Privacy Policy

Last updated: March 25, 2026

This Privacy Policy describes how AuTeam ("we," "us," or "our"), operated by Andrés Villarreal as a sole proprietorship (persona física con actividad empresarial) based in Monterrey, Nuevo León, México, collects, uses, stores, and protects information through our website auteam.io and our AI-powered CRM platform at crm.auteam.io (collectively, the "Service").

AuTeam provides a multi-tenant SaaS platform that enables small and medium-sized businesses ("Clients") to connect their messaging channels — including WhatsApp, Facebook Messenger, and Instagram Direct Messages — to a unified CRM with AI-powered chatbot capabilities. This policy also covers our use of the Meta (Facebook/Instagram) Platform and APIs.

1. Information We Collect

We collect different types of information depending on whether you are a Client (a business using our platform) or an End User (a person who sends messages to a Client's Facebook Page or Instagram account).

1.1 Information from Clients

• Account registration data (name, email, password)
• List of Facebook Pages they administer (via pages_show_list permission)
• Facebook Page metadata for webhook subscriptions (via pages_manage_metadata permission)
• Linked Instagram Business account information (via instagram_basic permission)
• Billing and subscription information

1.2 Information from End Users (via Meta Platform)

When an End User sends a message to a Client's Facebook Page via Messenger or to their Instagram Business account via DMs, we receive and process:

• Name and profile picture (via Business Asset User Profile Access)
• Page-Scoped User ID (PSID) assigned by Facebook
• Content of messages sent via Facebook Messenger and Instagram DMs
• Timestamps of messages

1.3 Information We Do NOT Collect

• Advertising or ad account data
• Financial or payment information of End Users
• Content from Facebook/Instagram feed posts, photos, or videos
• Friend lists or social graph data
• Location data (beyond what is publicly visible on a user's profile)

2. How We Use Information

2.1 Meta Platform Data

Data received through the Meta (Facebook/Instagram) Platform is used exclusively for the following purposes:

• Routing messages: Delivering Messenger and Instagram DM conversations to the appropriate Client's CRM workspace
• Displaying contact information: Showing the End User's name and profile picture within the CRM conversation interface so the Client can identify who they are speaking with
• Webhook management: Subscribing to and managing real-time message delivery from Facebook Pages and Instagram accounts
• Channel configuration: Enabling Clients to connect and manage their Facebook Pages and Instagram Business accounts within our platform

We do not use Meta Platform data for advertising, marketing, analytics, profiling, or any purpose other than providing the messaging CRM service described above.

2.2 Client Data

We use Client data to:

• Provide, maintain, and improve the Service
• Manage accounts and subscriptions
• Communicate about service updates and support
• Ensure compliance with our Terms of Service and applicable laws

3. Facebook and Instagram Permissions

Our Facebook App (ID: 1382968503393875) requests the following permissions, each used for a specific purpose:

Permission	Purpose
pages_show_list	Display the list of Facebook Pages a Client administers so they can select which Pages to connect to the CRM
pages_manage_metadata	Subscribe to webhooks on the Client's Facebook Pages to receive real-time message notifications
pages_messaging	Send and receive messages on behalf of the Client's Facebook Page via Messenger
instagram_basic	Access basic information about the Client's linked Instagram Business account for channel setup
instagram_manage_messages	Send and receive Instagram Direct Messages on behalf of the Client's Instagram Business account
Business Asset User Profile Access	Retrieve the name and profile picture of End Users who message the Client's Page or Instagram account, for display in the CRM

4. Legal Basis for Processing

We process personal data under the following legal bases:

• Performance of a contract: Processing Client data is necessary to provide the Service as agreed in our Terms of Service
• Legitimate interest: Processing End User message data is necessary for the legitimate interest of enabling Clients to respond to inquiries from their customers via their connected messaging channels
• Consent: End Users initiate contact with a Client by sending a message via Messenger or Instagram DMs, thereby consenting to having their message and basic profile information processed for the purpose of receiving a response
• Legal obligation: We may process data as required to comply with applicable laws and regulations

5. Data Storage and Security

All data is stored on servers operated by Hetzner Online GmbH located in Germany (European Union). Specifically:

• CRM data (conversations, contacts, messages) is stored in the Chatwoot database on our Hetzner VPS
• Application data is stored in PostgreSQL databases hosted on Hetzner infrastructure
• All connections are encrypted via SSL/TLS (managed by Caddy web server)
• Access to servers is restricted and protected by SSH key authentication
• Database access is limited to the application layer only

6. Data Sharing

We share data only with the following parties and under these conditions:

• With the Client (Page/account owner): End User messages and profile information are visible to the Client whose Facebook Page or Instagram account received the message. This is the core function of our CRM service.
• Infrastructure providers: Hetzner Online GmbH (server hosting in Germany) — as a data processor under our instructions only.

We do NOT:

• Sell personal data to any third party
• Share data with advertisers or ad networks
• Use data for profiling, targeted advertising, or marketing purposes
• Transfer data to data brokers
• Share Meta Platform data with any third party beyond what is described above

7. Data Retention

• Client data: Retained for the duration of the Client's active account, plus 30 days after account termination to allow for reactivation or data export
• End User message data: Retained for as long as the Client's account is active, as it forms part of the Client's conversation history in the CRM
• After account termination: All associated data (including End User messages and profiles) is permanently deleted within 90 days of account closure

8. Data Deletion

8.1 For End Users

If you are an End User and wish to have your data deleted, you can:

1. Contact us directly at andres@auteam.io with the subject line "Data Deletion Request" — include the Facebook Page or Instagram account you messaged and any identifying information
2. Use the Facebook data deletion callback: Our app provides a data deletion endpoint. When you remove our app from your Facebook settings, a deletion request is automatically triggered via crm.auteam.io
3. Contact the Client directly: You may also contact the business (Facebook Page or Instagram account) you originally messaged and request that they delete your conversation from their CRM

We will process deletion requests within 30 days and confirm completion via email.

8.2 For Clients

Clients can request complete account and data deletion by contacting us at andres@auteam.io. All data associated with the Client's account, including connected channels and conversation history, will be permanently deleted within 90 days.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (see Section 8)
• Right to data portability: Request your data in a structured, machine-readable format
• Right to restrict processing: Request that we limit how we use your data
• Right to object: Object to our processing of your data based on legitimate interest
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at andres@auteam.io. We will respond within 30 days.

10. GDPR Compliance

As our servers are located in Germany (EU), we are committed to compliance with the General Data Protection Regulation (GDPR):

• We process data lawfully, fairly, and transparently
• Data is collected for specified, explicit, and legitimate purposes
• We practice data minimization — collecting only what is necessary for the Service
• We implement appropriate technical and organizational security measures
• We respect all data subject rights as outlined in Section 9
• Our infrastructure provider (Hetzner) is based in Germany and subject to EU data protection law

For users in Mexico, we also comply with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP).

11. Cookies

Our website (auteam.io) uses:

• Essential cookies: Required for authentication and session management on the CRM platform
• No third-party tracking cookies: We do not use advertising or analytics cookies from third parties

Our CRM platform (crm.auteam.io) uses session cookies strictly for authentication purposes.

12. Compliance with Meta Platform Terms

Our use of data obtained through the Meta Platform (Facebook and Instagram APIs) complies with:

• Meta Platform Terms
• Meta Developer Policies
• Meta Privacy Policy

We do not use Meta Platform data in any way that violates these policies. Users can revoke our access at any time through their Facebook or Instagram privacy settings.

13. Children's Privacy

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. We encourage you to review this page periodically. For material changes, we will notify Clients via email.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Name: Andrés Villarreal
• Company: AuTeam
• Email: andres@auteam.io
• Address: Monterrey, Nuevo León, México
• Website: https://auteam.io

---

Política de Privacidad

Última actualización: 25 de marzo de 2026

Esta Política de Privacidad describe cómo AuTeam ("nosotros", "nos" o "nuestro"), operado por Andrés Villarreal como persona física con actividad empresarial con sede en Monterrey, Nuevo León, México, recopila, utiliza, almacena y protege la información a través de nuestro sitio web auteam.io y nuestra plataforma CRM con IA en crm.auteam.io (colectivamente, el "Servicio").

1. Información que Recopilamos

1.1 De nuestros Clientes (negocios que usan la plataforma)

• Datos de registro (nombre, correo electrónico, contraseña)
• Lista de Páginas de Facebook que administran
• Metadatos de Páginas de Facebook para suscripciones a webhooks
• Información de cuentas de Instagram Business vinculadas
• Información de facturación y suscripción

1.2 De Usuarios Finales (quienes envían mensajes a las Páginas/cuentas de nuestros Clientes)

• Nombre y foto de perfil de Facebook/Instagram
• ID de usuario con alcance de página (PSID) asignado por Facebook
• Contenido de los mensajes enviados vía Facebook Messenger e Instagram DMs
• Marcas de tiempo de los mensajes

1.3 Información que NO Recopilamos

• Datos de publicidad o cuentas publicitarias
• Información financiera de Usuarios Finales
• Contenido de publicaciones, fotos o videos del feed de Facebook/Instagram
• Listas de amigos o datos del grafo social

2. Cómo Usamos la Información

Los datos recibidos a través de la Plataforma de Meta se utilizan exclusivamente para enrutar mensajes al espacio de trabajo CRM del Cliente y mostrar información de contacto del Usuario Final dentro de la interfaz del CRM.

No utilizamos datos de la Plataforma de Meta para publicidad, marketing, análisis de perfiles ni ningún otro propósito más allá del servicio de CRM de mensajería.

3. Almacenamiento y Seguridad de Datos

Todos los datos se almacenan en servidores de Hetzner Online GmbH ubicados en Alemania (Unión Europea), protegidos por cifrado SSL/TLS.

4. Compartición de Datos

Compartimos datos únicamente con el Cliente cuya Página de Facebook o cuenta de Instagram recibió el mensaje, y con nuestro proveedor de infraestructura (Hetzner). No vendemos, compartimos con anunciantes ni transferimos datos a terceros.

5. Eliminación de Datos

Para solicitar la eliminación de sus datos, contacte a andres@auteam.io con el asunto "Solicitud de Eliminación de Datos". Procesaremos su solicitud en un plazo de 30 días.

6. Sus Derechos

Usted tiene derecho a acceder, rectificar, eliminar y portar sus datos personales. Para ejercer estos derechos, contacte a andres@auteam.io.

7. Contacto

• Nombre: Andrés Villarreal
• Empresa: AuTeam
• Correo: andres@auteam.io
• Dirección: Monterrey, Nuevo León, México