Privacy Policy

Last updated: March 2026

At Ibra Agent ("we", "us", "our"), we are deeply committed to protecting the privacy and security of our business clients ("Clients") and their end-users. This Privacy Policy outlines our data processing practices for the Ibra Agent platform ("Service").

1. Information We Collect

As an enterprise AI automation platform, we collect information necessary to deliver our services: • Account & Organization Data: Organization name, contact details, and billing information. • Platform Data: Product catalogs, inventory metrics, and configuration settings. • End-User Communications: Business-to-customer messages processed via integrated Meta (Facebook/Instagram) channels. • Technical & Usage Data: System logs, API interaction metrics, IP addresses, and performance analytics. • Financial Data: Processed securely via compliant third-party enterprise payment gateways.

2. Data Processing and Usage

Collected data is strictly utilized to: • Deliver, secure, and optimize the Ibra Agent enterprise automation platform. • Facilitate the underlying AI-driven conversational agents efficiently. • Provide administrative insights, operational alerts, and technical support. • Enforce compliance with our enterprise terms and applicable regulatory requirements.

3. Data Sharing and Sub-processors

Ibra Agent operates under a strict non-disclosure framework and does not monetize Client data. Sub-processors and third-party sharing include: • Meta platforms (Facebook/Instagram) strictly for authorized API interactions. • AI infrastructure providers (e.g., Groq, OpenAI), restricted solely to processing conversational data without long-term retention of PII. • Essential cloud infrastructure and analytics partners bound by stringent Data Processing Agreements (DPAs). • Legal authorities when explicitly mandated by a valid subpoena or court order.

4. Enterprise Data Security

We implement rigorous security controls, including AES-256 data encrypton at rest, TLS 1.3 encryption in transit, strict logical tenant isolation, Role-Based Access Control (RBAC), and continuous vulnerability monitoring to safeguard your organizational data.

5. Data Retention

Client data is retained only for the duration of an active enterprise subscription. Upon account termination, we initiate a secure and permanent data sanitization process within 30 days, retaining only legally mandated financial audit logs.

6. Privacy Rights and Compliance

We fully support compliance with major global privacy frameworks (GDPR, CCPA). Clients retain full rights to: • Access, export, or port organizational data. • Request immediate rectification or erasure of processed data. • Restrict or object to specific processing modules. Direct compliance inquiries to privacy@ibradev.io.

7. Policy Updates & Contact

We reserve the right to modify this Privacy Policy to reflect evolving regulatory frameworks. Material changes will be communicated via direct administrative channels. For privacy inquiries, contact our Data Protection Officer at privacy@ibradev.io or visit our portal at ibradev.io.