← Back to architech.ge
karuenhe

Privacy Policy

Effective date: 2026-04-19 · Version 1.0

Effective Date: April 19, 2026 | Version: 1.0

1. Who We Are

This policy is issued by AI ArchiTech (TIN: 302364876), 28 Kutaisi St, Tbilisi, Georgia ("we", "us", "Provider"). We operate the SaaS platform at app.architech.ge that provides AI-powered virtual assistants to businesses.

Contact for data-related inquiries: [email protected]

2. Scope

This Privacy Policy applies to:

  • Business clients ("Clients") who register on the Platform
  • Individuals ("End Users") who interact with AI Assistants deployed by our Clients
  • Visitors to our website architech.ge

3. Data We Collect

3.1. Client Data (provided during registration and use)

  • Company name, TIN, business type
  • Contact person name, email address, phone number
  • Login credentials (hashed, never stored in plaintext)
  • Payment information (processed by Bank of Georgia; we do not store full card numbers)
  • Knowledge base content uploaded for AI Assistant training
  • Agent configuration and settings

3.2. End User Data (collected through AI Assistants)

  • Messages exchanged with the AI Assistant
  • Name, email, phone number (if voluntarily provided during conversation)
  • IP address, browser type, device information
  • Conversation timestamps and session identifiers

3.3. Automated Data

  • Server logs (IP addresses, request timestamps, HTTP status codes)
  • Cookie identifiers (see Section 8)
  • Usage analytics (pages visited, features used, session duration)

4. Purpose of Data Processing

We process data for the following purposes:

  • Service delivery: Operating AI Assistants, processing conversations, capturing leads
  • Account management: Registration, authentication, billing, support
  • Service improvement: Analyzing usage patterns, improving AI response quality, debugging
  • Communication: Sending invoices, subscription notifications, service updates
  • Legal compliance: Tax reporting, responding to lawful requests from authorities
  • Security: Fraud prevention, rate limiting, abuse detection

5. Legal Basis

Under the Law of Georgia on Personal Data Protection, we process data based on:

  • Contractual necessity: Processing required to deliver the service the Client subscribed to
  • Legitimate interest: Service improvement, security, and fraud prevention
  • Consent: Where required, particularly for marketing communications and cookies
  • Legal obligation: Tax records retention, compliance with court orders

6. Data Sharing

We share data with the following categories of recipients, solely for the purposes described:

| Recipient | Purpose | Data Shared | |-----------|---------|-------------| | Google (Gemini) | AI response generation for Georgian/Arabic languages | Conversation messages | | Anthropic (Claude) | AI response generation for Russian/English languages | Conversation messages | | OpenAI (GPT-4o) | AI response generation for Hebrew language | Conversation messages | | Bank of Georgia | Payment processing | Transaction amount, Client identity | | Resend | Email delivery | Recipient email, message content | | Cloudflare | CDN, security, DNS | IP addresses, traffic data | | Hetzner | Server hosting (EU) | All platform data (encrypted at rest) | | Supabase | Database hosting (EU-West) | All platform data (encrypted at rest) | | Meta (Instagram/Messenger) | Social media messaging | Conversation messages, profile IDs |

Important: LLM providers (Google, Anthropic, OpenAI) process conversation data solely to generate responses. Per our agreements and their published policies, conversation data sent through their APIs is not used to train their models.

We do not sell personal data to any third party.

7. Data Retention

| Data Type | Retention Period | |-----------|-----------------| | Client account data | Until account deletion + 90 days | | Conversation logs | 12 months from creation | | Lead/contact data | Until Client deletes or account closure + 90 days | | Payment records and invoices | 7 years (Georgian tax law requirement) | | Server logs | 90 days | | Cookie data | See Section 8 |

After the retention period, data is permanently and irreversibly deleted.

8. Cookies

We use the following categories of cookies:

  • Strictly necessary (always active): Authentication session, language preference, CSRF protection. These cannot be disabled as the Platform will not function without them.
  • Analytics (optional): Usage statistics to improve the Platform. Enabled only with user consent via cookie banner.

We do not use advertising or tracking cookies.

9. Your Rights

Under Georgian data protection law, you have the right to:

  • Access: Request a copy of personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Data export: Receive your data in a machine-readable format
  • Withdraw consent: Where processing is based on consent, withdraw it at any time
  • Object: Object to processing based on legitimate interest

To exercise any of these rights, contact [email protected]. We will respond within 30 calendar days.

10. Data Security

We implement the following security measures:

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for database storage (Supabase, AES-256)
  • Row Level Security (RLS) ensuring tenant data isolation
  • Rate limiting and DDoS protection (Cloudflare WAF)
  • Firewall (UFW) with restricted port access
  • Intrusion detection (Fail2Ban)
  • Regular security audits and vulnerability monitoring
  • Access control with role-based permissions
  • No plaintext storage of passwords or API keys

11. Children

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors. If we discover that data has been collected from a minor, we will delete it promptly.

12. International Data Transfers

Platform data is stored and processed within the European Union (Hetzner, Germany; Supabase, EU-West). Conversation data is transmitted to LLM providers whose servers may be located outside the EU. Such transfers are governed by the providers' data processing agreements and standard contractual clauses.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated via email and published on the Platform at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

14. Complaints

If you believe your data protection rights have been violated, you may file a complaint with the State Inspector's Service of Georgia (Personal Data Protection Inspector) or contact us directly at [email protected].

15. Social Media Platform Integrations

When you connect your Instagram Business or Facebook Page to our platform:

Data we receive from Meta:

  • Page access token (encrypted, stored securely)
  • Instagram/Messenger conversation messages
  • User profile IDs of people who message your business
  • Page name and basic page information

How we use this data:

  • To generate AI responses to customer messages
  • To store conversation history in your dashboard
  • To capture leads from conversations

Data retention:

  • Conversation data: 12 months from creation
  • Access tokens: until you disconnect the integration
  • Profile IDs: deleted with conversation data

Your control:

  • Disconnect at any time: Settings → Integrations → Instagram/Messenger → Disconnect
  • Request full deletion: [email protected] (subject: "Delete my data")

We do NOT:

  • Sell data received from Meta platforms
  • Use conversation data for advertising
  • Contact users who haven't messaged your business first
  • Share Meta data with other tenants or third parties

16. Contact

AI ArchiTech Data Protection Inquiries: [email protected] General Support: [email protected] Address: 28 Kutaisi St, Tbilisi, Georgia