Privacy Policy

Last updated: June 3, 2026

This Privacy Policy explains how Salesio, a product of Tsubaki Systems LLC (“Salesio,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information when you visit salesio.app, create a Salesio account, or use any part of the Service — including our website builder and hosting, AI chatbot, lead-capture and contact forms, online store, appointment booking, the embeddable chat/contact widget, first-party analytics, email and SMS/WhatsApp notifications, voice insights, translation, our referral and affiliate programs, and the Social Engine (which connects your Instagram, Facebook, and TikTok accounts to publish content and manage public comments). It also covers Visitors who interact with a page or widget operated by one of our Customers.

Please read this policy together with our Terms & Conditions and our Data Deletion instructions. If you do not agree with this policy, please do not use the Service.

1. Who we are and our role

Salesio is a software platform that provides websites, AI chatbots, lead capture, online stores, appointment booking, analytics, and social-media tools to small businesses (“Customers”). Depending on the data:

• As a controller: for information about Salesio account holders and general visitors to salesio.app, we decide how and why the data is processed.
• As a processor:for information that end users (“Visitors”) submit on a Customer's booking, contact, or store page, and for social-media content and metrics we handle on a Customer's behalf, we process that data on behalf of, and under the instructions of, that Customer.

2. Information we collect

Information you provide — Salesio account holders

• Account identifiers: name, email, hashed password, optional phone number.
• Business profile: business name, logo, contact details, addresses, hours, services, brand voice, and other content you enter to generate your site, chatbot, and social posts.
• Billing details processed by Stripe; we never see or store full card numbers.
• For affiliates/partners: payout details and the Stripe Connect account you link to receive payments.
• Support communications you send to us.

Information you provide — Visitors who book, contact, or buy through a Salesio page or widget

• Name, email, and (optional) phone number you enter at booking, in a form, or in a chat.
• The appointment, product, order, or enquiry details you choose.
• Explicit SMS consent when you check the SMS opt-in checkbox at booking; we record your consent timestamp and the consent language verbatim.
• Messages you exchange with a Customer's chatbot, widget, or contact form.

Information from connected social media accounts (Social Engine)

When a Customer connects an Instagram, Facebook, or TikTok account to Salesio (via that platform's official OAuth, which never shares your password with us), we access and store, with your authorization:

• Basic account info: account/page name, ID, profile picture, and the linked Instagram Business/Creator account.
• Access tokens issued by the platform (stored encrypted) so we can act on your behalf within the permissions you grant.
• Content we publish for you and its public engagement: posts, reach, impressions, clicks, likes, and public comments and mentions on your own content. We do not access private direct messages (DMs).
• Aggregate metrics/insights for your own account, used to report results and attribution.

Information collected automatically

• Log data: IP address, browser type, user-agent, referring pages, timestamps.
• First-party analytics: pages viewed, features used, sessions, events, campaign/UTM parameters (including clicks from social posts), and approximate location derived from IP. We use this to power the analytics dashboards and to attribute Visitor actions (e.g., a booking) back to the source.
• Cookies and similar technologies (see Section 7).

We do not collect special categories of data (such as health, biometric, or precise geolocation data) and we ask that you not submit them through the Service.

3. How we use information

• To provide, operate, host, and maintain the Service and your sites.
• To generate content with AI (site copy, chatbot replies, social posts, translations, voice summaries) from the business information you provide.
• To publish content to your connected social accounts and to read and respond to public comments and mentions on your behalf.
• To deliver booking confirmations and reminders by email and, when consented, by SMS or WhatsApp.
• To process payments, deposits, refunds, and affiliate payouts via Stripe.
• To measure performance and attribute results — e.g., that a social post or campaign led to a Visitor booking or purchase.
• To authenticate users, secure accounts, and prevent fraud, abuse, and security incidents.
• To provide support and respond to your requests.
• To comply with legal obligations and enforce our Terms.

We do not use your information, and specifically do not use SMS opt-in data or phone numbers collected for SMS, for third-party marketing. We do not use data from your connected social accounts for any purpose other than providing the Social Engine features to you, and we never sell it.

4. Legal bases for processing (EEA/UK users)

Where the EU/UK GDPR applies, we process personal data on these legal bases: performance of a contract (to deliver the Service you requested); consent (for SMS messaging, connecting social accounts, and certain cookies — you may withdraw it at any time); legitimate interests (to secure, analyze, and improve the Service); and legal obligation (to comply with applicable law).

5. AI processing

Salesio uses third-party AI providers (currently OpenAI) to generate and translate content and to power the chatbot and content suggestions. The business information, page content, chat messages, and public comments needed for a given feature are sent to the AI provider via its API solely to return a result to you. Under the provider's API terms, this data is not used to train their models. We do not send full payment card numbers or special categories of data to AI providers.

6. SMS messaging

The Salesio Calendar SMS program delivers strictly transactional messages tied to an appointment you booked. When you opt in, we send up to four SMS per booking: one confirmation, one reminder 24 hours before, one reminder 1 hour before, and one notification if the appointment is cancelled or rescheduled. Message frequency varies based on your bookings. Message and data rates may apply.

You opt in only by checking the explicit SMS consent checkbox on a Salesio Calendar booking form when you provide a phone number. We never send marketing or promotional SMS. Reply STOP to any message to unsubscribe immediately and permanently; reply HELP for help. Carriers are not liable for delayed or undelivered messages. See our Terms & Conditions for the full SMS program disclosure.

7. Cookies and tracking technologies

We use strictly necessary cookies to keep you signed in and to secure the Service, and a limited set of first-party analytics to understand aggregate usage and attribute Visitor actions to their source (including campaign/UTM tags on links you share). We do not use third-party advertising cookies and we do not sell cookie data. You can control cookies through your browser settings; disabling strictly necessary cookies may prevent parts of the Service from working.

8. How we share information

We do not sell, rent, or share your personal information with third parties for their marketing or promotional purposes. We disclose information only as follows:

• Service providers / data processors acting on our behalf: Resend (email), Twilio (SMS/WhatsApp), Stripe (payments and affiliate payouts), Meta/Facebook and TikTok (only to operate the social features you connect — publishing and reading public engagement on your own accounts), OpenAI (AI content generation), Render and Vercel (hosting), our cPanel/WHM hosting provider (serving your published sites), and Neon (database). Each is contractually bound to use the data only to provide the service to us.
• The Salesio Customer whose booking, store, contact page, or widget you used, with respect to your booking and contact information.
• Legal and safety: to authorities or other parties when required by law, to enforce our Terms, or to protect the rights, safety, and security of users and the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

9. Connected social media accounts (Meta & TikTok)

If you connect an Instagram, Facebook, or TikTok account, your use of those connected features is also subject to that platform's own terms and policies. We access your platform data only to provide the Social Engine features you ask for: publishing the content you approve, and reading and responding to publiccomments and mentions on your own content. We do notaccess your private direct messages, and we do not monitor accounts you do not own.

Access tokens are stored encrypted. You can disconnect at any time from within Salesio (Social → Conexiones) or by removing the Salesio app in your Facebook/Instagram or TikTok settings — this revokes our access. To delete the data we hold from a connected account, follow our Data Deletion instructions.

10. Payments

Payments for subscriptions, store orders, and booking deposits, and payouts to affiliates, are processed by Stripeunder its own terms and privacy policy. Salesio never sees or stores full card numbers. For Customers who sell through the store, funds settle to the Customer's own connected Stripe account.

11. International data transfers

Salesio is operated from the United States and our service providers may process data in the United States and other countries. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

12. Data retention

We retain booking and account data while your account is active and for up to 24 months after closure for legal and audit reasons. SMS consent logs are kept for at least 4 years to satisfy U.S. TCPA requirements. Connected-account tokens are kept until you disconnect or close your account, then deleted within 30 days. Aggregated or de-identified data that can no longer be linked to you may be retained longer. You may request earlier deletion at any time (see Sections 13 and 14).

13. Your privacy rights

Subject to applicable law, you may request to access, correct, update, delete, or port your personal information, and object to or restrict certain processing. To exercise any right, email privacy@salesio.app. We will respond within the timeframe required by law. You may withdraw SMS consent at any time by replying STOP, and disconnect social accounts at any time. If we process data on behalf of a Customer as a processor, we will refer your request to that Customer.

California residents (CCPA/CPRA)

In the past 12 months we have collected the categories of personal information described in Section 2 (identifiers, commercial information, internet activity, and approximate geolocation from IP). California residents have the right to know, delete, correct, and limit the use of their personal information, and the right not to be discriminated against for exercising these rights. We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA, and we do not sell or share the personal information of minors.

EEA and UK residents (GDPR)

You have the rights described above and the right to lodge a complaint with your local data protection authority. Our legal bases for processing are described in Section 4.

14. Data deletion

You can request deletion of your personal data, including data we hold from any connected social media account, at any time. See our dedicated Data Deletion instructions, or email privacy@salesio.app. Removing the Salesio app from your Facebook/Instagram or TikTok settings also triggers deletion of the data tied to that connection.

15. Data security

We use TLS encryption for all traffic in transit, encryption at rest for database backups and stored access tokens, hashed passwords, and least-privilege access controls. No method of transmission or storage is 100% secure; we work to protect your data and will notify affected users and regulators of any material breach as required by law.

16. Children's privacy

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact privacy@salesio.app and we will delete it.

17. Third-party links

The Service may link to third-party websites and services that we do not control. This policy does not apply to them; please review their privacy policies.

18. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with a new “Last updated” date. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

19. Contact us

Salesio is operated by Tsubaki Systems LLC (United States).
Privacy questions and requests: privacy@salesio.app
General support: support@salesio.app