1. Introduction

Setter AI ("we," "us," or "our") operates the website getsetter.ai and provides AI-powered lead reactivation and sales automation services (the "Service"). Our Service operates across multiple channels, including WhatsApp Business API, Meta platforms (Facebook, Instagram), Meta Ads (including Lead Ads), and related messaging and advertising infrastructure.

This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TDDDG).

By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for processing your personal data is:

Setter AI
Email: support@getsetter.ai
Website: https://getsetter.ai

3. Data We Collect

3.1 Data You Provide Directly

• Name, email address, and phone number when you register for our Service or contact us

• Company name, business information, and billing details

• Meta Business Manager account details and ad account information

• Communication preferences and consent records

3.2 Data Collected Through WhatsApp Business API

• Phone numbers of leads provided by our clients for reactivation campaigns

• Message content exchanged between leads and our AI chatbot

• Opt-in and opt-out status and timestamps

• Message delivery and read receipts

3.3 Data Collected Through Meta Platforms

• Lead data submitted through Meta Lead Ads (Facebook and Instagram), including name, email, phone number, and any custom form fields

• Ad interaction data such as click-through rates, ad impressions, and conversion events

• Facebook and Instagram user identifiers as provided by Meta's advertising APIs

• Custom Audience and Lookalike Audience data used for ad targeting and campaign optimization

• Meta Pixel and Conversions API event data where implemented on client properties

3.4 Data Collected Automatically

• IP address, browser type, device information, and operating system

• Pages visited, time spent on pages, and referral sources

• Cookies and similar tracking technologies (see Section 9)

4. Purpose and Legal Basis for Processing

We process personal data for the following purposes:

Contract Performance (Art. 6(1)(b) GDPR): To provide, maintain, and improve our Service; to manage client accounts; to deploy and operate AI chatbot campaigns across WhatsApp and Meta platforms; to manage Meta Ads campaigns and lead routing; to process billing and payments.

Legitimate Interest (Art. 6(1)(f) GDPR): To analyze Service usage, ad campaign performance, and lead conversion metrics; to ensure security and prevent fraud; to communicate service updates; to optimize ad targeting and campaign delivery.

Consent (Art. 6(1)(a) GDPR): To send marketing communications; to use non-essential cookies, Meta Pixel, and tracking technologies; to process lead data submitted through Meta Lead Ad forms where consent is the applicable legal basis.

Legal Obligation (Art. 6(1)(c) GDPR): To comply with tax, accounting, and other regulatory requirements under German and EU law.

5. Data Processing on Behalf of Clients

When we process personal data of our clients' leads — whether collected via WhatsApp campaigns, Meta Lead Ads, or other Meta platform integrations — we act as a data processor on behalf of the client (the data controller). This relationship is governed by a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

Our clients are responsible for:

• Obtaining the appropriate legal basis (e.g., legitimate interest or consent) for contacting their leads

• Ensuring that Meta Lead Ad forms include appropriate privacy disclosures and consent mechanisms

• Complying with Meta's Custom Audience Terms and Lead Ads Terms

• Configuring ad-level data handling settings in accordance with applicable privacy laws

6. Data Sharing and Transfers

6.1 Service Providers

We share data with the following categories of service providers, each bound by data processing agreements:

• Meta Platforms Ireland Ltd.: WhatsApp Business Platform, Facebook and Instagram advertising, Lead Ads, Conversions API, and audience management

• Twilio Inc.: WhatsApp Business API infrastructure (Business Service Provider)

• Cloud hosting providers for data storage and processing

• CRM and marketing automation platforms as configured by clients

6.2 Meta Platform Data Sharing

In connection with Meta Ads campaigns, data may be shared with Meta Platforms for:

• Lead Ad form submissions and lead routing to clients

• Custom Audience creation and matching for ad targeting

• Conversion tracking via Meta Pixel or Conversions API

• Campaign measurement, attribution, and reporting

We process this data in accordance with Meta's Business Tools Terms and applicable data protection law. Where clients use Custom Audiences, both the client and Meta act as independent controllers for the matching process.

6.3 International Transfers

Some of our service providers, including Meta Platforms, Inc. and Twilio Inc., are based outside the EU/EEA. Where personal data is transferred to third countries, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, the EU-U.S. Data Privacy Framework where applicable, or adequacy decisions by the European Commission.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

• Client account data: For the duration of the business relationship plus 10 years (German commercial and tax law requirements under HGB and AO)

• WhatsApp campaign data: For the duration of the campaign plus 90 days, unless the client requests earlier deletion

• Meta Lead Ad data: For the duration of the campaign plus 90 days; lead data is forwarded to the client's CRM and deleted from our systems thereafter

• Ad performance and analytics data: Retained in aggregated, non-personal form for campaign reporting

• Opt-out records: Retained indefinitely to honor unsubscribe requests across all channels

• Website analytics data: 26 months

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15 GDPR): Obtain confirmation of whether your data is processed and request a copy

• Right to rectification (Art. 16 GDPR): Correct inaccurate or incomplete data

• Right to erasure (Art. 17 GDPR): Request deletion of your data where legally permissible

• Right to restriction (Art. 18 GDPR): Restrict processing under certain conditions

• Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format

• Right to object (Art. 21 GDPR): Object to processing based on legitimate interests, ad targeting, or direct marketing

• Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at support@getsetter.ai. We will respond within one month as required by law.

You also have the right to lodge a complaint with a supervisory authority for Data Protection Supervision.

9. Cookies, Tracking Technologies, and Meta Pixel

Our website and client properties may use cookies, Meta Pixel, Conversions API, and similar technologies. We categorize them as follows:

• Strictly necessary cookies: Required for website functionality (no consent needed)

• Analytics cookies: Help us understand how visitors interact with our website (consent required)

• Marketing and ad tracking cookies: Including Meta Pixel, used to measure ad performance, build audiences, and deliver relevant advertisements across Meta platforms (consent required)

Meta Pixel and Conversions API may collect data such as page views, actions taken on the website, device and browser information, and IP addresses. This data is shared with Meta for ad targeting, measurement, and optimization purposes.

You can manage your cookie preferences through our cookie consent banner, your browser settings, or Meta's Ad Preferences at facebook.com/adpreferences.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit (TLS) and at rest

• Access controls and authentication mechanisms for all platforms including Meta Business Manager

• Regular security assessments and monitoring

• Employee training on data protection

• Secure handling of Meta API tokens and WhatsApp Business API credentials

11. AI and Automated Decision-Making

Our Service uses artificial intelligence to generate conversational responses in WhatsApp interactions and to optimize lead qualification and routing. AI is also used to analyze campaign performance data and suggest targeting improvements.

No automated decisions with legal or similarly significant effects are made about individuals without human oversight. Leads can opt out of AI-driven communication at any time by responding with a stop keyword on WhatsApp or by using the opt-out mechanisms provided in Meta Lead Ad forms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices:

Email: support@getsetter.ai
Website: https://getsetter.ai