← Back to Gretta.ai

Privacy Policy

Last updated: 23 February 2026

Gretta.ai ("Gretta," "we," "us," or "our") is operated by Inoetic Pte. Ltd., a company registered in Singapore. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI booking assistant service across messaging platforms including WhatsApp, Telegram, Facebook Messenger, and Instagram ("the Service").

1. Information We Collect

We collect the following categories of information:

• Account Information: When you sign up as a business owner, we collect your name, email address, phone number, and business details (business name, services offered, operating hours, timezone).
• Messaging Data: When end-user customers interact with Gretta through messaging platforms, we process message content to provide booking, ordering, and customer service functionality. This includes the customer's name (as provided by the messaging platform), phone number or platform user ID, and message content.
• Booking Data: Appointment details including date, time, service type, customer name, and contact information.
• Calendar Data: If you connect Google Calendar, we access your calendar availability (busy/free slots) and create, update, or delete events on your behalf. We store OAuth tokens securely to maintain this connection.
• Payment Information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number. We retain your Stripe customer ID and subscription status.
• Usage Data: We collect analytics on conversation volume, response times, and feature usage to improve the Service.
• Device and Log Data: IP addresses, browser type, and access timestamps when you use our web dashboard.

2. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service, including AI-powered booking, ordering, and customer support
• Process and manage appointments, orders, and customer interactions
• Send booking confirmations, reminders, and notifications to both business owners and their customers
• Sync with your Google Calendar to check availability and manage events
• Process subscription payments and manage billing
• Improve our AI models and service quality (using anonymized and aggregated data only)
• Communicate with you about service updates, security alerts, and support
• Detect, prevent, and address technical issues, fraud, or abuse
• Comply with legal obligations

3. AI Processing

Gretta uses third-party AI language models to understand and respond to customer messages. Message content is sent to AI providers (such as Google, OpenAI, or other model providers) for real-time processing. We do not use your conversations to train AI models. AI providers process data in accordance with their own data processing agreements, which prohibit use of API inputs for model training.

4. How We Share Your Information

We do not sell your personal data. We may share information with:

• Messaging Platforms: WhatsApp (Meta), Telegram, Facebook Messenger, and Instagram as necessary to deliver and receive messages through their APIs.
• AI Service Providers: Third-party AI model providers to process and generate responses to customer messages.
• Cloud Infrastructure: Hosting providers (for servers and databases) that store data on our behalf under strict data processing agreements.
• Payment Processors: Stripe, for subscription billing.
• Google: If you connect Google Calendar, to sync availability and manage events.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.

5. Data Storage and Security

Your data is stored on servers located in the Asia-Pacific region (Singapore). We implement industry-standard security measures including:

• Encryption of data in transit (TLS/HTTPS) and sensitive data at rest
• Secure credential storage with encryption
• Webhook signature verification for all incoming platform messages
• Constant-time comparison for cryptographic operations
• Rate limiting and abuse prevention
• Regular security reviews and code audits

6. Data Retention

We retain your data as follows:

• Account data: For the duration of your account, plus 30 days after deletion.
• Conversation data: For 12 months from the date of the conversation, then automatically deleted.
• Booking data: For 24 months from the appointment date.
• Payment records: As required by applicable tax and accounting laws (typically 5–7 years).

You may request earlier deletion of your data at any time (see Section 9).

7. Messaging Platform Compliance

Our use of messaging platform APIs complies with the respective platform policies:

• WhatsApp/Meta: We comply with the WhatsApp Business Policy and Meta Platform Terms. We only send messages to users who have initiated conversations or opted in. We use approved message templates for initiating conversations outside the 24-hour customer service window.
• Telegram: We comply with the Telegram Bot API Terms of Service.
• Facebook/Instagram: We comply with Meta Platform Terms and Messenger Platform Policy.

8. International Data Transfers

If you or your customers are located outside Singapore, your data may be transferred to and processed in Singapore. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for any international data transfers.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data.
• Portability: Request a machine-readable copy of your data.
• Withdrawal of Consent: Withdraw consent for data processing at any time.
• Objection: Object to certain types of processing.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

For Singapore residents, this policy complies with the Personal Data Protection Act 2012 (PDPA). Our Data Protection Officer can be reached at [email protected].

10. End-User Customers

If you are a customer interacting with a business through Gretta (e.g., booking an appointment via WhatsApp), the business you are communicating with is the data controller for your personal data. Gretta acts as a data processor on behalf of that business. Please refer to the business's own privacy policy for information about how they handle your data.

However, we still protect your data in accordance with this policy and applicable laws. You may contact us directly at [email protected] to exercise your rights.

11. Children's Privacy

The Service is not directed to individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Cookies and Tracking

Our web dashboard may use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising trackers. We do not use tracking pixels in messages.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Inoetic Pte. Ltd.
Singapore
Email: [email protected]
General inquiries: [email protected]