Privacy Policy

1. Who We Are

Republicode (“we,” “us,” or “our”) operates the Agent Nimo platform, an AI-powered customer service chatbot platform that enables businesses to deploy intelligent, knowledge-base-driven chat experiences across multiple messaging channels including WhatsApp, web chat, and email.

For the purposes of this Privacy Policy, “Platform” refers to the Agent Nimo web application, APIs, and associated services. “Client” refers to a business that subscribes to and configures the Platform. “End User” refers to individuals who interact with a Client’s chatbot powered by the Platform.

2. Scope of This Policy

This Privacy Policy explains how Republicode collects, uses, stores, and shares information in connection with:

• The Agent Nimo Platform accessed by Clients (business subscribers)
• End User conversations processed through a Client’s chatbot
• WhatsApp Business messaging facilitated through the Twilio and Meta platforms
• Our website and marketing communications

When Agent Nimo processes End User data on behalf of a Client, Agent Nimo acts as a data processor and the Client acts as the data controller. Clients are responsible for ensuring their own compliance with applicable privacy laws, including notifying their End Users about how their data is used.

3. Data We Collect

3.1 Client Account Data

When a business registers for Agent Nimo, we collect:

• Business name, contact name, and email address
• Authentication credentials (via Google OAuth — we do not store passwords)
• Billing information (processed by our payment provider; we do not store full card numbers)
• Configuration settings, bot instructions, and knowledge base documents uploaded by the Client

3.2 End User Conversation Data

When an End User interacts with a chatbot powered by Agent Nimo, the Platform may process:

• Message content (text sent to and from the chatbot)
• Phone numbers or messaging identifiers (e.g., WhatsApp number) used to initiate contact
• Timestamps and conversation session identifiers
• Information voluntarily provided during the conversation (e.g., name, appointment details)
• Escalation events and agent interaction records

3.3 Usage and Technical Data

We automatically collect technical data when the Platform is used:

• IP addresses, browser type, and device information
• Pages visited within the Agent Nimo dashboard and feature usage patterns
• API request logs and error reports
• Conversation metrics (response times, escalation rates, resolution outcomes)

3.4 WhatsApp-Specific Data

When a Client enables WhatsApp integration through the Platform:

• The Client’s WhatsApp Business Account (WABA) identifiers and phone number registration details are stored to facilitate the integration
• Message content exchanged via WhatsApp is processed through Twilio’s messaging infrastructure and subject to Twilio’s and Meta’s terms and privacy policies
• WhatsApp requires End Users to have explicitly opted in to receive messages via WhatsApp before the Platform may send outbound messages

4. How We Use Data

We do not use End User conversation data to train AI models. We do not sell personal data to third parties.

5. Third-Party Services

Agent Nimo relies on the following sub-processors and service providers to deliver the Platform. Each is bound by contractual data protection obligations.

Each provider’s privacy practices are governed by their respective privacy policies. We encourage you to review them. By using the Platform, you acknowledge that data may be processed by these providers.

6. Data Sharing

We share data only in the following circumstances:

• With sub-processors: As described in Section 5, to operate the Platform.
• With the Client: End User conversation data is accessible to the Client whose chatbot conducted the conversation, including assigned agents and administrators.
• Legal requirements: If required by law, court order, or regulatory request, we may disclose data to competent authorities.
• Business transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred to the successor entity, subject to the same privacy protections.
• With your consent: In any other circumstance where you have provided explicit consent.

We do not share, sell, rent, or trade personal data with advertisers or unaffiliated third parties for their own marketing purposes.

7. Data Retention

We retain data for as long as necessary to provide the Platform and fulfil the purposes described in this Policy:

• Active Client accounts: Account data is retained for the duration of the subscription.
• Conversation data: Retained for the period configured by the Client, or a default of 24 months from the date of the conversation, whichever is shorter.
• Deleted accounts: Upon account termination, personal data is deleted or anonymised within 90 days, unless retention is required by law.
• Audit logs: Security and access logs are retained for up to 12 months.

Clients may request earlier deletion of their data by contacting us at the address in Section 12.

8. Security

We implement industry-standard technical and organisational measures to protect data against unauthorised access, disclosure, alteration, or destruction, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Role-based access controls limiting data access to authorised personnel
• Database hosted on Microsoft Azure with enterprise-grade security controls
• Regular security reviews and dependency monitoring
• Credential secrets stored separately from application code

No system is completely secure. If you believe your data has been compromised, please contact us immediately at the address in Section 12.

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

End Users who wish to exercise these rights should contact the Client whose chatbot they interacted with, as the Client is the data controller for those conversations. Agent Nimo will cooperate with Client requests to fulfil End User rights.

Clients and website visitors may exercise rights directly by contacting us at the address in Section 12. We will respond within 30 days.

10. Children's Privacy

The Agent Nimo Platform is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Clients are responsible for ensuring their chatbots comply with applicable laws regarding the collection of data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify active Clients by email at least 14 days before the change takes effect

Your continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

We aim to respond to all privacy-related inquiries within 30 days of receipt.