Versaia

Legal

Privacy Policy

01

Introduction

Welcome to Versaia BV ("Versaia," "we," "us," or "our"). We are committed to protecting your privacy and the security of your personal data. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our AI agent orchestration platform, Versaia Control ("Versaia Control" or the "Service"). Versaia Control enables organizations to deploy and manage AI agents across multiple communication channels, including phone/voice, WhatsApp, SMS, email, and webchat. This policy also covers our websites https://www.versaia.ai/ (collectively, the "Websites"), and our interactions with business customers ("Customers") and individuals who interact with Versaia Control when contacting our Customers ("End-Users").

Versaia BV acts as a data controller for certain types of data and as a data processor on behalf of our Customers for other data. We comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Uitvoeringswet Algemene Verordening Gegevensbescherming ("UAVG").

This Privacy Policy aims to inform you about:

  • Who we are and how to contact us
  • What personal data we collect and process
  • The lawful bases for processing personal data
  • How we use your personal data
  • With whom we share your personal data
  • International transfers of personal data
  • How long we retain your personal data
  • The security measures we have in place
  • Your data protection rights and how to exercise them
  • Our practices regarding interaction recording, message processing, and consent
  • Our use of cookies

02

Who We Are and Contact Details

Data Controller (and Processor for certain services):

Versaia BV

Buitenveldertselaan 150

1081AB Amsterdam

The Netherlands

Chamber of Commerce number: 96961686

Postal Address: Buitenveldertselaan 150, 1081AB Amsterdam, The Netherlands

(Attn: Data Protection Officer)

03

Personal Data We Collect and Process

We collect and process different types of personal data depending on your interaction with us:

3.1. Data from Our Business Customers

When you subscribe to Versaia Control, we may collect and process:

  • Organisation information (company name, address, contact details, business information)
  • Location information (such as business addresses and opening hours)
  • Account information for designated staff (name, email address, hashed/encrypted passwords)
  • Billing and subscription information
  • Information necessary for integration with reservation and management systems

3.2. Data from End-Users

When an End-User interacts with an AI agent through Versaia Control, we may collect and process the following data depending on the communication channel:

  • Call recordings and transcripts (phone/voice)
  • Message content and conversation history (WhatsApp, SMS, email, webchat)
  • Phone number, email address, WhatsApp identifier, or chat session ID
  • Interaction metadata (date, time, duration, channel type, routing info)
  • Name and any details provided during the interaction

Notice

End-Users are informed that they are communicating with an AI agent. For phone calls, this is disclosed at the beginning of the call. For messaging channels (WhatsApp, SMS, webchat, email), this is communicated via an automated disclosure at the start of the interaction.

3.3. Data from Website Visitors

When you visit our Websites:

  • Cookie data (managed by Cookieyes; stored locally on your device)
  • Contact information if you contact us via forms or email addresses provided

3.4. Special Categories of Data

We do not intentionally collect or process special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). End-Users are advised not to provide such information unless strictly necessary for their interaction.

04

Lawful Basis for Processing Personal Data

We process personal data on the following lawful bases under GDPR:

Performance of a Contract

To provide and manage the Versaia Control platform and associated AI agents for our Business Customers, across all supported communication channels.

Legitimate Interests

For efficient communication management across all channels (phone, WhatsApp, SMS, email, webchat), quality assurance, dispute resolution, service improvement, analytics, security, and direct marketing (to businesses). End-Users are informed at the start of each interaction about the nature of the communication.

Consent

For non-essential cookies via our cookie consent management tool.

Legal Obligation

When necessary to comply with a legal or regulatory obligation.

05

How We Use Your Personal Data

We use personal data to:

  • Provide, manage, and improve our Versaia services
  • Enable communication tasks, reservations, and customer interactions across phone, WhatsApp, SMS, email, and webchat
  • Integrate with reservation, CRM, and management systems
  • Provide access to interaction data and analytics for our Customers across all channels
  • Respond to inquiries and provide support
  • Analyze usage and improve service functionality
  • Investigate and resolve complaints or disputes
  • Monitor for security, prevent fraud and abuse
  • Comply with applicable laws and regulations
  • Inform Business Customers about services and offers (where permissible)

Automated decision-making

The Versaia AI Agent facilitates communication and task execution. No profiling or automated decisions are made that have legal or similarly significant effects on individuals. Human oversight is in place for quality assurance.

06

Data Sharing and Disclosure

We do not sell your personal data.

We may share personal data only:

  • With our Business Customers (for their own interaction data across all channels)
  • With trusted third-party service providers who perform services on our behalf, under contract and in compliance with data protection laws (e.g., cloud hosting, infrastructure, telephony, messaging platforms, cookie management)
  • As required by law, to protect rights and safety, or in response to lawful requests
  • In the context of business transfers (e.g., mergers, acquisitions)

All third-party providers are contractually bound to process data only according to our instructions and GDPR compliance. We prioritize providers with robust data protection standards.

07

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where personal data is transferred internationally, we ensure adequate protection through mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, or other safeguards as required by law.

All core data for Versaia Control (call recordings, transcripts, message logs, interaction metadata, customer data) is hosted within the EU.

08

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, and to comply with legal, regulatory, tax, or reporting requirements.

Call recordings, transcripts, and message logs

Stored for one (1) year from the date of the interaction, then anonymized. This applies across all channels: phone/voice, WhatsApp, SMS, email, and webchat.

Business Customer account data

Retained for the duration of the customer relationship and as required by law.

Backup data

Regularly backed up, encrypted, and securely deleted after a defined period.

Upon expiry of the applicable retention period, data is securely deleted or anonymized.

09

Data Security

We have implemented appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration.

These measures include:

  • Encryption (at rest and in transit)
  • Strict access controls
  • Infrastructure security using reputable providers
  • Strong password and authentication policies
  • Regular encrypted backups
  • Employee training on data protection
  • Incident response procedures

While we take security seriously, no method of electronic storage is 100% secure.

10

Your Data Protection Rights

Under GDPR and UAVG, you have rights including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated individual decision-making and profiling

To exercise your rights as a Business Customer, contact our Data Protection Officer at [email protected].

If you are an End-User (via phone, WhatsApp, SMS, email, or webchat), Versaia acts as Data Processor. Please direct data rights requests to the business you interacted with (the Data Controller). We will assist our Customers in handling such requests.

Lodge a complaint

You have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens

https://www.autoriteitpersoonsgegevens.nl/

11

Interaction Recording and Logging

Interactions handled through Versaia Control are recorded and/or logged, depending on the communication channel:

  • Phone calls are recorded (audio) and transcribed.
  • WhatsApp, SMS, webchat, and email interactions are logged as message history.
  • End-Users are informed at the start of each interaction that they are communicating with an AI agent.
  • Interaction logs are used by our Customers for managing inquiries, quality assurance, dispute resolution, and service improvement.
  • For phone calls, you may choose to end the call if you do not wish to be recorded.

12

Cookies and Similar Technologies

  • Our Websites use cookies.
  • We use Cookieyes to manage consent for cookies.
  • Essential cookies are required for website functionality; others are subject to your consent.
  • You can manage preferences at any time via the cookie management tool.

Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising.

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

13

Consent Management and Logging

Interaction recording and logging

End-Users are informed at the start of each interaction, regardless of channel (phone, WhatsApp, SMS, email, webchat); continued interaction indicates awareness.

Cookies

Consent for non-essential cookies is managed and logged via Cookieyes.

For Business Customers

Processing is typically agreed within the service contract.

14

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted with a new "Last Updated" date and, if material, may be communicated by other means. We encourage you to review this Policy periodically.

15

Language

This Privacy Policy is provided in English. A Dutch translation will be made available. In case of conflict, the English version prevails as permitted by law.

16

Governing Law

This Privacy Policy and our data practices are governed by the laws of the Netherlands and applicable EU regulations, notably the GDPR.

Get in touch

Questions about your data?

[email protected]