Privacy Policy
Last updated: May 28, 2026
Who We Are — Data Controller
This Privacy Policy applies to the use of ThairaAI (thaira.ai), an AI-powered assistant that connects to your WhatsApp, Telegram, email, and calendar to read incoming messages and help you reply, schedule, and manage your communications. The service is operated by THAIRAHUB TECNOLOGIA DA INFORMAÇÃO LTDA, registered under CNPJ 64.477.587/0001-07, headquartered at Rua Rio Grande do Norte, 1436, Sala 813, Savassi, Belo Horizonte/MG, CEP 30130-138, Brasil ("ThairaAI", "we", "Controller").
For purposes of Brazil's General Data Protection Law (LGPD), THAIRAHUB TECNOLOGIA DA INFORMAÇÃO LTDA acts as the Controller of personal data collected and processed through the platform.
1. Policy Availability
This Privacy Policy is made available on a dedicated page in HTML format, is accessible from the homepage and from prominent locations within the application, and will be updated whenever there are relevant changes to data processing practices.
2. What Personal Data We Collect
2.1. Registration data — When you create an account we collect your full name, email address, and profile photo, whether you sign in with Google or with an email and password (authentication is handled by Firebase Authentication, a Google service).
2.2. Usage and metering data — We automatically collect your IP address, browser type, operating system, device identifiers, date and time of access, and activity logs. To operate and bill the service we also record AI usage metering: the number of requests, token counts, the model used, and the associated cost.
2.3. Communication content — When you connect a channel (WhatsApp or Telegram) or a Google account (Gmail and Google Calendar), we process the messages, emails, and calendar events necessary to generate the replies and assistance you request. Message and AI requests are routed through our managed gateway solely to produce the responses you ask for. This content is not used to train AI models.
2.4. Connected-account credentials — To keep your connections active, we store the OAuth access and refresh tokens for your Google account (Gmail and Calendar) and the session credentials for your messaging channels. These credentials are stored encrypted and are used only to maintain the integration you authorized.
2.5. Billing data — When you subscribe to a paid plan, Stripe processes your payment. We store order metadata (amount, plan, and date) but never your full card details.
3. Legal Bases and Purposes of Processing
We process your data based on:
- Contract execution (Art. 7, V, LGPD) — to create your account, connect your channels and accounts, generate replies and assistance, process payments, and provide support;
- Legitimate interest (Art. 7, IX, LGPD) — platform security, fraud prevention, service improvement, and metering and capping of usage;
- Legal obligation — tax record retention as required by Brazilian law;
- Consent — to connect your Google and messaging accounts, and for optional communications such as product updates and tips.
4. How We Store Personal Data
We use Google Cloud Platform (Cloud Run and Cloud SQL) hosted in the United States and Firebase (Google) for authentication. International data transfers comply with Article 33 of the LGPD. Data is protected with TLS/SSL encryption in transit and at rest.
5. Who We Share Data With
We do not sell your personal data. We may share data with:
- Google Cloud Platform — infrastructure and storage;
- Firebase (Google) — authentication;
- Stripe — payment processing;
- Messaging providers — Meta (WhatsApp) and Telegram, as the channels you choose to connect;
- AI providers — accessed through our managed gateway solely to generate the responses you request; no data is used to train AI models.
All third parties act as data processors under contractual obligations compliant with the LGPD.
WhatsApp connectivity. WhatsApp integration is provided through an unofficial, open-source WhatsApp API (based on the code-chat-br/whatsapp-api project and the Baileys library), not the official WhatsApp Business API. Your WhatsApp messages are therefore processed through a self-hosted gateway that we operate, rather than through Meta's official Business API. This software is not affiliated with or endorsed by WhatsApp LLC or Meta Platforms, Inc.
6. Automated Processing
We use your messages, emails, calendar events, and preferences to generate AI-powered replies and suggestions on your behalf. No fully automated decisions with legal effects are made about you. You remain responsible for reviewing and for any message sent through the service.
7. Data Retention and Deletion
Personal data is processed while your account is active. After account closure, data may be retained for up to 3 years per Brazilian Civil Code prescriptive periods, or longer when required by law (e.g., billing records). Disconnecting a channel or Google account revokes the related stored credentials.
You may request deletion of your data at any time by emailing agent@thairahub.com.
8. Security
Security measures include TLS/SSL encryption in transit, encrypted access tokens, restricted access controls, and continuous security monitoring.
9. Your Rights (LGPD, Art. 18)
You may request at any time via agent@thairahub.com:
- Confirmation that we process your data;
- Access to your personal data;
- Correction of incomplete or inaccurate data;
- Anonymization, blocking, or deletion of unnecessary data;
- Data portability;
- Information about third parties with whom we share data;
- Revocation of consent;
- Review of automated decisions.
We will respond within 5 business days.
10. Cookies and Analytics
We may use Google Analytics to collect anonymized information about usage trends. No names, emails, or phone numbers are collected by Google Analytics. You can opt out via your browser settings.
11. Children's Privacy
ThairaAI is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us at agent@thairahub.com.
12. Changes to This Policy
We will notify users of significant changes via the platform or email. Continued use after changes constitutes acceptance of the updated Policy.
13. Data Protection Officer (DPO)
To exercise your rights under the LGPD, contact our Data Protection Officer:
Name: João Vitor de Oliveira
Email: agent@thairahub.com
Company: THAIRAHUB TECNOLOGIA DA INFORMAÇÃO LTDA
CNPJ: 64.477.587/0001-07
Address: Rua Rio Grande do Norte, 1436, Sala 813, Savassi, Belo Horizonte/MG, CEP 30130-138, Brasil