Last Updated: 2025-08-07
This Privacy Policy describes how we collect, use, and disclose information when you use our SaaS platform.
1. Introduction
Wisdomate ("We", "The Provider") provides a SaaS platform based on three integrated modules:
- Business Intelligence (BI): Collection and analysis of data from e-commerce, advertising, and analytics platforms.
- Conversational Marketing: Management of marketing campaigns on WhatsApp, Messenger, and Instagram.
- Customer Care: Customer support through AI Agents for pre and post-sales requests.
This policy explains how we process the data of end users ("Customers") of our clients ("SaaS Clients").
2. Roles in Data Processing
- SaaS Clients (users of the platform): Act as Data Controllers for their Customers' data.
- We (SaaS Provider): Act as Data Processors under the GDPR (Art. 28).
3. Data Collection and Purposes by Module
Business Intelligence Module
| Data Source |
Data Types |
Purpose |
| Shopify, Magento |
Orders, products, customer data |
Sales analysis, KPI dashboards |
| GLS, Bartolini, Poste Italiane |
Shipping Performance |
Delivery performance |
| Google Ads, Bing Ads, Meta Ads |
Campaign performance, clicks, costs |
Advertising optimization |
| Google Analytics |
User behavior, traffic |
Strategic reporting |
| 7Pixel, Awin |
Prices, affiliate performance |
Competitive benchmarking |
Conversational Marketing Module
| Platform |
Data Types |
Purpose |
| WhatsApp, Messenger, Instagram |
User ID, messages, interactions |
Targeted campaigns, conversation management |
Care Customer Care Module (AI)
| Data Types |
Purpose |
| Pre/post-sales requests |
Automated responses, issue resolution |
| Interaction history |
AI Agent training, service improvement |
4. Legal Basis for Processing
- Consent: Obtained by SaaS Clients on behalf of their Customers.
- Legitimate Interest: Data analysis to optimize services (BI module).
- Contractual Performance: Delivery of SaaS services.
5. Data Sharing with Third Parties
- Subprocessors: We use third-party services for:
- Cloud hosting (e.g., AWS, Google Cloud)
- Analytics tools (e.g., BigQuery)
- Messaging platforms (official APIs of Meta, WhatsApp, etc.)
- Legal obligations: Disclosure when required by applicable laws.
All subprocessors comply with GDPR/CCPA and are covered by specific agreements (DPA).
6. Data Security
- Technical measures:
- End-to-end encryption (data in transit and at rest)
- Two-factor authentication (2FA)
- Regular audits and penetration testing
- Organizational measures:
- Data access limited to authorized personnel
- Mandatory privacy training
7. Data Retention
- SaaS Client Data: Retained for the duration of the active account, then deleted within 30 days.
- End User Data: Deleted upon request from the SaaS Client or after 24 months of inactivity.
8. End User Rights (GDPR/CCPA)
End users have the right to:
- Access, rectify, or delete their personal data.
- Object to processing for marketing purposes.
- Request data portability.
Requests should be directed to the SaaS Client (Data Controller), who will manage them through our platform.
9. International Transfers
Data may be transferred outside the European Economic Area (EEA) only to:
- Countries with adequacy decisions recognized by the EU.
- Entities covered by Standard Contractual Clauses (SCCs).
10. Changes to this Policy
We will notify substantial changes via email or through the SaaS dashboard 30 days before they take effect.