Privacy Policy
Effective Date: March 20, 2026
A247 ("A247", "we", "us", or "our") operates the a247.ai platform, a multi-tenant AI-powered communication and analytics platform serving fitness chains and wellness businesses. This Privacy Policy explains how we collect, use, disclose, and protect information when you interact with our services — including through WhatsApp, web chat, SMS, email, and other channels.
If you are a customer of a gym or fitness chain that uses A247 ("Business Client"), your data is processed by A247 on behalf of that Business Client. Please also refer to that Business Client's own privacy policy for information about how they govern your data.
1. Who This Policy Applies To
- End Users — individuals who interact with A247-powered chatbots via any channel (WhatsApp, web embed, SMS, email, etc.).
- Business Clients — gym chains, fitness studios, and wellness businesses that subscribe to A247's platform.
- Visitors — individuals who visit a247.ai or related web properties.
2. Information We Collect
2.1 Information You Provide Directly
- Name, phone number, email address, and other contact information submitted via chat or web forms
- Messages, questions, and responses you send through any communication channel
- Account registration information provided by Business Clients
2.2 Messaging and Communication Data
- Content of conversations conducted over WhatsApp, SMS, email, and web chat
- Message timestamps, delivery status, and read receipts
- Phone numbers and messaging identifiers associated with your account on the respective platform
2.3 CRM and Business Integration Data
A247 integrates with Customer Relationship Management (CRM) systems operated by Business Clients (such as Arbox, Mindbody, and others). Through these integrations, we may process:
- Membership details, subscription status, and booking history
- Visit logs, class attendance, and activity records
- Billing and payment status (not full payment card details)
- Customer identifiers and profile data stored in the CRM
This data is processed strictly on behalf of and under the instruction of the relevant Business Client.
2.4 Automatically Collected Data
- Device type, browser type, and operating system
- IP address and approximate geographic location
- Pages visited, session duration, and interaction events on a247.ai
- Cookies and similar tracking technologies (see Section 6)
2.5 AI Interaction Data
- Conversation inputs and outputs processed by AI language models
- Tool usage logs generated during AI-assisted responses
- Feedback signals used to improve response quality
3. How We Use Your Information
- Operate and deliver AI-powered chat and support services on behalf of Business Clients
- Respond to inquiries, route messages, and generate AI-assisted replies
- Integrate with CRM systems to retrieve and update customer records as instructed by Business Clients
- Generate business analytics, usage reports, and performance insights for Business Clients
- Maintain platform security, prevent fraud, and ensure service reliability
- Comply with applicable legal obligations
- Improve platform functionality, AI accuracy, and user experience
We do not sell personal data to third parties. We do not use End User data for advertising purposes independent of our service delivery role.
4. Meta / Facebook Platform Data
A247 integrates with Meta's WhatsApp Business API and Facebook Messenger Platform to enable messaging services for Business Clients. In connection with these integrations:
- We receive message content, phone numbers, and WhatsApp user identifiers transmitted through Meta's APIs.
- Data received via Meta's platform is used solely to deliver the messaging services requested by the Business Client and to fulfill our obligations under Meta's Platform Terms and Policies.
- We do not use Meta platform data to build user profiles for advertising, to share with data brokers, or for any purpose inconsistent with Meta's Platform Terms.
- Conversation data transmitted through WhatsApp is subject to Meta's own privacy policy, available at whatsapp.com/legal/privacy-policy.
- Business Clients are responsible for obtaining any required consent from their end users prior to initiating WhatsApp communications.
5. Third-Party Services and Sub-Processors
A247 engages trusted third-party providers to operate our platform:
| Provider | Purpose | Data Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, storage, compute, and managed services | EU / US regions |
| Meta Platforms (WhatsApp Business API) | WhatsApp and Facebook messaging delivery | Meta infrastructure |
| OpenAI / AI model providers | AI language model inference for generating responses | US |
| Amazon Bedrock | AI model hosting and retrieval-augmented generation (RAG) | AWS regions |
| Twilio / SMS providers | SMS message delivery | US / EU |
| Analytics and monitoring tools | Platform health monitoring, error tracking | US / EU |
We maintain data processing agreements with all sub-processors and require them to implement appropriate security measures.
6. Cookies and Tracking Technologies
- Essential cookies — required for session management, authentication, and security
- Analytics cookies — used to understand page usage patterns and improve the website
- Functional cookies — used to remember preferences and settings
You may control cookie settings through your browser preferences. Where required by applicable law, we will obtain your consent before setting non-essential cookies.
7. Data Processing on Behalf of Business Clients
A247 acts as a data processor for Business Clients, who are the data controllers for their customers' personal data. This means:
- Business Clients determine the purposes and means of processing End User data.
- A247 processes such data only in accordance with documented instructions from the Business Client.
- Business Clients are responsible for the lawful basis for collecting and processing their customers' data, including obtaining required consents.
- If you are an End User with questions about how a specific gym or fitness chain handles your data, please contact that Business Client directly.
8. Data Retention
- Conversation history — retained for the duration of the Business Client's subscription, plus a reasonable period thereafter for dispute resolution.
- CRM integration data — retained for the active integration period; deleted or de-identified upon subscription termination.
- Analytics and aggregated data — may be retained in anonymized or aggregated form indefinitely.
- Legal and compliance records — retained as required by applicable law.
Business Clients may request deletion of their data upon contract termination. Requests will be fulfilled within 30 days unless retention is required by law.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — request that we limit how we use your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdrawal of consent — withdraw consent at any time where processing is based on consent
If you are an End User, please direct your requests to your Business Client first, as they are the data controller. We will cooperate with Business Clients to fulfill such requests.
We will respond to rights requests within 30 days.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States and countries within the European Economic Area (EEA). Where data is transferred across borders, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs).
11. Data Security
- Encryption of data in transit (TLS) and at rest
- Access controls and role-based permissions
- Regular security reviews and vulnerability assessments
- Secure infrastructure hosted on AWS with monitoring and alerting
- Data isolation between Business Clients (multi-tenant architecture with strict tenant separation)
12. Children's Privacy
A247's services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date and notify Business Clients through the platform or by email.
14. Contact Us
A247
Email: support@a247.ai
Website: a247.ai
If you are located in the European Economic Area and have unresolved concerns, you have the right to lodge a complaint with your local data protection supervisory authority.