Privacy Policy – LetMeChat

    Last Updated: November 20, 2025

    This Privacy Policy governs the processing of personal data carried out by LetMeChat (hereinafter "LetMeChat" or "We"), a Software as a Service (SaaS) provider focused on customer service and sales automation through WhatsApp, Instagram, Messenger (Meta), embedded websites and proprietary applications.

    LetMeChat operates in strict compliance with the Brazilian Federal Constitution, in particular the principles of human dignity, inviolability of intimacy, private life and confidentiality of communications (Articles 1, III; 5, X and XII), as well as with the Brazilian General Data Protection Law – LGPD (Law 13.709/2018) and other applicable rules.

    By using our services, You (Business Customer or End Customer) acknowledge this policy and authorize data processing under the terms set out here.

    1. Definitions

    LetMeChat (SaaS)

    AI-powered communication automation platform operating across multiple channels: WhatsApp, Instagram, Messenger, embedded websites and proprietary applications.

    User Data (Business Customers)

    Information provided by contracting companies: registration data, billing, usage preferences, API credentials and chatbot settings.

    End Customer Data

    Content and metadata from interactions between end consumers and the chatbot (conversations, numbers, timestamps, context, media and scheduling data).

    Subprocessors

    Third parties engaged by us (e.g., Meta, Stripe, Supabase, OpenAI/Google/LangChain) responsible for executing parts of the operation, always under contract and with adequate confidentiality obligations.

    2. Information Collected

    We collect only the data strictly necessary for the delivery and security of the services.

    2.1. Identification & Registration Data (Business Customers)

    • Name, email, phone and login credentials
    • Billing and subscription information (Stripe)
    • Workspace, chatbot, flow and integration settings

    2.2. Communication Data (End Customers)

    Collected exclusively to execute the automated service:

    • Content of messages sent via WhatsApp, Instagram, Messenger, embedded websites and proprietary applications
    • Media voluntarily sent by the user
    • Metadata: number, timestamps, delivery status, read events
    • Scheduling data and service preferences (when applicable)

    2.3. Technical & Platform Data

    • API logs for each workspace
    • Frontend navigation and usage events (non-sensitive)
    • Error, scalability and queue records (Redis, Docker, Node)

    3. Processing Purposes

    All processing is carried out based on specific purposes defined by LGPD and Meta's rules.

    3.1. Core Service Execution

    • Automatic message processing
    • Maintenance of conversational context
    • AI-generated responses
    • Automated flow execution and scheduling

    3.2. Platform Maintenance & Improvement

    • Technical diagnostics
    • Usage-limit monitoring and abuse prevention
    • Performance and stability optimization

    3.3. Compliance with Meta Requirements

    Data processing on WhatsApp, Instagram and Messenger strictly follows the official policies for BSPs (Business Solution Providers) and subprocessing requirements.

    3.4. Billing & Subscription Management

    • Payment processing (Stripe)
    • Usage calculation and recurring billing

    4. Data Sharing

    LetMeChat does not sell personal data. Sharing occurs only in strictly necessary situations:

    4.1. Engaged Subprocessors

    • Meta / Evolution API to send and receive messages
    • OpenAI, Google, LangChain or equivalents for AI processing
    • Stripe for billing
    • Supabase for authentication

    All receive only the data indispensable to their function.

    4.2. Public Authorities

    Upon court order, legal determination or request from a competent authority, as provided by Article 5, XII of the Brazilian Federal Constitution.

    4.3. Contractual Performance

    Sharing strictly necessary to execute the contract with the Business Customer.

    5. Security & Storage

    We employ technical and administrative practices appropriate to LGPD:

    • Encryption of data in transit and at rest
    • Segregated environment using containers (Docker)
    • Database managed via Prisma with strict controls
    • Protected tokens and credentials
    • Logs and queues handled on Redis with controlled expiration
    • Least-privilege access policy

    Retention

    Conversation data is stored only for the period necessary to:

    • ensure context works correctly
    • comply with legal and contractual obligations

    After that period, data is anonymized or safely deleted.

    6. Legal Basis for Processing

    Based on the Brazilian Federal Constitution, the LGPD and related rules:

    6.1. Contract Performance (LGPD Art. 7, V)

    For processing of Business Customer data.

    6.2. Legitimate Interest or Consent (End Customers)

    LetMeChat acts as Processor. The Business Customer is the Controller, responsible for:

    • defining their legal bases
    • obtaining consent when necessary
    • ensuring transparency towards their end consumer

    6.3. Compliance with Legal Obligation (LGPD Art. 7, II)

    To meet determinations from public bodies and authorities.

    7. Rights of Data Subjects

    In accordance with LGPD, data subjects may request:

    • Confirmation that processing exists
    • Access to data
    • Correction or update
    • Deletion or anonymization
    • Portability
    • Information about sharing
    • Withdrawal of consent (when applicable)

    LetMeChat will support data subjects within its duties as Processor.

    8. Contact Channels

    To exercise rights, request clarifications or contact the data protection officer (DPO):

    Official email:
    [email protected]

    Talk to us