Privacy Policy

Seekadu — A 24/7 AI Assistant for Your Business

Last updated: 2026-06-04

This Privacy Policy explains how Seekadu Ltd. ("Seekadu", "we", "our", "us") collects, uses, stores, and protects personal information when you use the Services. The "Services" include:

  • Our public website (seekadu.com)
  • The Business Portal, where businesses configure their account, train their AI agent on their own data, manage knowledge files, set up lead generation, and view analytics
  • Per-business AI chat interfaces — including publicly hosted business landing pages, the embeddable chat widget that businesses install on their own websites, the on-Seekadu chat experience where end-users converse with a business's AI agent, and chats initiated by scanning a business's QR code
  • Third-party messaging integrations through which a business's AI agent can receive and reply to messages — including Instagram Direct and Facebook Messenger, and any additional certified messaging channels we may add over time
  • Lead generation features within the chat that collect contact details from end-users when they express interest, and forward those leads to the business through the channels they configure
  • Any other features offered under the Seekadu brand from time to time

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, discontinue use of the Services.

Data controller:
Seekadu Ltd. (СИЙКАДУ ООД)
Company registration (ЕИК): BG208653261
Registered address: Apartment 28, Floor 4, Entrance 7, 132 Kliment Ohridski Blvd., Malinova Dolina, Studentski District, 1756 Sofia, Bulgaria
Contact: team@seekadu.com

1. Information We Collect

We collect information from end-users of the AI agent, businesses using the Business Portal, and end-users who message a business through connected social channels.

1.1 Information provided by end-users

  • Name, email, phone number (when provided voluntarily)
  • Account credentials (when you register)
  • Messages and chat interactions with the AI agent
  • Search queries, preferences, activity patterns
  • Requests and inquiries submitted through the chat
  • Device information (IP address, browser type, OS)
  • Approximate location (only with permission — e.g. "near me" requests)

1.2 Information provided by businesses

  • Business name, handle, contact details, location and opening hours
  • Knowledge files uploaded to train the AI agent (PDFs, documents, spreadsheets, images and similar)
  • Menus, price lists, catalogs, descriptions, FAQs, events, offers, services
  • Social-media handles and links (e.g. Instagram, Facebook, Telegram)
  • Payment and subscription information
  • Lead generation configuration (which fields to capture, which channels to forward leads to)
  • Chat logs between end-users and the business' AI agent

1.3 Information from Meta platforms (Instagram and Facebook)

When a business connects an Instagram Business account or Facebook Page to Seekadu, we receive:

  • Page and Instagram Business account identifiers (IDs and names)
  • Page access tokens used to send replies on the business's behalf
  • Inbound message content sent to the business (text and attachments)
  • Sender identifiers and timestamps for each message

We do not collect broader Meta profile data (no friends, posts, email, phone, advertising data, or insights beyond what is needed to deliver an auto-reply).

Meta permission scopes Seekadu requests. As a Meta Tech Provider, Seekadu requests only the minimum permission scopes needed to operate the auto-reply service on the business's behalf:

  • pages_messaging — receive and send messages on a connected Facebook Page
  • pages_messaging_subscriptions — subscribe to inbound-message webhook events
  • pages_manage_metadata — read Page metadata (name, category, business hours) used to train the AI
  • pages_read_engagement — read post and comment engagement so the AI can route comment-to-DM flows
  • pages_show_list — list the Pages a business user manages so they can select which one to connect
  • instagram_basic — read basic Instagram Business account info needed to identify the connected account
  • instagram_manage_messages — receive and send Instagram Direct messages on the business's behalf
  • business_management — read the business asset graph so multi-Page operators can pick the right Page

We do not request user_friends, user_posts, user_likes, advertising scopes, or any scope that would grant access to data unrelated to the auto-reply service.

1.4 Lead generation data

Where a business has enabled lead capture in their AI agent, the agent may ask end-users for contact details (such as name, email address, phone number, or other fields the business has configured). When provided, this information is stored as a lead and forwarded to the business through the channels the business has configured (such as email or messaging apps). End-users are not required to provide any of this information to use the chat.

1.5 Automatically collected data

  • Device identifiers (including a hashed device identifier used to associate guest, non-logged-in conversations)
  • IP address and approximate geolocation
  • Usage statistics and analytics
  • Interaction data with the AI
  • Cookies and similar technologies

1.6 Third-party data sources

We may collect data from public sources, third-party APIs (such as maps and payment providers), and partners. This is used to enhance AI accuracy and provide relevant search results.

2. How We Use Your Information

2.1 Deliver and improve the Services

  • Provide real-time AI-driven recommendations
  • Personalize responses from the AI agent
  • Power business-specific AI chatbots
  • Retrieve and update business data
  • Optimize discovery and search results

2.2 Business Services

  • Create and maintain business profiles
  • Train each business's AI chatbot on its own data only
  • Offer CRM and analytics tools
  • Provide AI agents for marketing and engagement
  • Improve customer engagement and lead conversion
  • Send notifications or re-engagement messages

2.3 Meta-platform messaging

For businesses that connect a Meta channel, we receive inbound messages, generate AI replies based on the business's configured information, and send those replies back through Meta on the business's behalf. Message history is shown in the Business Portal so the business can review and intervene.

Compliance with Meta Platform Terms and Developer Policies. Seekadu's use of data obtained from Meta platforms (Instagram and Facebook) complies with the Meta Platform Terms, the Meta Developer Policies, and any successor or replacement policies issued by Meta. We use Meta-platform data only to operate the auto-reply service described in this Privacy Policy. We do not sell Meta-platform data, do not use it for advertising, do not use it to build or improve any product unrelated to the connected business's customer messaging, and do not transfer it to any third party except the named sub-processors listed in §3.2 — and only to the extent necessary for them to perform the service on our behalf.

2.4 Communication

We may contact you for service updates, security or account issues, billing matters, and (with your consent only) marketing.

2.5 Safety, security, and legal compliance

We use data to detect and prevent fraud, investigate misuse, enforce our terms, and comply with legal obligations.

2.6 AI quality improvements

We may use anonymized and aggregated data to improve our AI's performance. We do not authorize our third-party AI providers to use Meta-platform message content for training their models.

3. Sharing of Information

We do not sell your personal data.

3.1 With businesses

If you message a business through Seekadu (directly or via Instagram/Facebook), the business will see your inquiry and may contact you back through the platform.

3.2 With data processors and service providers

We rely on the following named third parties to operate the Services. Each is bound by a Data Processing Agreement and processes data only on our instructions.

ProcessorPurposeCountry of processing
Amazon Web Services, Inc.Application hosting, database (Aurora PostgreSQL), object storage, message queue, secrets managementIreland
Google LLCAI inference (Gemini API) for reply generation; user authentication (Google sign-in); mapping and location servicesUnited States
OpenAI, L.L.C.Vector-embedding inference used to retrieve relevant information from the business's own knowledge base when generating a replyUnited States

No other processors receive personal data from Seekadu.

3.3 Legal and compliance

We may disclose data if required by law, court order, or government authority, or to protect our rights, security, users, or the businesses we serve. We disclose only the minimum information necessary.

3.4 Mergers or acquisitions

If Seekadu merges, sells assets, or undergoes acquisition, data may transfer as part of the transaction. Users will be notified of any change of controller.

4. Cookies and Tracking Technologies

We use cookies and similar tools to maintain session and login, remember preferences, improve AI accuracy, analyze usage and performance, and provide relevant recommendations. You may disable cookies, but certain features may not work correctly.

5. Data Storage and Security

We apply industry-standard technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication for production systems
  • Logging and monitoring of access to personal data
  • Signature verification on inbound webhooks from third-party platforms

No online system is 100% secure. While we apply appropriate safeguards, you use Seekadu at your own risk.

6. International Data Transfers

Seekadu is established in Bulgaria (EU). Some of our processors are located outside the European Economic Area:

  • Amazon Web Services — primary processing in Ireland (EU). AWS is US-headquartered; AWS personnel may access EU regions remotely from the US for support.
  • Google LLC — United States.
  • OpenAI, L.L.C. — United States.

Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal basis for transfer.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. Specifically:

  • Account and business data is retained for as long as the account is active.
  • Meta access tokens and message data are retained for the period needed to operate the auto-reply service for the connected business.
  • Anonymized and aggregated analytics may be retained indefinitely.

Users and businesses may request deletion of their data at any time. Full instructions — including self-service deletion via Meta's own settings, email-based deletion requests, and business-account deletion — are documented at seekadu.com/data-deletion. The same instructions are available by contacting team@seekadu.com.

When a business disconnects Seekadu from a Meta channel, or revokes Seekadu's access through Meta's own settings, we will delete the associated tokens and message data within a reasonable period. We also honor Data Deletion Requests sent by Meta on behalf of users who request their data be removed from connected apps.

8. Your Rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction granting equivalent rights, you have the right to:

  • Access your personal data
  • Correct or update inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict processing
  • Object to certain uses
  • Port your data to another service
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority. In Bulgaria this is the Commission for Personal Data Protection (Комисия за защита на личните данни — КЗЛД), https://www.cpdp.bg

To exercise any of these rights, contact us at team@seekadu.com. We will respond within one month, as required by GDPR Article 12(3). We may require identity verification before fulfilling a request.

9. Children's Privacy

The Seekadu Business Portal is intended only for users aged 16 or over.

The AI agent and Meta-channel auto-reply features may interact with end-users via Instagram and Facebook. The minimum age for those platforms is governed by Meta's own terms. Where Seekadu becomes aware that personal data of a child below the applicable digital age of consent has been collected without parental authorization, we will delete it.

10. Third-Party Links and External Services

Seekadu may link to external websites and third-party platforms. We are not responsible for their content, privacy policies, or practices. Users and businesses should review third-party policies independently.

11. Business Data Policy

For businesses:

  • You control your Business Data and the data of any Meta channels you connect.
  • You may update or delete it at any time through the Business Portal, or by emailing team@seekadu.com.
  • Your AI chatbot relies on the data you provide; you are solely responsible for the accuracy and legality of business data you upload.
  • We may store anonymized versions of conversation data to improve our AI models, in accordance with §2.6.

12. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated via email and/or in-app notification. Continued use of the Services after a material change indicates acceptance.

13. Contact Information

Seekadu Ltd. (СИЙКАДУ ООД)
Company registration (ЕИК): BG208653261
Registered address: Apartment 28, Floor 4, Entrance 7, 132 Kliment Ohridski Blvd., Malinova Dolina, Studentski District, 1756 Sofia, Bulgaria
Contact: team@seekadu.com
Website: https://seekadu.com

For privacy-related requests, please reference "Privacy Request" in the subject line.