We wrote this to be read. Plain language. No buried exceptions. If something isn't clear, email us and we'll fix it.
This policy covers how helloMachine collects, uses, and protects data from two groups: operators (businesses who hire Machine) and end customers (people who talk to Machine on an operator's site, by email, or by text).
What we do with conversation data depends on which tier the operator has chosen. This is disclosed to operators at signup and displayed on our pricing page.
| Tier | You see | We learn from | Data retained |
|---|---|---|---|
| Avatar | Outcomes only — bookings, questions answered, carts recovered | Anonymized conversations, aggregated across operators | Anonymized conversation data. No PII unless customer self-identifies. |
| Avatar Pro | Full conversation history, customer timeline, signals | Nothing — your data is not used for training | Full conversation logs, retained for operator access |
| Avatar Enterprise | Full conversation history, actions, outcomes | Nothing — your data is not used for training | Per your data retention agreement. We do not retain by default. |
End customers are people who interact with Machine on behalf of an operator's business. They may be anonymous or identified.
Anonymous customers — customers who do not share personally identifiable information during a conversation — are treated as anonymous. Their conversations may be used in aggregate, anonymized form to improve Machine on Avatar tier deployments.
Identified customers — customers who voluntarily share their name, email, phone number, or other identifying information — have that information stored and associated with their conversation history. On Avatar tier, identified customer data is visible to the operator in their dashboard. On Avatar Pro and Enterprise, the full conversation record is available to the operator.
End customers may request deletion of their data by contacting the operator they interacted with, or by emailing us directly at privacy@hellomachine.io.
Operators provide us with their website URL, email address, and business information to configure Machine. This information is used solely to operate the service. We do not share operator business information with other operators or third parties.
Operator account data — including billing information — is processed by Stripe. We do not store payment card details.
Machine uses a session identifier to maintain conversation continuity within a single browsing session. This identifier is stored in the browser's local storage and is not used for cross-site tracking. We do not use advertising cookies or third-party tracking pixels.
Data is encrypted in transit using TLS. Stored data is encrypted at rest. We maintain access controls limiting who on our team can access conversation data. We do not use conversation data for any purpose beyond what is described in this policy.
In the event of a data breach that affects personal information, we will notify affected operators within 72 hours of becoming aware of the breach.
Avatar tier: anonymized conversation data is retained indefinitely to improve the service. Identified customer records are retained until deletion is requested.
Avatar Pro: conversation data is retained for as long as the operator's account is active, plus 90 days following account closure.
Avatar Enterprise: retention is governed by the operator's data agreement. Default is no retention beyond active session.
Depending on your location, you may have rights under applicable privacy law — including GDPR, CCPA, or other regional frameworks — to access, correct, or delete personal data we hold about you, or to object to or restrict certain processing.
To exercise any of these rights, contact us at privacy@hellomachine.io. We will respond within 30 days.
Machine is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have done so, we will delete it promptly.
We may update this policy as the product evolves. Material changes will be communicated to operators by email at least 14 days before taking effect. The effective date at the top of this page reflects the most recent version.
We're a small team and we read our email.
WakaiCorp, Inc. · San Francisco, CA