NESTOR BAYASGALAN, doing business as N.AI Works, is committed to protecting the privacy and security of the data we process on behalf of our clients. This Privacy Policy outlines our practices regarding the collection, use, and protection of information in the context of our AI-driven services.
1. Scope and Applicability This Policy applies to all data that N.AI Works processes in the course of providing its services, including AI-powered lead management, SMS communication, and custom automation solutions, to business clients in the United States. The data pertains to individual leads submitted by our clients and is processed solely for the purpose of re-engagement, communication, and workflow automation.
This Policy does not apply to information collected directly by client businesses from their own customers. Our clients remain responsible for ensuring that they have obtained all necessary rights, permissions, and lawful bases to share such data with us.
2. Information We Process We act as data processors on behalf of our clients. The categories of information we may process include, but are not limited to: full names, mobile phone numbers, interaction history or lead notes, appointment status or engagement metadata, and any other information voluntarily supplied by the client in connection with a lead record.
We do not collect data directly from end users, nor do we knowingly process sensitive personal information such as Social Security numbers, financial account details, or medical records.
3. Use of Information We use client-provided data exclusively to:
Initiate SMS-based lead reactivation and other communication workflows.
Personalize automated communications via AI agents.
Schedule or manage appointment requests on behalf of our clients.
Log engagement data for client performance tracking.
Facilitate custom automation solutions tailored to client needs.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We do not sell, rent, or license any data to third parties. All data processing activities are limited to the scope of service provision as agreed with our clients.
4. Legal Basis for Processing To the extent applicable, we process personal information in accordance with U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA), and act as a service provider as defined therein. We rely on our clients to establish a lawful basis for providing us with lead data and for initiating communications through our system.
5. Third-Party Service Providers We utilize third-party platforms and subprocessors to deliver our services. These may include:
Twilio Inc. – for SMS communication services
GoHighLevel – for CRM-based lead and appointment management
Supabase – for cloud database and vector storage
N8N – for workflow automation
These service providers may have access to personal data only to the extent necessary for performing their contracted functions. We ensure that such third parties are contractually bound to maintain confidentiality and implement appropriate data protection measures.
6. Data Subject Rights and Opt-Out End users (i.e., the leads contacted via SMS) have the right to: Opt out of receiving further text messages by replying with “bye-bye” or other standard keywords recognized by our systems.
At this time, we do not maintain direct channels for lead data access, correction, or deletion requests. All such inquiries should be directed to the originating client who submitted the data.
7. Data Retention and Security Data processed on behalf of clients is retained only for as long as necessary to fulfill the purpose for which it was provided, or as otherwise directed by the client. We employ reasonable technical and organizational safeguards provided through our subprocessors (e.g., encryption at rest, role-based access control, secure HTTPS transmission). However, no system can guarantee absolute security. Upon the termination of the service agreement with a client, N.AI Works will delete or cease processing the client's data, unless retention is legally required or specifically directed otherwise by the client for a lawful purpose.
8. Data Transfers and Storage All data processed by N.AI Works is stored and transmitted through infrastructure located within the United States unless otherwise noted by our subprocessors’ policies.
9. Changes to This Policy We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our practices or applicable law. Updates will be posted to our website with a revised “Last Updated” date. Your continued use of our services after such changes constitutes acceptance.
