legitimate interests: Processing for platform security, fraud prevention, usage analytics, and quality improvement, where our legitimate interests do not override your rights.
  • Consent: For optional features such as commercial newsletters or specific AI features where consent is explicitly requested.
  • Legal obligation: Where processing is required to comply with applicable law or regulatory requirements.

6. Data Recipients

Your personal data may be shared with:

  • Infrastructure and technology providers: cloud hosting, database, and platform service providers who process data on our behalf under data processing agreements.
  • AI and language model providers: third-party AI services (e.g. Groq) used for natural language processing and audio transcription, under contractual data protection obligations.
  • WhatsApp / Meta: when the WhatsApp integration is used, messages are transmitted via Meta's Business API in accordance with Meta's terms and privacy policies.
  • Analytics providers: services used to monitor Platform performance and usage.
  • Authorised personnel: employees and contractors of ParlaCRM who require access to provide support or maintain the Platform.
  • Legal authorities: where required by applicable law or a binding order from a competent authority.

We ensure that any transfer of personal data to third parties complies with applicable data protection legislation. Where processors are engaged, we require them to implement appropriate technical and organisational security measures.

7. International Data Transfers

Some of our AI processing and infrastructure providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place (such as Standard Contractual Clauses approved by the European Commission) to protect your personal data in accordance with the GDPR.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law.

All personal data — including user account data, CRM interaction records, AI-generated contact profiles, conversation logs, and any other data stored on the Platform — is retained exclusively for the duration of the active subscription or contractual relationship with the tenant organisation.

Upon termination or expiry of the subscription, all personal data associated with the tenant's account is permanently deleted from our systems. No data is retained beyond the end of the contractual relationship, except where we are required to do so by applicable law or a binding order from a competent authority — in which case, only the minimum data required to fulfil that obligation will be kept, and solely for that purpose.

Commercial communications consent data is retained until consent is withdrawn, at which point the relevant data is promptly removed.

9. Your Rights

Under applicable data protection law (including the GDPR), you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data where it is no longer necessary for the purposes for which it was collected.
  • Right to restriction: to request that we limit the processing of your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at: contact@parlacrm.com, indicating "Personal Data Request" in the subject line and specifying the right you wish to exercise.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority (e.g. the Spanish Data Protection Agency — AEPD at www.aepd.es, or the authority in your country of residence).

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Multi-tenant data isolation using PostgreSQL schema-per-tenant architecture.
  • Role-based access controls ensuring Users can only access data within their authorised scope.
  • Encrypted data transmission (TLS/HTTPS) for all Platform communications.
  • Encrypted storage of credentials and sensitive configuration data.
  • Access logging and security monitoring.

Despite these measures, no system is completely immune to security risks. In the event of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.

11. Cookies

The Platform uses technical and functional cookies to ensure proper operation, maintain user sessions, and improve the user experience. For detailed information about the cookies we use, please refer to our Cookie Policy.

12. Third-Party Integrations

The Platform may integrate with third-party services including WhatsApp Business API (Meta), AI language model providers, and calendar or communication tools. When you use these integrations, data may be processed by those third parties in accordance with their own privacy policies. We recommend reviewing the relevant policies of any third-party services you use in conjunction with the Platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will notify Users through the Platform or by email. The date of the latest revision is indicated at the top of this document.

Continued use of the Platform after changes are notified constitutes acceptance of the updated Policy.

14. Contact

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

ETIC-AI S.L
Attn: Data Protection
Email: contact@parlacrm.com

Publication date: 09/03/2026 | Version 1.0