Legal

Privacy and Data Processing Policy

Zolvion Chatbot Service

Version 1.0
In force since: 22 April 2026
Complies with Colombian Law 1581 of 2012

01. Data controller

This Policy describes how ZOLVION collects, uses, stores, shares and protects the personal information of Clients and end users who interact with the chatbot. This policy complies with Colombian Law 1581 of 2012 and Decree 1377 of 2013 (Habeas Data regime), as well as with applicable international standards.

The data controller of personal data is:

ZOLVION — Miguel Paba
Citizenship ID No. 1092731430
Domicile: Ocaña, Norte de Santander, Colombia
Email: hola@zolvion.com
Phone: +57 313 858 7389

02. Guiding principles

The processing of personal data by ZOLVION will be carried out under the following principles:

Legality: processing will comply with the law.
Purpose: it will be carried out for a legitimate purpose, informed to the data subject.
Freedom: processing requires prior, express and informed authorization from the data subject.
Truthfulness or quality: information will be truthful, complete, accurate and updated.
Transparency: the right of the data subject to obtain information about their data will be guaranteed.
Restricted access and circulation: only authorized persons may access the data.
Security: technical measures will be implemented to prevent losses or unauthorized access.
Confidentiality: persons involved in processing are obliged to maintain secrecy.

03. Personal data we process

3.1. Client data (company contracting the Chatbot Service)

Data	Purpose	Legal basis
Full name	Contractual identification	Execution of the contract
Email	Communication, notifications	Execution of the contract
Phone / WhatsApp	Support and contact	Execution of the contract
Business name / NIT	Billing	Legal obligation (DIAN)
Billing details	Payments and accounting	Legal obligation
IP address, logs	Security and audit	Legitimate interest

3.2. End-user data (those who interact with the Client's chatbot)

The Client, as Data Controller of their own users' data, is the one who collects the personal data of end users at the time of interacting with the chatbot. ZOLVION acts as Data Processor, processing this data exclusively under the Client's instructions.

End-user data that may be processed include:

Phone number (on the WhatsApp channel).
First name and last name (when the user provides them).
Email (when the user provides it).
Content of conversations held with the chatbot.
Session metadata (date, time, duration).

04. Purposes of processing

ZOLVION processes personal data for the following purposes:

Provide the contracted Chatbot Service and give technical support.
Process billing and payments.
Send notifications related to the Service.
Improve the platform (in an aggregated and anonymized manner).
Comply with legal, tax and regulatory obligations.
Prevent fraud, abuse and violations of these Terms.

ZOLVION does NOT sell, rent or transfer personal data to third parties for commercial purposes.

05. Data subject authorization

By subscribing to the Service, accepting these Terms, or by continuing to interact with the chatbot after having been informed, the data subject grants their express and informed authorization for the processing of their personal data in accordance with the purposes described.

In the case of sensitive data (for example, health data, political orientation, biometrics), processing will only be carried out with explicit and specific authorization from the data subject, and only when strictly necessary for the provision of the Service.

06. Data subject rights

In accordance with Law 1581 of 2012, personal data subjects have the following rights:

Know, update and rectify their personal data.
Request proof of the granted authorization.
Be informed, upon request, about the use given to their data.
File complaints with the Superintendencia de Industria y Comercio (SIC) for violations of the law.
Revoke authorization and/or request deletion of their data, when there is no legal or contractual duty to retain it.
Access free of charge their personal data that has been processed.

To exercise these rights, the data subject may send a request to hola@zolvion.com, fully identifying themselves. ZOLVION will respond within a maximum period of fifteen (15) business days, as required by law.

07. Procedure for inquiries and complaints

7.1. Inquiries

Data subjects or their successors may consult the personal data held in ZOLVION's databases through a written communication addressed to hola@zolvion.com. The inquiry will be answered within a maximum period of ten (10) business days.

7.2. Complaints

When the data subject or their successors consider that the information contained in a database should be subject to correction, update or deletion, or when they notice alleged non-compliance, they may file a complaint with ZOLVION at hola@zolvion.com.

The complaint shall be filed through a request addressed to ZOLVION, with the identification of the data subject, the description of the facts giving rise to the complaint, the notification address, and accompanying the documents they wish to assert. The complaint will be addressed within a maximum period of fifteen (15) business days.

08. Security measures

ZOLVION implements reasonable technical, administrative and human measures to protect personal data against loss, unauthorized access, alteration or disclosure. These measures include:

Encryption of passwords and access tokens.
Use of HTTPS for all web communications.
Secure storage in databases with restricted access.
JWT authentication and session control.
Periodic backups.
Internal access audits.

Notwithstanding the above, no system is completely infallible. The Client accepts this risk inherent to the use of digital technologies.

09. International data transfer

ZOLVION uses cloud and artificial intelligence service providers located outside Colombia (such as OpenAI and Meta, both in the United States). By contracting the Service, the Client authorizes the international transfer of data strictly necessary for the provision of the Service, under security standards equivalent to or higher than those required by Colombian law.

10. Data retention

Personal data will be retained while a contractual relationship with the Client exists and for an additional period of thirty (30) calendar days after cancellation of the Service, after which it will be permanently deleted, unless there is a legal duty to retain it (for example, tax obligations requiring retention of billing for ten years).

11. Cookies and similar technologies

The ZOLVION web panel uses technical cookies necessary for the system to function (authentication, session, preferences). No advertising or third-party tracking cookies are used for marketing purposes.

The embeddable chat widget may use browser local storage mechanisms (session memory, sessionStorage, or localStorage) to maintain the continuity of the user's conversation. The type and duration of storage may vary depending on the widget version and the Client's configuration. In all cases, this information is limited to what is strictly necessary for the service to function and is not used for advertising or cross-site tracking purposes.

End Users may, at any time, clear their browser's local storage from the browser settings. This will reset any active conversation with the chatbot.

12. Control authority

The competent authority to hear complaints related to the processing of personal data in Colombia is the Superintendencia de Industria y Comercio (SIC). The data subject may file complaints with said authority provided they have previously exhausted the internal procedure before ZOLVION, in accordance with article 16 of Law 1581 of 2012.

13. Validity

This Policy enters into force as of the date indicated on the cover of this document and will remain in force as long as ZOLVION carries out its commercial activity. The databases will have a validity corresponding to the fulfillment of the purposes for which they were collected.