Privacy Policy
Last updated: May 2026
1. Introduction
This Privacy Policy describes how Creatizo Media Holdings Limited (“FrontDesk.ie,” “we,” “us,” or “our”), a company registered in Ireland (CRO: 798461), collects, uses, and shares information when you use our managed AI front desk service and related services (“Services”).
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the ePrivacy Directive, and other applicable data protection laws.
Data Controller:
Company: Creatizo Media Holdings Limited
Trading as: FrontDesk.ie
Registration: CRO 798461
Email: [email protected]
Address: Dublin, Ireland
2. Information We Collect
2.1 Information You Provide
Account Information: Name, email address, phone number, salon/business name, billing information
Business Data: Service menus, pricing, opening hours, staff names, booking platform details
Communication Data: Messages, voice notes, images, and documents shared through our platform between you and your clients
Payment Information: Processed securely through Stripe — we do not store card details directly
2.2 Automatically Collected Information
Usage Data: Features used, conversation metrics, performance data
Device Information: IP address, browser type, operating system
Log Data: Access times, pages viewed, system activity
2.3 Information from Third Parties
Social Media Platforms: When you connect WhatsApp, Instagram, or Facebook Messenger to our Services
Booking Platforms: When you share your Fresha, Phorest, Booksy, or other booking links for integration
3. How We Use Your Information
3.1 Primary Purposes
Provide and maintain our managed AI front desk service
Process AI-powered conversations on your behalf
Handle customer support and respond to your enquiries
Process payments and manage subscriptions
Send service updates and important notifications
Improve our Services based on usage patterns
3.2 AI Processing
We use AI language models from third-party providers based in the United States to power conversations on your behalf.
Your data is not<\/strong> used to train AI foundation models
AI processes your data solely to deliver our Services
All AI processing is governed by Data Processing Agreements with our providers
AI disclosure is included in every agent’s opening message to your clients
We do not permit our AI providers to use your data to train their foundation models
3.3 AI Processing Legal Basis
AI-powered conversation processing is carried out under Article 6(1)(b) GDPR (contract performance). Where AI processes your salon clients’ data, the legal basis is your instruction to us as data processor under Article 28 GDPR. AI does not make automated decisions with legal or similarly significant effects on individuals under Article 22 GDPR.
3.4 Legal Bases for Processing (GDPR)
Contract Performance (Art. 6(1)(b)): To provide the Services you have subscribed to
Legitimate Interests (Art. 6(1)(f)): To improve our Services, ensure security, and conduct B2B outreach
Consent (Art. 6(1)(a)): For marketing communications — you may withdraw consent at any time
Legal Obligations (Art. 6(1)(c)): To comply with applicable Irish and EU laws
4. Data Sharing and Sub-Processors
4.1 Categories of Service Providers
We share data with the following categories of service providers, all operating under Data Processing Agreements:
AI Conversation Processing: US-based AI language model providers for service delivery only
Communication Platforms: Meta Platforms (WhatsApp Business API, Instagram, Messenger)
AI Platform Infrastructure: EU-based provider (Netherlands)
Hosting: Amazon Web Services — EU West (Ireland), Cloudflare (EU processing)
Payment Processing: Stripe (PCI DSS-compliant)
Email: Google Workspace
A complete list of named sub-processors is available upon request. Contact [email protected].
4.2 We do NOT:
Sell your personal data to any third party
Share data for third-party advertising or marketing purposes
Transfer data outside the EU/EEA without appropriate safeguards
Allow sub-processors to use your data for their own purposes
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Active account data | Duration of active subscription |
| Conversation data | 12 months after last activity |
| Financial records | 6 years (per Irish Revenue requirements) |
| Marketing consent records | Until consent withdrawn + 1 year |
| Backup data | Maximum 90 days after deletion request |
Upon account termination, we delete or anonymise your data within 30 days, except where retention is required by law.
6. Your Rights Under GDPR
Access (Art. 15): Request copies of your personal data
Rectification (Art. 16): Correct inaccurate or incomplete data
Erasure (Art. 17): Request deletion (“right to be forgotten”)
Portability (Art. 20): Receive your data in a machine-readable format
Restriction (Art. 18): Limit processing in certain circumstances
Object (Art. 21): Oppose processing based on legitimate interests
Withdraw Consent (Art. 7): At any time for consent-based processing
Not be subject to automated decision-making (Art. 22): Our AI does not make decisions with legal or similarly significant effects
To exercise any of these rights: Email [email protected]. We will respond within 30 days.
7. Cookies and Tracking
7.1 Essential Cookies
Our website and chat widget use essential cookies required for basic functionality. These do not require consent.
7.2 Analytics Cookies
We do not currently use analytics or tracking cookies. If we introduce them, we will update this policy and obtain your consent.
7.3 Chat Widget Cookies
Our website chat widget sets functional cookies to maintain your conversation session.
7.4 Third-Party Cookies
Interactions via WhatsApp, Instagram, or Facebook Messenger are subject to those platforms’ cookie policies.
8. Data Security
We implement appropriate technical and organisational security measures including:
Encryption in transit (TLS/SSL) across all services
Encryption at rest for sensitive data
Access controls and role-based authentication
Regular review of security practices
Incident response procedures
In the event of a personal data breach, we will notify the Data Protection Commission within 72 hours and notify affected individuals where required.
9. International Data Transfers
Your data is primarily processed within the EU/EEA (Ireland). Where data is processed outside the EU/EEA (e.g., US-based AI providers), we rely on Standard Contractual Clauses (SCCs) and conduct transfer impact assessments.
10. Your Clients’ Data
10.1 Data Controller and Processor Roles
| Relationship | Role | Explanation |
|---|---|---|
| Your salon’s client data | You = Data Controller, We = Data Processor | You decide why and how your clients’ data is processed. We process it on your instructions. |
| Your FrontDesk.ie account data | We = Data Controller | We determine how your account information is processed. |
10.2 Your Responsibilities as Data Controller
Must have a lawful basis to process your clients’ data
Should inform clients that AI handles initial conversations
Must honour data access, deletion, or opt-out requests from your clients
10.3 Our Obligations as Data Processor
Process personal data only on your documented instructions
Ensure confidentiality obligations for our staff
Implement appropriate security measures
Assist you in responding to data subject requests
Notify you of any personal data breach without undue delay
Delete or return all personal data upon termination
10.4 Data Processing Agreement
These obligations, together with our Terms of Service, constitute a Data Processing Agreement under GDPR Article 28. A formal standalone DPA is available upon request.
10.5 STOP / Opt-Out Requests
We honour STOP requests immediately across all channels
Contacts are permanently excluded from future automated messages
Opt-outs are logged for compliance records
11. AI-Specific Disclosures
11.1 AI Transparency
Every AI agent discloses it is an AI assistant in its opening message
AI does not make autonomous decisions with legal effects
AI does not engage in profiling under GDPR Article 4(4)
Human handoff is available for complex requests
11.2 AI Accountability
Denis Colli (Founder) oversees AI quality and accuracy
Conversations are periodically reviewed for compliance
12. Chat Widget and AI Agent
Our website, and websites operated by our clients, may use an AI-powered chat widget. This section explains how that widget handles your information.
12.1 You Are Chatting With an AI
The chat widget is operated by an AI assistant, which is disclosed at the start of the conversation.
A human can take over the conversation at any time, and you can ask to speak to a person.
12.2 Who Is Responsible for Your Data
On the FrontDesk.ie website, the data controller is Creatizo Media Holdings Limited (CRO 798461).
On a client’s own website, that business is the data controller and we act as their data processor.
12.3 How We Use What You Share in Chat
Any details you provide in the chat (such as your name, email, or phone number) are used to respond to your enquiry.
We do not add you to any marketing or automated outbound messaging list on the basis of a chat interaction alone.
Before any phone number or email address receives marketing or automated outbound messages, separate explicit consent is required. If that consent is not confirmed, the contact is suppressed and is not messaged.
Your chat messages are processed to answer you and are not used to train AI foundation models. Our AI providers are bound by Data Processing Agreements and may not use your data for their own purposes.
12.4 Stopping Messages and Deleting Your Data
To stop messages or request deletion of anything you shared in the chat, type STOP in the chat or email [email protected].
We action opt-out and deletion requests promptly and permanently exclude the contact from future automated messages.
13. Marketing Communications
We obtain consent before sending marketing communications
Every marketing message includes an unsubscribe option
Service-related communications are sent regardless of marketing preferences
We honour STOP and unsubscribe requests immediately
14. Children’s Privacy
Our Services are designed for business use by adults. We do not knowingly collect data from individuals under 16.
15. Changes to This Policy
Material changes notified via email at least 30 days before taking effect
Minor changes may be made without advance notice
The “Last updated” date will always reflect the most recent revision
16. Complaints
If you are unhappy with how we handle your data, contact us first at [email protected]. You also have the right to lodge a complaint with the Data Protection Commission (Ireland) at www.dataprotection.ie at any time.
17. Contact Us
Creatizo Media Holdings Limited
Trading as FrontDesk.ie
Dublin, Ireland
Email: [email protected]
CRO: 798461