Privacy policy.

Effective Date: April 20, 2025

Last Updated: April 20, 2025

1. Introduction

At QBLOQ ON CHAIN EVERYTHING, we are committed to protecting the privacy and security of our users' personal information.

This Privacy Policy outlines how we collect, use, disclose, and manage the information you provide when you interact with our services, including our website and through our integration with Meta's WhatsApp Business and Cloud API.

As a technology provider, we adhere to strict compliance with relevant privacy laws, including the Data Protection Law of Colombia, the Privacy Act of Australia, and the applicable regulations within the Latin American region.

By using our services, you acknowledge and agree to the practices described in this Privacy Policy. If you do not agree with the terms outlined herein, please refrain from using our services.

In the course of our operations, we may process personal data from the following categories of data subjects:

  1. Customers and their end users

  2. Potential customers

  3. Business Partners

  4. Website Visitors

  5. Data Subject Referrals

If you have any questions, concerns, or inquiries regarding this Privacy Policy or our practices related to your personal data you can contact us at: [Our Contact Email]. Also if you wish to request the deletion of your personal data or exercise any of your rights under applicable data protection laws we encourage you to reach out to us.

1.2 Role in Data Processing

Our role in data processing depends on the type of data handled:

  • For our clients’ WhatsApp Business Accounts: We act as a Data Processor, processing messages and metadata strictly as required by our clients and Meta’s policies.

  • For our clients’ end-customers’ personal data (e.g., name, email, ID, address): We act as a Data Controller, determining how and why this data is processed.

  • For data transferred to Google Calendar for booking purposes: We assess this as a third-party data transfer and comply with legal requirements accordingly.

2. Data We Collect & How It Is Collected v0.3

We collect and process personal data to provide, improve, and secure our services, comply with legal obligations, and enhance user experience. The types of data collected and the methods used to collect it are outlined below.

2.1. Categories of Personal Data Collected

a. Identification & Contact Information

We collect personal information such as full name, phone number, email address, and, where applicable, business name. This data is necessary to create and manage user accounts, facilitate communication, provide customer support, and ensure seamless service functionality.

b. Account & Authentication Information

To verify identities and maintain security, we collect login credentials, authentication tokens, Meta and WhatsApp account identifiers, and security verification details, such as two-factor authentication codes. This information helps prevent unauthorized access and ensures compliance with Meta’s authentication and security protocols.

c. Messaging & Communication Data

When users interact with our services, we collect metadata related to their messages, including timestamps, sender and recipient details, and message delivery status. We also retain records of customer support interactions, including inquiries, feedback, and complaints, to improve service quality and resolve disputes. However, we do not access or store the content of messages exchanged via WhatsApp unless legally required or necessary for security and compliance purposes.

d. Device & Usage Data

We collect technical information about the devices used to access our services, such as device type, operating system, browser details, IP address, and approximate geolocation (where legally permitted). Additionally, session activity, including login/logout times, feature interactions, and general usage patterns, is collected to optimize performance, enhance security, and detect fraudulent activities. Cookies and tracking technologies may also be used for analytics and personalization, as further detailed in Section 7. Cookies & Tracking Technologies.

e. Payment & Transaction Data

Where applicable, we collect payment-related information, including transaction history and invoicing details. All financial transactions are processed securely by third-party payment providers, and we do not store sensitive financial data such as credit card numbers. Payment records may be retained for billing verification, refunds, fraud prevention, and compliance with financial regulations.

f. Technical & Analytical Data

To ensure optimal performance and security, we collect system logs, diagnostics, and usage analytics. This information allows us to monitor platform functionality, troubleshoot issues, and implement service improvements. Additionally, data related to advertising and marketing interactions may be processed to ensure lawful and relevant promotional activities.

2.2. How We Collect Personal Data

a. Directly from Users

We collect personal data when users register for our services, create an account, communicate with us via WhatsApp, email, or other support channels, or participate in surveys, promotions, or feedback initiatives. This allows us to provide support, personalize services, and maintain direct engagement with users.

b. Automatically Through Technology

When users interact with our platform, certain data is collected automatically through tracking tools such as cookies, pixels, and analytics software. This includes metadata, session activity, and device details, which are used to improve security, optimize performance, and enhance user experience. Additionally, when users log in via Meta authentication services, we retrieve necessary verification data to confirm their identity securely.

c. From Third-Party Sources

Where permitted by law, we may receive personal data from third parties, including Meta and WhatsApp for authentication, security, and analytics purposes, payment processors for billing verification, and business partners or service providers who assist in delivering our services. All third parties that process user data on our behalf are required to adhere to strict privacy and security standards, ensuring compliance with Meta’s policies, Colombian (Ley 1581 de 2012) and Australian (APPs 3 & 5) regulations, and global data protection laws.

We are committed to ensuring transparency in data collection practices and implementing appropriate safeguards to protect user information.

3. Purpose of Data Processing & Legal Basis

We process personal data strictly for legitimate business, operational, and legal purposes. Our data processing activities are aligned with the requirements set forth by Meta’s and WhatsApp’s policies, as well as Colombian (Ley 1581 de 2012) and Australian (Australian Privacy Principles – APP 6) data protection laws. The specific purposes for processing personal data, along with their corresponding legal bases, are detailed below.

However, we do not access or store the content of messages exchanged via WhatsApp unless legally required or necessary for security and compliance purposes.

3.1. Purpose of Data Processing

a. Service Provision & Account Management

We process personal data to create, manage, and maintain user accounts, authenticate identities, and provide access to our services. This includes verifying login credentials, managing authentication processes, and ensuring secure and authorized use of our platform. Processing this data is essential for fulfilling service agreements with users and ensuring compliance with Meta’s platform policies.

b. Communication & Customer Support

We use personal data to facilitate communication with users regarding account-related matters, service updates, technical support, and customer inquiries. This includes processing support tickets, responding to requests, and maintaining records of interactions to enhance service quality. These processing activities are necessary for contract fulfillment and legitimate business interests in providing efficient customer support.

c. Security, Fraud Prevention & Compliance

Personal data is processed to safeguard our platform against unauthorized access, fraud, and security threats. This includes monitoring account activity, detecting suspicious behavior, enforcing security measures such as two-factor authentication, and ensuring compliance with Meta’s security requirements. Additionally, we may process personal data to comply with legal obligations, including responding to regulatory authorities, court orders, and law enforcement requests.

d. Service Improvement & Analytics

We analyze user interactions, service usage, and performance metrics to enhance our platform’s functionality, optimize user experience, and develop new features. This may involve processing technical and analytical data, including device information, usage patterns, and engagement metrics. Such data is processed based on our legitimate interest in improving service efficiency and user satisfaction.

e. Marketing & Advertising (Where Applicable)

Where permitted by law, we process personal data to conduct direct marketing, promotional campaigns, and personalized advertising. This includes analyzing user preferences, providing relevant service recommendations, and measuring the effectiveness of marketing efforts. Users may opt out of marketing communications at any time, as detailed in Section 5. User Rights & Controls.

f. Legal & Regulatory Compliance

We process personal data to meet regulatory requirements, enforce our terms of service, and comply with industry regulations governing data protection, consumer rights, and financial transactions. This may include retaining records for audit purposes, responding to legal claims, and adhering to Meta’s and WhatsApp’s data processing obligations.

3.2. Legal Basis for Data Processing

a. Contractual Necessity

Certain data processing activities are required to fulfill contractual obligations between users and our platform. This includes creating user accounts, providing access to our services, processing transactions, and delivering customer support. Without this processing, we would be unable to deliver core functionalities to users.

b. Legitimate Interests

We process personal data based on our legitimate business interests, provided that such processing does not override the rights and freedoms of users. Legitimate interests include service improvement, fraud prevention, security monitoring, and internal analytics to enhance platform functionality and user experience.

c. Legal Obligations

In some cases, we are required by law to process and retain personal data to comply with Colombian (Ley 1581 de 2012) and Australian (APP 6) regulations, financial transaction laws, anti-fraud measures, and obligations set forth by Meta and WhatsApp. This includes responding to legal requests, maintaining tax records, and enforcing data protection standards.

d. User Consent

Where applicable, we rely on user consent to process personal data for purposes such as marketing, analytics, and optional service enhancements. Users have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

We ensure that all data processing activities align with applicable legal frameworks, protecting user rights while maintaining compliance with Meta’s policies, Colombian and Australian privacy laws, and international data protection standards.

4. Data Sharing & Disclosure

We do not sell, rent, or trade personal information. However, in order to provide and improve our services, ensure compliance with applicable regulations, and operate our business effectively, we may share personal information with trusted third parties under strict confidentiality and security obligations.

Service Providers and Business Partners

We may disclose personal information to service providers, contractors, and business partners who assist in delivering, maintaining, and enhancing our services. This includes, but is not limited to:

  • Technology and Infrastructure Providers: Providers of cloud storage, web hosting, and servers that enable the functionality, security, and scalability of our services.

  • Authentication, Analytics, and Advertising Partners: Platforms that assist in verifying user identities, analyzing service usage, and conducting lawful marketing activities.

  • Payment Processors: Entities responsible for processing transactions securely and ensuring compliance with financial regulations.

  • Artificial Intelligence (AI) and Automation Tools: Service providers that support AI-powered functionalities to enhance user experience and optimize service delivery.

  • Customer Relationship Management (CRM) and Communication Tools: Platforms that facilitate secure interactions with customers, including email services and messaging solutions.

These service providers only process personal data as necessary to fulfill their contractual obligations and in compliance with applicable privacy laws. They are prohibited from using personal data for purposes other than those explicitly authorized by us.

Professional Advisors and Legal Compliance

We may share personal information with professional advisors, including legal counsel, auditors, insurers, banks, and financial institutions, when we reasonably believe in good faith that such disclosure is necessary for:

  • Ensuring legal and regulatory compliance;

  • Enforcing our rights and defending against legal claims;

  • Managing financial transactions, audits, and risk assessments;

  • Responding to lawful governmental or regulatory requests.

Such disclosures are strictly limited to the extent necessary to receive expert guidance and protect our legal and financial interests.

Compliance with Laws and Legal Requests

We may disclose personal data when required to comply with applicable laws, regulations, legal processes, or governmental requests. This includes sharing information in response to valid subpoenas, court orders, regulatory obligations, or law enforcement requests, provided such disclosure complies with Colombian Law (Ley 1581 de 2012), the Australian Privacy Act (APP 6 & 8), and relevant international data protection laws.

International Data Transfers and Security Measures

In certain circumstances, we may process and transfer personal data to jurisdictions outside the country of collection, including countries where our service providers, business partners, or Meta’s infrastructure operate. Such transfers may be necessary to ensure the seamless provision of our services, maintain system security, enable lawful analytics and advertising, or comply with global legal requirements.

To safeguard transferred data, we implement appropriate legal, contractual, and technical measures, including:

  • Data Processing Agreements (DPAs) ensuring service providers comply with applicable data protection laws;

  • Standard Contractual Clauses (SCCs) or equivalent mechanisms where legally required;

  • Encryption and Access Controls to secure data at all stages of transmission and processing.

Where data is shared with third parties, these entities assume independent obligations under applicable privacy regulations to ensure data subjects retain their rights, including access, rectification, deletion, and restriction of processing.

User Rights and Control Over Data Sharing

Users may request details on how their personal data is shared, object to certain types of processing, or exercise their rights under applicable data protection laws. To inquire about data sharing practices or exercise rights, users may contact us at our email.

6. User Rights & Controls

We are committed to ensuring that individuals retain control over their personal data. In accordance with applicable data protection laws, including Colombian Law (Ley 1581 de 2012) and the Australian Privacy Act (Australian Privacy Principles – APPs), users have specific rights regarding their personal information. These rights may vary depending on the jurisdiction but generally include the following:

Right to Access and Obtain Information

Users have the right to request confirmation as to whether we process their personal data and, if so, obtain access to such data. Upon request, we will provide information regarding:

  • The categories of personal data being processed;

  • The purposes of processing;

  • The parties with whom data has been shared;

  • The applicable data retention periods.

Requests for access will be processed within the timeframes required by law.

Right to Rectification

Users may request the correction or updating of inaccurate, incomplete, or outdated personal data. We will make reasonable efforts to ensure that all retained data is accurate and up to date.

Right to Deletion (Right to be Forgotten)

Subject to legal and contractual obligations, users may request the deletion of their personal data when:

  • The data is no longer necessary for the purposes for which it was collected;

  • They withdraw consent where processing was based on consent;

  • They object to processing and there are no overriding legitimate grounds to continue processing;

  • The data has been unlawfully processed.

Requests for deletion will be honored unless legal, regulatory, or legitimate business interests require the retention of such data.

Right to Object to Processing

Users may object to the processing of their personal data in cases where:

  • Data is processed for direct marketing purposes;

  • Processing is based on our legitimate interests, and the user believes such interests do not outweigh their fundamental rights and freedoms.

If a valid objection is raised, we will cease processing the data unless we demonstrate compelling legitimate grounds to continue or where processing is required for legal claims.

Right to Restrict Processing

Users may request that their data be restricted under certain circumstances, including when:

  • The accuracy of the data is contested and under verification;

  • Processing is unlawful, but the user prefers restriction over deletion;

  • The data is no longer needed for processing, but the user requires it for legal claims;

  • An objection has been raised and is pending resolution.

During restriction, data will not be processed except for storage or legal purposes.

Right to Data Portability

Where applicable, users may request a copy of their personal data in a structured, commonly used, and machine-readable format. Where technically feasible, they may also request that we transfer their data directly to another service provider.

Right to Withdraw Consent

If data processing is based on consent, users may withdraw their consent at any time without affecting the lawfulness of prior processing. However, withdrawing consent may impact the availability of certain services.

Right to Lodge a Complaint

Users who believe their data protection rights have been violated may contact us to seek resolution. Additionally, they have the right to file a complaint with:

  • Colombian authorities: Superintendencia de Industria y Comercio (SIC)

  • Australian authorities: Office of the Australian Information Commissioner (OAIC)

Exercising User Rights

To exercise any of the above rights, users may submit a request by sending an email to us. Requests must include sufficient details to verify the user's identity and specify the right being exercised. We will respond within the timeframes required by law and may require further authentication to protect user data.

7. Data Retention & Security

We are committed to ensuring that personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Meta and WhatsApp’s terms, Colombian Law (Ley 1581 de 2012), Australian Privacy Principles (APP 11), and other applicable regulations. We also implement appropriate security measures to safeguard personal information against unauthorized access, use, disclosure, or destruction.

Data Retention Policy

We retain personal data only for the period required to:

  • Provide and maintain our services;

  • Comply with legal, contractual, and regulatory obligations;

  • Resolve disputes and enforce our agreements;

  • Protect our legal and financial interests;

  • Conduct internal audits, investigations, or security assessments.

When data is no longer required for these purposes, it is securely deleted, anonymized, or aggregated, in accordance with best practices and applicable legal requirements.

Data Deletion & Anonymization

Upon expiration of the retention period or upon a valid request for deletion, we ensure that personal data is securely and irreversibly removed from our active systems. In some cases, we may retain certain data in a de-identified or anonymized format to support analytics, compliance, or service improvements without linking it to identifiable individuals.

Security Measures

We implement organizational, technical, and administrative safeguards to protect personal information, including but not limited to:

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols.

  • Access Controls: Access to personal data is restricted to authorized personnel based on the principle of least privilege.

  • Network Security: We employ firewalls, intrusion detection systems, and access monitoring to prevent unauthorized access.

  • Data Integrity and Monitoring: Regular security audits, vulnerability assessments, and penetration testing are conducted to identify and mitigate risks.

  • Incident Response Protocols: In the event of a data breach, we have protocols in place to contain, assess, and mitigate the breach while ensuring timely notification to affected users and regulatory authorities, as required under applicable laws.

Third-Party Security Obligations

When sharing personal data with third-party service providers, business partners, or Meta’s platforms, we ensure that these entities implement equivalent security measures to protect user data. These third parties are contractually required to:

  • Process data strictly for authorized purposes;

  • Implement security safeguards compliant with industry standards;

  • Notify us promptly in the event of a security breach affecting shared data.

User Responsibilities

While we implement stringent security measures, users also play a role in protecting their personal data. We encourage users to:

  • Use strong, unique passwords for their accounts;

  • Enable multi-factor authentication (MFA) where available;

  • Be cautious of phishing attempts and fraudulent requests for information.

Reporting Security Concerns

Users who suspect unauthorized access or security vulnerabilities related to our services are encouraged to contact us immediately at privacy@parallelo.ai. We will investigate all reports promptly and take appropriate action to address any security risks.

8. Policy Updates & Contact Information

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, industry standards, our business operations, or our data processing practices. Any modifications will be made in compliance with Meta’s and WhatsApp’s policies, Colombian Law (Ley 1581 de 2012), and the Australian Privacy Act (APP 1.3 & 1.5).

When changes are made, we will notify users through appropriate channels, which may include:

  • A notice on our website or within our services;

  • An update sent via email or other registered communication methods;

  • Any other legally required means of notification.

We encourage users to review this Privacy Policy periodically to stay informed about how we protect their personal data. Continued use of our services after policy updates constitute acceptance of the revised terms.

Contact Information & User Inquiries

For any questions, concerns, or requests regarding this Privacy Policy, data protection practices, or user rights, you may contact us through the following channels:

📧 Email: privacy@parallelo.ai

We are committed to addressing all inquiries promptly and in accordance with applicable privacy regulations.