sidekyk

Draft — under legal review · last updated May 29, 2026

Privacy Policy

Effective date:

This Privacy Policy describes how SideKyk ("we," "us," or "our") collects, uses, shares, and protects information when you use our service — the AI assistant accessible through WhatsApp and the related website and tools (the "Service"). We wrote it in plain English first; the legal phrasing is there where the law requires it. If anything here is unclear, write to us at privacy@sidekyk.ai.

1. Who we are

SideKyk is operated by the SideKyk team. For the purposes of data protection law, we act as a data controller for information about you as an account holder (your name, contact details, billing data, account preferences), and as a data processor for the content you and your customers exchange through your Sidekyks — we handle that content on your instructions to run the Service for you.

2. What we collect

We collect only what we need to run the Service and meet our legal obligations.

  • Account information. Your name, business name, WhatsApp number, email address, password (hashed), team members you invite, time zone, and the verticals you operate in.
  • Conversation content. The WhatsApp messages, images, voice notes, documents, and media you and your customers exchange with your Sidekyks — including transcripts of voice notes and outputs your team generates back to you.
  • Workspace data. Files, contacts, customer records, and any structured data your Sidekyks read or write on your behalf in your private workspace.
  • Usage and diagnostic data. Telemetry about how the Service runs for you — feature use, error reports, model latency, credit consumption, and similar operational signals.
  • Billing data. Payment method, transaction history, and tax information — handled by our payment processor; we receive only what we need to issue invoices.
  • Support correspondence. Anything you send us through support channels (email, chat, or the in-product help).

3. How we use it

We use the data above for the following purposes, and no others:

  • Running your Sidekyks. Routing messages, calling AI models, executing automations, and storing the state your agents need to do their job.
  • Billing. Charging for subscriptions and credit top-ups, calculating usage, sending invoices.
  • Support. Responding to your requests, debugging issues, and proactively reaching out about service incidents.
  • Improving the product. Measuring aggregate performance, fixing bugs, and shaping the roadmap — using telemetry that does not require reading your customer conversations.
  • Security and abuse prevention. Detecting fraud, blocking spam, and protecting the Service and other customers.
  • Legal obligations. Complying with tax, audit, anti-money-laundering, and law-enforcement requirements that apply to us.

4. We do not train shared models on your data

This is a hard commitment. We do not use your customer messages, workspace content, or any other Service data to train shared, multi-tenant, or foundation AI models. Your data is used to operate your Sidekyks — not to make somebody else's smarter.

When we route prompts to third-party model providers to generate your responses, we do so under contracts that prohibit those providers from using your prompts and outputs to train their general-purpose models. If we ever offer an opt-in capability that fine-tunes a model on your own data for your own workspace, we will ask for your clear consent first and document exactly how it works.

5. Third parties and sub-processors

We use a small set of vetted sub-processors to deliver the Service. We pick them for their security posture and we contract for the same data-handling commitments we make to you.

  • Meta (WhatsApp Business Platform). Delivers the messages you and your customers exchange through WhatsApp. Meta's own privacy policy applies to that channel.
  • AI model providers. We route inference requests to providers such as Anthropic, OpenAI, and similar vendors, under contracts that prohibit training on your data.
  • Cloud infrastructure. Hosting, storage, and networking from a major cloud provider (currently Microsoft Azure) on a per-region basis.
  • Payment processor. A regulated payments provider handles your card details so we never store them.
  • Operational tooling. Error tracking, customer support, transactional email, and similar tools — each with a documented data-processing agreement.

A current list of sub-processors is available on request from privacy@sidekyk.ai. We give notice before adding a new sub-processor with material access to customer data.

6. Data retention

We retain account and workspace data for as long as your account is active. When you delete a specific message or conversation, we remove it from active systems within 30 days; backup copies cycle out within 90 days of that.

When you close your account, we delete your workspace within 30 days, except where we need to keep certain records longer to meet a legal, billing, audit, or fraud-prevention obligation. The Data Deletion page lists exactly what gets removed, what gets retained, and for how long.

7. Where your data is stored

Customer workspace data is stored in the cloud region you select (or that we provision for your vertical). We try to keep data within your region wherever practical; when an AI model call must cross a region boundary (for example, because the model is hosted elsewhere), we limit transfers to the minimum needed to serve the request and rely on standard contractual clauses or equivalent safeguards where required.

8. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your data — see Data Deletion;
  • export your data in a portable format;
  • object to or restrict certain processing;
  • withdraw consent where we relied on it; and
  • complain to your local data-protection regulator.

To exercise any of these rights, email privacy@sidekyk.ai from the address on your account. We respond within 30 days, and sooner where law requires.

9. Children

SideKyk is a B2B service. We do not market the Service to anyone under 16, and we do not knowingly collect data from users under 16 directly. If you operate a SideKyk on behalf of a business whose customers include minors, you are responsible for whatever consents your local law requires before relaying their data to SideKyk.

10. Cookies and analytics (marketing site only)

The marketing site at sidekyk.ai uses a small number of strictly-necessary and basic-analytics cookies — to remember your preferences and to measure how visitors land on which pages. We do not run third-party advertising trackers across the marketing site, and we do not load any analytics on the WhatsApp channel itself.

11. Security

We encrypt customer data in transit (TLS) and at rest. Each customer workspace is isolated; access between workspaces requires an explicit cross-tenant permission that does not exist by default. Access by SideKyk staff is least-privilege, logged, and reviewed.

No system is perfectly secure. If we discover a security incident that affects your data, we will notify you in line with applicable law and tell you what we know, what we are doing about it, and what you can do on your side.

12. Changes to this policy

We may update this Privacy Policy from time to time. If a change materially affects you, we will give reasonable advance notice through SideKyk, by email, or on this page, and update the "Effective date" at the top. Continued use of the Service after the change means you accept the updated policy.

13. How to contact the data team

For privacy questions, data-protection requests, or to reach the person responsible for data inside SideKyk, write to privacy@sidekyk.ai. For deletion requests specifically, see Data Deletion. For everything else, start with our Terms of Service.