Privacy & Cookie Policy

Last updated: 1 October 2024

This Privacy & Cookie Policy explains how ApeelingAI B.V. ("ApeelingAI", "we", "us"), including our Mobibot brand, collects, uses and safeguards personal data when you visit our websites, interact with our applications, request a demo, deploy our chatbots or otherwise engage with us. We comply with the EU General Data Protection Regulation (GDPR), the ePrivacy rules and applicable UK requirements.

1. Data controller

ApeelingAI B.V. (Chamber of Commerce 92422543) is the controller for the processing of personal data described in this notice.

  • Registered address: Blijmarkt 12 C, 8011NE Zwolle, The Netherlands
  • Email: [email protected]
  • Phone: available upon request via the above email
  • Data protection queries: [email protected]

2. Scope of this policy

This policy applies to the public and authenticated areas of apeelingai.com, mobibot.nl, our chatbot products, newsletters, webinars, advertising campaigns and offline interactions with our sales, success or support teams. If you use ApeelingAI services under a separate agreement (e.g. a DPA or reseller contract), those terms complement this policy.

3. Personal data we process

Depending on how you engage with us, we may collect:

  • Identity and contact details such as name, job title, company, email address, phone number and postal address.
  • Account credentials and configuration settings for the ApeelingAI platform or Mobibot deployments.
  • Commercial information including purchase history, contract references, billing details and VAT numbers.
  • Communications and support records (emails, chat transcripts, meeting notes, call recordings where permitted by law).
  • Technical and usage data such as IP address, device identifiers, browser type, time zone, referring URLs, pages viewed, in-product telemetry, error logs and chatbot interactions.
  • Marketing preferences, consent choices and information about how you engage with our campaigns or events.

We do not intentionally collect special category data. Please refrain from sharing sensitive information unless we explicitly request it and provide an appropriate legal basis.

4. Why we use your data and legal bases

We only process personal data when a lawful basis applies. The table below summarises our main purposes.

PurposeExamples of dataLegal basis
Provide and improve our servicesAccount data, configuration settings, chatbot transcriptsPerformance of a contract or legitimate interest to operate our business
Respond to enquiries and deliver supportContact details, communications historyContractual necessity or legitimate interest in assisting prospects and customers
Process billing and fulfil administrative obligationsBilling contacts, transaction data, VAT numbersLegal obligation (tax/accounting) or contract performance
Operate, secure and troubleshoot our websites and appsLog files, device identifiers, security eventsLegitimate interest in ensuring service integrity and preventing abuse
Run analytics and product researchUsage metrics, aggregated chatbot interactions, analytics cookiesConsent for non-essential cookies or legitimate interest when using de-identified data
Deliver marketing communications and personalise campaignsContact details, marketing preferences, campaign engagementConsent or legitimate interest in promoting our services to business contacts, subject to opt-out rights
Comply with legal obligations and enforce agreementsIdentity data, contract details, correspondenceLegal obligation or legitimate interest in protecting our rights

5. Cookies and consent management

We use cookies and similar technologies to run the site, measure performance and deliver personalised advertising. Strictly necessary cookies are always active. Analytics and marketing cookies are only activated when you provide consent via our cookie banner, which is integrated with Google Consent Mode v2. You can revisit your choices at any time using the “Cookie settings” button displayed in the bottom-left corner of the site.

The cookie banner details the purposes, technologies and retention periods for each category. We honour your consent signals across both apeelingai.com and mobibot.nl properties.

6. Data retention

We keep personal data only for as long as necessary:

  • Account and contractual records: duration of the agreement plus up to seven years to meet legal requirements.
  • Lead and marketing information: up to 24 months after the last meaningful interaction, or until you withdraw consent.
  • Support tickets and communications: up to 24 months after closure unless needed for legal claims.
  • Analytics and telemetry: 26 months or shorter when consent is withdrawn or data is aggregated sooner.

7. Sharing your data

We may share personal data with trusted processors that help us run our business, including hosting providers (e.g. Vercel), cloud infrastructure, CRM and ticketing tools, payment processors, analytics and marketing platforms (Google, Meta and similar when enabled), and professional advisors. We ensure these parties provide adequate safeguards and sign data processing agreements. We only disclose data to authorities when required by law or to defend our legal rights.

8. International transfers

Some partners are located outside the European Economic Area or the United Kingdom. When we transfer personal data abroad we rely on adequacy decisions, EU/UK Standard Contractual Clauses, or other legally recognised safeguards. Copies of these safeguards are available on request via [email protected].

9. Your rights

You have the right to:

  • Request access to and receive a copy of your personal data.
  • Rectify inaccurate or incomplete information.
  • Erase data in certain circumstances (“right to be forgotten”).
  • Restrict or object to processing, including direct marketing.
  • Withdraw consent at any time without affecting prior processing.
  • Receive your data in a portable format.
  • Lodge a complaint with your supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens; UK residents may contact the ICO.

Submit your request via [email protected] or by mail to our registered address. We will respond within one month, extendable when legally permitted for complex cases.

10. Security

We implement organisational and technical measures to protect data, including access controls, encryption in transit, monitoring, regular backups and vendor due diligence. However, no system is entirely secure; please notify us immediately if you suspect unauthorised use of your account or data.

11. Automated decision-making

ApeelingAI does not rely on solely automated decisions that produce legal or similarly significant effects on individuals. Our chatbots assist your teams but final commercial decisions remain human-led.

12. Children

Our services target business customers. We do not knowingly collect data from children under 16. If you believe a child has provided us information, please contact us and we will delete it promptly.

13. Changes to this notice

We may update this policy to reflect legal, technical or business developments. Material changes will be announced on our websites and, when appropriate, communicated directly to affected users. The “Last updated” date indicates the most recent revision.

14. Contact

For questions about this policy, privacy practices or to exercise your rights, contact us at [email protected]. You may also write to ApeelingAI B.V., Blijmarkt 12 C, 8011NE Zwolle, The Netherlands.