Privacy Policy

innovAIte is an AI automation company based in Willemstad, Curaçao ("innovAIte", "we", "us", or "our"). We are the data controller for personal information collected through our website at innovaite.io and through the provision of our services.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding your information. It applies to all visitors, prospects, and clients who interact with us online or offline.

innovAIte operates under the laws of Curaçao, including the Landsverordening persoonsregistraties (National Ordinance on Personal Data Registration). Where we serve individuals located in the European Economic Area (EEA) or United Kingdom, we also adhere to the principles of the General Data Protection Regulation (GDPR) as applicable best practice.

3.1 Information you provide directly

• Contact & identity: name, business name, email address, phone number, WhatsApp number.
• Business information: industry, company size, website URL, business challenges — collected through our website chat widget or contact forms.
• Payment information: billing name and email. We do not store card numbers, CVV codes, or bank account details — all payment data is processed directly by Stripe, Inc.
• Project materials: content, images, branding assets, and other files you share with us to complete a project.
• Communications: emails, WhatsApp messages, and other correspondence you send us.

3.2 Information collected automatically

• Usage data: pages visited, time on site, referring URLs, browser type, operating system, and IP address — collected via server logs and analytics tools.
• Cookies: session cookies necessary for site functionality. See Section 8 for details.
• Chat interactions: conversations you have with our AI chat widget are stored to enable follow-up and improve our service quality.

3.3 Information from third parties

• Stripe: we receive payment confirmation status, subscription status, and basic billing details from Stripe when you make a purchase.
• WhatsApp Business API: if you interact with us via WhatsApp, we may receive your phone number and message content through Meta's platform.

We process your personal data for the following purposes and legal bases:

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We share personal data with the following trusted service providers who process it on our behalf, under data processing agreements and their own security standards:

• Stripe, Inc. (USA) — payment processing and subscription management. stripe.com/privacy
• Supabase, Inc. (USA) — database hosting for order and customer records.
• Vercel, Inc. (USA) — website hosting and deployment.
• Formspree — lead form and chat widget submission routing.
• Vapi AI — voice AI assistant functionality (if used).
• Meta Platforms — WhatsApp Business API for messaging interactions.
• Google Fonts — font delivery (may log IP addresses).

When data is transferred to providers based outside Curaçao or the EEA, we rely on standard contractual clauses or equivalent safeguards to protect your information.

We retain personal data only as long as necessary for the purposes described:

• Client records (orders, invoices, payments): 7 years, to comply with Curaçao tax and accounting regulations.
• Project files and communications: 2 years after project completion, then deleted or anonymised.
• Sales leads (chat widget submissions): 12 months from date of submission, or until you request deletion.
• Website analytics: aggregated / anonymised after 12 months.
• Subscription data: retained while your subscription is active and for 2 years after cancellation.

Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all individuals we serve, regardless of jurisdiction:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: ask us to correct inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data, subject to legal retention obligations.
• Right to restriction: ask us to limit how we process your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interest, including for direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@innovaite.io. We will respond within 30 days. We may need to verify your identity before processing your request.

Our website uses the following types of cookies:

• Strictly necessary cookies: required for core site functionality such as maintaining your admin session (admin_token). These cannot be disabled.
• Functional cookies: remember your preferences such as language selection and chat widget state.
• Analytics cookies: help us understand how visitors use our site. We use only privacy-respecting, aggregated analytics tools.

You can control cookies through your browser settings. Disabling cookies may affect some website functionality. We do not use third-party advertising cookies or behavioural tracking for ad targeting.

We implement industry-standard security measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit.
• Access controls limiting who within innovAIte can view personal data.
• Secure, managed database infrastructure via Supabase with row-level security.
• Payment data handled exclusively by PCI DSS-compliant Stripe — we never see your full card number.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities as required by law.

Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any external sites you visit.innovAIte is not responsible for the privacy practices of third-party websites.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a new effective date. For material changes, we will notify active clients by email. Continued use of our services after the effective date constitutes acceptance of the revised policy.

For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact our privacy contact:

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country of residence.