Privacy Policy

This Privacy Policy describes how Automis ("we", "our", or "the Company"), registered in Estonia (registration no. 17179196), with registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314, collects, uses, stores, and protects personal data in connection with our services.

Automis is an AI & Marketing Agency providing paid advertising management, AI-powered voice agents, workflow automation, social media automation, and consulting services. Depending on the service and context, Automis may act as:

• •Data Controller — for data collected directly from website visitors, prospective clients, and individuals who interact with our own platforms (e.g., booking a discovery call, downloading an audit report, contacting us).
• •Data Processor — for data processed on behalf of our Clients in the course of delivering automation services (e.g., responding to comments/DMs on the Client's Meta pages, handling calls on behalf of the Client, managing the Client's CRM data).

This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the applicable Meta Platform Terms and Developer Policies.

We process personal data under the following legal bases pursuant to Article 6 of the GDPR:

• •Consent (Art. 6.1.a): for marketing communications, demo calls, newsletters, and promotional materials. You may withdraw consent at any time.
• •Performance of a contract (Art. 6.1.b): for delivering services requested by our Clients and fulfilling contractual obligations.
• •Legitimate interest (Art. 6.1.f): for improving our services, ensuring system security, preventing abuse, and conducting analytics. When acting as a Data Processor, the legitimate interest belongs to the Client (Data Controller).
• •Legal obligation (Art. 6.1.c): for complying with tax, accounting, and regulatory requirements.

Some of our sub-processors (including Meta Platforms, Inc., Google LLC, and ElevenLabs) are based in the United States or other countries outside the European Economic Area (EEA). Transfers are conducted on the basis of adequate safeguards under Article 46 GDPR (Standard Contractual Clauses), adequacy decisions by the European Commission where applicable, or the explicit consent of the data subject.

We retain personal data for the following periods:

• • Contact and commercial data : for the duration of the contractual relationship and for 2 years thereafter as required by applicable tax and accounting legislation.
• • Data processed via Meta APIs: retained only as long as necessary to deliver the automation service. Upon termination of the Client contract, data will be deleted within 60 days, unless a longer retention is required by law.
• • Voice AI call recordings and transcripts: retained for 90 days after the call, then automatically deleted, unless the Client requests longer retention.
• • Lead and CRM data: for the duration of the Client engagement. Deleted within 90 days of contract termination.
• • Ad account data: performance reports are retained for the duration of the engagement plus 3 months. Raw platform data is accessed but not stored long-term by Automis.
• • Website analytics and logs: up to 12 months.
• • Marketing data (consent-based): until consent is withdrawn.

In accordance with the Meta Platform Terms, upon cessation of use of Meta APIs or upon Meta's request, we will delete all Platform Data without undue delay.

Under the GDPR, you have the right to:

• •Access: obtain confirmation of processing and a copy of your personal data.
• •Rectification: request correction of inaccurate or incomplete data.
• •Erasure: request deletion of your data ("right to be forgotten").
• •Restriction: request restriction of processing in certain circumstances.
• •Portability: receive your data in a structured, commonly used, machine-readable format.
• •Objection: object to processing based on legitimate interest.
• •Withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.

To exercise your rights, contact us at: support@automis.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority (Estonian Data Protection Inspectorate or the authority of your country of residence).

If you are a California resident, you have the right to: know what personal information we collect, request deletion of your data, and not be discriminated against for exercising these rights. We do not sell personal data as defined under the CCPA.

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction, or alteration, including:

• •TLS/SSL encryption for data in transit
• •Access restricted to authorized personnel only
• •Monitoring and access logging
• •Regular backups and disaster recovery procedures
• •Periodic security reviews
• •Compliance with the data security requirements set forth in Section 6 of the Meta Platform Terms

When delivering automation services on behalf of our Clients:

• • The Client is the Data Controller with respect to end-users who interact with the Client's pages, profiles, phone lines, or forms.
• • Automis acts as the Data Processor, processing data solely according to the Client's instructions and in compliance with the contract and the Data Processing Agreement (DPA) signed between the parties.

If you have questions about how a specific business processes your data through its Facebook/Instagram page, phone system, or website, please contact that business directly.

Our website uses technically necessary cookies and, with your consent, analytics and profiling cookies. You can manage your cookie preferences through your browser settings or our cookie banner.

Data of users on third-party platforms is also processed by those platforms according to their own policies:

• • Meta Privacy Policy
• • Meta Terms of Service
• • Instagram Terms of Use
• • Meta Platform Terms (Developers)
• • Meta Developer Policies
• • Google Privacy Policy
• • ElevenLabs Privacy Policy

Our services do not replace or modify the policies of these platforms applicable to their users.

When you interact with an AI voice agent operated by Automis on behalf of a Client:

• •The call may be handled by an artificial intelligence system, not a human operator.
• •The call may be recorded and/or transcribed for service delivery and quality purposes.
• •You may request to speak with a human operator at any time.
• •Call recordings are stored securely and retained for a limited period as described in Section 7. Retention periods are set by the Client and communicated in the Client's own Privacy Policy.
• Applicable laws regarding call recording consent vary by jurisdiction. Where required, the AI agent will inform the caller that the call is being recorded and will obtain verbal consent before proceeding.

We reserve the right to update this Privacy Policy at any time. Significant changes will be communicated through the website or via email. The date of the last update is indicated at the top of this document.

For any questions, requests, or complaints regarding this Privacy Policy:

Automis — AI & Marketing Agency

Email: support@automis.ai

Website: https://automis.ai

Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314

Registration number: 17179196