Privacy policy

Privacy Policy

Effective Date: April 24, 2026

1. Introduction

This Privacy Policy describes how ALTO Trading Investment (doing business as IAAI Technology), a company registered in Egypt (Commercial Registration No. 110700200030859), collects, uses, stores, and protects personal data through our service, "4 In 1 Assistant".

Registered Address: 6 Amman Street, Al Dokki, Giza, Egypt

Contact Email: Admin@iaaitech.com

Website: https://iaaitech.com

We are committed to protecting your privacy. This Privacy Policy applies when a Facebook Page administrator connects 4 In 1 Assistant to a Facebook Page and when end-users interact with a Facebook Page that uses our service.

2. Scope of Services

4 In 1 Assistant provides AI-powered automation services for Facebook and Instagram Pages, including:

  • Automatic replies to Facebook Messenger and Instagram Direct Messages
  • Automatic replies to comments on posts
  • Automated publishing of posts
  • Monthly reporting on page activity

2.1 Facebook Permissions and Access

Our application uses Facebook permissions granted by the Page owner to perform specific actions. These permissions allow us to:

  • Read and respond to messages sent to the Facebook Page
  • Read and respond to comments on posts
  • Access basic Page information and metadata
  • Display and manage Pages connected to the account
  • Publish and manage posts on the Page

All permissions are granted explicitly by the Page owner through Facebook and can be revoked at any time from Facebook settings.

3. Data Controller

For the purposes of applicable data protection laws, including the Egyptian Personal Data Protection Law (PDPL) and the General Data Protection Regulation (GDPR), ALTO Trading Investment is the Data Controller.

4. Information We Collect

4.1 Client Data (Facebook Page Owners)

  • Identity Data: Name, email address.
  • Billing Data: Payment details required for subscription services.
  • Configuration Data: Business preferences and instructions for 4 In 1 Assistant AI behavior.
  • Access Data: Facebook Page permissions and access tokens (we never collect or store Facebook passwords).

4.2 End-User Data (Facebook/Instagram Users)

When users interact with a Page connected to 4 In 1 Assistant, we process:

  • Identity Data: User display name, User ID.
  • Content Data: Message text, comment text.
  • Metadata: Date and time of interaction.

4.3 Page and Content Data

  • Page Metadata: Page ID, page details.
  • Post Content: Stored to prevent repetition.
  • Engagement Data: Used for reporting and performance analysis.

4.4 Website Data

When visiting https://iaaitech.com, we collect usage data via cookies, Google Analytics, and Meta Pixel.

5. How We Use Data

Purpose

Description

AI reply generation

We send message text to OpenAI to generate automated replies.

Workflow automation

Make.com routes data between Facebook, OpenAI, and our database.

Business preferences

Customize AI responses based on client instructions.

Conversation storage

Supabase stores history so the AI maintains context.

Billing Data

Process billing and manage subscriptions.

Image hosting

Cloudinary stores images you upload for scheduled posts.

Engagement Data

Generate monthly activity reports.

Post publishing

We publish scheduled posts via the Graph API.

6. Data Retention

  • Page Access Tokens: While service is active.
  • Conversation History: Up to 1 year.
  • Client Configurations: While service is active.

Upon service termination, tokens are deleted immediately, and conversation history is wiped.

7. Data Sharing and Third-Party Services

We use: Meta Platforms (APIs), Make.com (Workflows), OpenAI (AI generation), Supabase (Database/EU), Cloudinary (Media), Shopify (Hosting), Stripe/PayPal (Payments), and Google Analytics/Meta Pixel (Analytics). We do not sell or rent personal data.

8. International Data Transfers

Data may be transferred to the European Union (e.g., Ireland – Supabase) and the United States (e.g., Meta, OpenAI, Google, Shopify). We take reasonable measures to ensure compliance with applicable data protection laws.

9. Data Deletion and User Rights

9.1 Clients Rights: You may access, correct, or request deletion of your data (including conversation history, tokens, and images).

9.2 End-User Rights: If you are an end-user, you must contact the Page owner (our client) to request data deletion. However, all conversation data is automatically purged from our systems after 1 year.

10. Data Security & Compliance

10.1 GDPR Compliance: We comply with GDPR for users in the EEA.

10.2 Legal Basis: Contractual necessity, legitimate interest (maintaining context), and consent (via Facebook authorization).

10.3 Platform Compliance: We process data in strict accordance with Meta’s Platform Terms of Service and Developer Policies.

10.4 Data Breach: Users will be notified within 72 hours.

10.5 Children’s Privacy: Services are not directed toward children; we do not knowingly collect children's data.

11. Cookies and Tracking

We use Shopify essential cookies, Google Analytics, and Meta Pixel. Users can opt out via browser settings.

12. Legal Compliance & Disclosures

We may disclose data if required by Egyptian law, court orders, or to enforce our Terms of Service.

13. Updates to This Policy

Material changes will be notified via email to current users. Continued use of the service constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related inquiries, data deletion requests, or breach notifications: