Privacy Policy
PersonAizer is operated by PersonAIzer LLC (შპს პერსონეიაიზერი), a company registered in Georgia (registration no. B25155602; Irakli Abashidze St. 34, Tbilisi). This Privacy Policy describes how we collect, use, and share information when you use our web platform, embeddable chat and persona experiences, messaging-channel integrations, and related services (the "Service"). Contact: privacy@personaizer.com.
Our Roles — Who Is Responsible for Your Data
PersonAizer is used in two ways, and our role differs between them.
When you interact with a persona or chat assistant that one of our business customers has deployed — on their website, or answering a message you send their Facebook Page or Instagram account — that business is the data controller for your messages. They decide why the assistant exists and how your information is used. PersonAizer acts as their data processor: we handle that data only to operate the assistant on their behalf, under a Data Processing Addendum. If you want a business to delete what it holds about you, you can contact that business directly, or use the routes in "Your rights" and we will act on the business's instructions.
For our own account, billing, security, and platform operations — when a customer signs up, when we secure accounts, prevent abuse, or bill for the Service — PersonAizer is the data controller, and this policy governs that processing directly. Our legal bases are performance of a contract, our legitimate interests (securing and improving the Service, preventing abuse), legal obligations, and consent where required.
Information We Collect
Account information. When you create an account we collect your email address, name, and authentication identifiers (for example, a Google account ID if you sign in with Google).
Conversation content. Text and transcribed speech you send to a persona are processed by our AI systems to generate replies, and are retained as described in "How long we keep things."
Microphone audio. Interactive persona experiences capture device-microphone audio to detect speech and generate responses. Audio is streamed to our speech-to-text provider, transcribed, and then discarded — we do not persist raw audio.
Camera and images. Certain features may use your device camera (for example, to detect presence at a kiosk or to capture a photo you choose to share). The camera is activated only after you grant the operating-system permission, which you can revoke at any time. Camera frames are processed in real time by our computer-vision provider and are not retained after the session ends.
Messaging channels (Messenger & Instagram). If a business connects its Facebook Page or Instagram professional account to a PersonAizer persona, we receive and process the messages people send to that business on those platforms. This includes the message content, the platform-assigned identifier for the sender, timestamps, and the identifier of the connected Page or account. We use it only to generate and deliver the persona's replies and to let the business's human agents take over the conversation; replies are sent back through Meta's messaging systems. We are the processor for this data; the connecting business is the controller, and Meta Platforms is described in "Third parties and sub-processors."
Contact details you provide in chat. A persona may invite you to share a name, email, or phone number (for example, to follow up with you). We store these for the business that operates the persona.
Avatar and persona data. If you create or customize a persona, we store the configuration you provide.
Device and usage data. We collect technical information such as device model, operating system, application version, IP address, and interaction events, used for analytics, security, and troubleshooting.
How We Use Your Information
To operate, maintain, and secure the Service; to generate AI persona responses from your input; to authenticate you and protect your account; to communicate with you about your account, updates, and support; to detect and prevent fraud or abuse; and to comply with legal obligations.
Artificial Intelligence — Transparency
You are interacting with an automated AI system, not a human, unless a human agent explicitly joins the conversation. Our AI assists rather than replaces human decision-making: it does not make decisions producing legal or similarly significant effects about you on its own. You can ask for a human to review any automated interaction, and a business's agents can take over a conversation at any time.
The Service is powered by large-language, speech, and computer-vision models operated by Microsoft Azure (Azure OpenAI, Azure Speech, Azure AI Search, Azure Vision) and Google (Vertex AI / Gemini, Google Cloud Speech), in their enterprise tiers, which contractually do not use your content to train AI models. We do not sell your data, and we do not train AI models on it.
Processing We Do Not Do
We do not use the Service to infer special categories of data (such as health, religion, political opinions, sexual orientation, or racial or ethnic origin), to perform biometric categorization or emotion recognition, or to carry out social scoring or trustworthiness evaluation. We do not store voiceprints, facial templates, or other biometric identifiers.
Third Parties and Sub-processors
We share data only with providers that process on our behalf under their own privacy terms and data-processing agreements:
- AI & language models — Microsoft Azure (Azure OpenAI, Speech, AI Search, Vision) in Sweden Central (EEA); Google Cloud (Vertex AI / Gemini, Cloud Speech) in the Netherlands (EEA)
- Web search & re-ranking — Brave Search and Cohere (United States)
- Stock images — Freepik (European Union); image generation — OpenAI (United States)
- Messaging channels — Meta Platforms (Messenger / Instagram message delivery and receipt)
- Authentication — Google (Sign in with Google)
- Billing — Flitt, a payment product of TBC Bank (Georgia)
- Infrastructure — Microsoft Azure (Sweden Central, EEA)
For United-States providers we rely on Standard Contractual Clauses or equivalent transfer safeguards.
Data Sharing
We do not sell your personal information. We share data only with the service providers above, with your consent, when required by law or legal process, or in connection with a corporate transaction (in which case affected users are notified).
How Long We Keep Things
| Data | Retained for |
|---|---|
| Conversation transcripts | Up to 90 days, then deleted; sooner on request |
| Contact details a persona collects | While the operating business's account is active; deleted on request or account closure |
| End-user consent records | 30 days |
| Account information | While your account is active |
| Authentication tokens | 14 days |
| Operational telemetry (IP masked) | 90 days |
| Billing and transaction records | As required by tax and accounting law (typically up to 7 years) |
Data Security
Primary processing and storage are in the European Economic Area (Microsoft Azure, Sweden Central). Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We apply administrative, technical, and physical safeguards; no method of transmission or storage is fully secure, and we cannot guarantee absolute security.
Data Breach Notification
If personal data is involved in a security incident, we will notify the relevant supervisory authority within 72 hours of becoming aware where required, and affected individuals without undue delay where the incident is likely to present a high risk, in line with GDPR Articles 33–34. When we act as a processor, we notify the controlling business without undue delay so it can meet its own obligations.
Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise any right, contact privacy@personaizer.com; we respond within the time required by law (generally one month). For account deletion, see the in-app Delete account option or our Delete Account page. If your data is held by a business whose persona you interacted with, you can also ask that business directly, or ask us and we will act on its instructions. You may also lodge a complaint with your supervisory authority — in Georgia, the Personal Data Protection Service (pdps.ge).
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how it is used, to delete it, to correct it, and to opt out of its sale or sharing. We do not sell or share personal information in the CCPA sense. We will not discriminate against you for exercising these rights. To exercise them, contact privacy@personaizer.com.
International Transfers
Our primary storage and processing are in the EEA (Sweden Central). A limited set of operations involve providers outside the EEA — web search (Brave, US), re-ranking (Cohere, US), image generation (OpenAI, US), Google authentication (US), and Meta messaging (US) — for which we rely on Standard Contractual Clauses or equivalent safeguards. Payment processing (Flitt / TBC Bank) operates in Georgia.
EU Representative
Where appointed, our representative in the European Union under Article 27 GDPR will be named here.
Cookies
We use a single HTTP-only cookie storing an anonymous identifier for end users of public personas, strictly necessary for rate-limiting and abuse prevention; it expires after about 30 days. We do not use cookies for advertising, behavioral tracking, or cross-site profiling.
Children
The Service is not directed to children under 13 (or the higher minimum age in your jurisdiction), and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.
Changes & Contact
We may update this policy; on material changes we update the "Last updated" date and, where appropriate, provide additional notice. Questions or requests: privacy@personaizer.com.
Last updated: 2026-06-27