Legal

Privacy Policy

Effective Date: May 26, 2026

Sentio("Sentio," "we," "our," or "us") operates a WhatsApp-based business communication and automation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you or your customers interact with our services, including our WhatsApp messaging automation, AI-powered chatbot, and associated web interfaces.

By using Sentio, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the service.

1. Information We Collect

1.1 Information Provided by Business Customers

When a business signs up for and configures Sentio, we collect:

  • Business name, contact name, and email address
  • WhatsApp Business phone number(s)
  • Vagaro account credentials (via OAuth 2.0 — we do not store raw passwords)
  • Billing and payment information (processed by our payment provider)
  • Custom message templates and automation configuration settings

1.2 End-Customer Data (Appointment Holders)

Through our integration with Vagaro and the Meta WhatsApp Cloud API, we process data about the business's customers, including:

  • Name and WhatsApp-registered phone number
  • Appointment date, time, service type, and status
  • Inbound and outbound WhatsApp message content
  • Conversation history (retained for up to 90 days to enable contextual AI responses)
  • Opt-out status (STOP / UNSUBSCRIBE requests)
  • Message delivery metadata (sent, delivered, read timestamps from Meta)

1.3 Automatically Collected Data

When our services are accessed, we may automatically collect:

  • Server logs (IP addresses, request timestamps, response codes)
  • Webhook payloads from Meta and Vagaro
  • Performance and error telemetry for service reliability

2. How We Use Information

We use the collected information to:

  • Deliver appointment confirmation, reminder, cancellation, and review-request messages via WhatsApp on behalf of the business customer
  • Operate the AI chatbot to respond to inbound customer questions about pricing, availability, and bookings
  • Execute re-engagement and win-back campaigns as configured by the business
  • Authenticate and maintain the Vagaro OAuth connection to retrieve appointment and customer data
  • Detect and honor STOP / UNSUBSCRIBE opt-out requests in compliance with CTIA guidelines
  • Prevent duplicate or fraudulent message delivery using idempotency mechanisms
  • Provide business customers with message analytics and performance data
  • Improve, debug, and maintain the reliability of our platform
  • Comply with applicable legal obligations

We do not sell end-customer personal data to third parties. We do not use end-customer data for advertising or marketing unrelated to the business that collected it.

3. WhatsApp and Meta Platform Data

Sentio integrates with the Meta WhatsApp Business Cloud API. By using Sentio, business customers and their end-users acknowledge that:

  • All WhatsApp messages are transmitted through Meta's infrastructure and are subject to WhatsApp's Privacy Policy and WhatsApp Business Policy
  • Sentio processes WhatsApp message data solely to provide the automation services described in this policy and does not use it for any purpose prohibited by Meta's platform policies
  • Message content accessed through the WhatsApp Business API is used only to deliver requested services and is not shared with third parties except as necessary to operate the service (e.g., sending to OpenAI for AI response generation — see Section 4)
  • End-customers may opt out of automated messages at any time by replying STOP to any message. Sentio processes opt-outs immediately and suppresses all future messages to that number

4. Third-Party Services and Data Sharing

Sentio relies on the following third-party services to deliver its functionality. Each provider's data handling is governed by their own privacy policies:

ServicePurpose
Meta (WhatsApp)Sending and receiving WhatsApp messages via the Cloud API
VagaroRetrieving appointment, customer, and availability data
OpenAIGenerating AI chatbot responses to inbound customer messages
SupabaseSecure, multi-tenant database storage for all platform data

When customer message content is sent to OpenAI for AI response generation, it is processed solely to generate a reply and is subject to OpenAI's Privacy Policy. We do not instruct OpenAI to train models on customer data.

We may also disclose information if required by law, court order, or government authority, or to protect the rights, safety, or property of Sentio, its customers, or the public.

5. Data Retention

  • Conversation history: Retained for up to 90 days to enable contextual AI responses, then automatically deleted
  • Message logs and analytics: Retained for up to 12 months to allow business customers to review performance
  • Idempotency records: Purged on a rolling basis (typically within 48 hours)
  • Opt-out records: Retained indefinitely to prevent re-messaging opted-out numbers
  • Business account data: Retained for the duration of the account and for up to 90 days after account deletion, then permanently removed

6. Data Security

We implement industry-standard security measures including:

  • HMAC-SHA256 signature verification on all incoming webhooks from Meta and Vagaro
  • Encryption in transit (TLS 1.2+) for all data exchanges
  • Encryption at rest for database storage via Supabase's infrastructure
  • Per-tenant data isolation — no business customer can access another's data
  • OAuth 2.0 for third-party authentication (no raw credentials stored)
  • Access controls limiting staff access to production data

No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights, we will notify affected parties as required by applicable law.

7. Your Rights and Choices

End-Customers (Appointment Holders)

  • Opt out of messages: Reply STOP or UNSUBSCRIBE to any message at any time. We will immediately cease sending automated messages to your number.
  • Request deletion: Contact the business that sent you messages. As the data controller, they can request deletion of your data from Sentio on your behalf.
  • Access your data: Contact us at contact@performicy.com and we will assist you in coordination with the relevant business customer.

Business Customers

  • Account data: You may update or delete your account information at any time through the platform settings or by contacting us.
  • Data export: Request a copy of your data by emailing contact@performicy.com.
  • Account deletion: Request full account and data deletion by contacting us. Deletion will be completed within 30 days, subject to legal retention obligations.

8. Children's Privacy

Sentio is not directed to individuals under the age of 13 (or 16 in applicable jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

9. International Data Transfers

Sentio operates globally and your data may be processed in countries other than your country of residence, including the United States and Canada. By using our services, you consent to the transfer and processing of your information in these countries, which may have different data protection laws than your jurisdiction. We take appropriate safeguards to ensure your data is protected in accordance with this policy wherever it is processed.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify business customers of material changes via email or through the platform. The updated policy will be posted on this page with a revised effective date. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us at: