CommunityXaiCommunityXai

Privacy Policy

Last updated: April 21, 2026

CommunityXai ("we", "our", "the Service") is a SaaS platform operated by Hashatgroup S.A.S., a company incorporated in Ecuador, doing business as CommunityManagerXai(also referred to as "CommunityXai"). The Service helps businesses automatically respond to direct messages and comments on Instagram, Facebook, WhatsApp and other supported channels using AI agents configured by the business owner. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Data we collect

When a business connects its Meta Page/Instagram account to CommunityXai, we collect:

  • Account metadata: Page ID, Instagram Business Account ID, page name, username, profile picture.
  • Access tokens: long-lived Meta OAuth tokens required to receive webhooks and send replies. Stored encrypted at rest.
  • Incoming messages and comments: text content, sender identifier, timestamps, message IDs, and attachments metadata.
  • Contact profile: public display name and profile picture of the user who messaged the business, obtained via the Meta Graph API User Profile endpoint.
  • Agent outputs: AI-generated replies sent on behalf of the business.
  • Business-uploaded knowledge: files the business owner uploads to train their AI agent (e.g. product manuals, FAQs). Stored as embeddings in our vector database.

2. How we use the data

  • To deliver incoming messages to the business inbox.
  • To generate AI replies using large language models (OpenAI / Anthropic / Google).
  • To route conversations that require human attention (escalations).
  • To display analytics (message volume, response times, tag distribution) to the business owner.
  • To bill the business for their subscription and API usage.

We do not sell personal data, and we do not use personal data for advertising. We do not share message content with third parties beyond the AI providers strictly required to produce a reply.

3. Sub-processors

  • Supabase — database, authentication, file storage (EU/US).
  • Vercel — application hosting and edge delivery.
  • OpenAI, Anthropic, Google AI — LLM inference (the business may configure which provider to use).
  • Meta Platforms — source of incoming messages via official Graph API.

4. Data retention

We retain conversation data for as long as the business maintains an active subscription plus 90 days for backup purposes. Business knowledge-base files are retained until deleted by the business. Access tokens are deleted within 24 hours after an integration is removed.

5. Your rights

End users of the connected businesses have the right to access, correct, or delete their data. To exercise these rights, use our Data Deletion page or email legal@communitymanagerxai.com. Requests are processed within 30 days.

6. Meta Platform Terms

CommunityXai's use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies. We do not transfer Meta data to any ad network, data broker, or other advertising or monetization related service.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access tokens are stored in columns protected by row-level security. Only authorized personnel with a legitimate business need can access production data.

8. Contact

Hashatgroup S.A.S. (d/b/a CommunityManagerXai) — Calle Cisnes y Pingüinos, Conjunto Valle Hermoso, casa 3, Ecuador.
Email: legal@communitymanagerxai.com