This privacy policy explains how GalilAI ("we," "us," "our") collects, uses, shares, protects, and retains data when you use our platform, including data obtained through integrations with Google services and Meta services.
We reserve the right to update this policy at any time. Material changes will be communicated to users, and we encourage you to review this page periodically.
When you use GalilAI, we may collect:
- Account information: name, email address, company details, and login credentials.
- Google user data: information accessed via Google Ads API when you connect your Google Ads account, including campaign data, advertising performance metrics, and account identifiers.
- Meta/WhatsApp Business data: messages, contact information, and account data accessed via the Meta Graph API when you connect WhatsApp Business, Messenger, or Instagram.
- Technical data: IP address, browser type, device information, and usage data collected automatically when you visit our website or use our platform.
- Communications data: information you provide when contacting support or participating in surveys.
We use the data we collect to:
- Provide and operate the core features of GalilAI, including campaign creation, management, and reporting.
- Enable messaging integrations with WhatsApp, Messenger, and Instagram on your behalf.
- Maintain and improve the security, performance, and reliability of our platform.
- Communicate with you about your account, service updates, and (where you have opted in) product news.
- Comply with legal obligations and enforce our terms of service.
We do not use Google user data or Meta user data for advertising purposes, and we do not sell user data to third parties.
We do not sell your data. We share data only in the following circumstances:
- Service providers: We share data with infrastructure and hosting providers (such as Google Cloud Platform) that process data on our behalf, strictly to operate GalilAI. These providers are contractually bound to protect your data and use it only for the purposes we specify.
- Google and Meta platforms: Data is exchanged with Google Ads and Meta (WhatsApp, Messenger, Instagram) APIs as necessary to deliver the functionality you request — for example, submitting campaign data to Google Ads, or sending/receiving messages through WhatsApp Business.
- Legal requirements: We may disclose data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of GalilAI, our users, or others.
- Business transfers: If GalilAI is involved in a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction, subject to this policy.
- With your consent: We may share data with other third parties when you have given explicit consent to do so.
We do not share Google user data with third parties for advertising purposes, and any sharing of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
We apply the following safeguards to protect your data, including sensitive data such as Google and Meta user data:
- Encryption: Data is encrypted in transit using TLS, and sensitive credentials (such as API access tokens) are encrypted at rest.
- Access controls: Access to user data is restricted to authorized personnel and systems on a need-to-know basis, governed by internal access controls and network-level restrictions.
- Secure infrastructure: Our systems run on hardened cloud infrastructure with firewall rules limiting access between internal services and the public internet.
- Token management: OAuth tokens used to connect your Google and Meta accounts are stored securely and are never shared with unauthorized third parties.
- Ongoing monitoring: We monitor our systems for unauthorized access and review our security practices on an ongoing basis.
- We retain your account data and connected Google/Meta data for as long as your account remains active and as needed to provide our services.
- If you disconnect your Google Ads or Meta account from GalilAI, we delete the associated access tokens and stop accessing new data immediately; previously collected data is retained only as long as necessary for the purposes described in this policy, or as required by law.
- If you delete your GalilAI account, we will delete or anonymize your personal data and any associated Google or Meta user data within 30 days, except where retention is required for legal, accounting, or security purposes.
- You may request deletion of your data at any time by contacting us at the email address below hello@galil.ai
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, and to withdraw consent for data processing. To exercise these rights, contact us using the information below.
We may update this privacy policy from time to time. We will post the updated version on this page with a revised "Last updated" date.
If you have questions about this privacy policy or how we handle your data, contact us at:
Email: hello@galil.ai