Privacy Policy

The data controller is Presencia. (the “Company”), with offices in Monterrey, Nuevo León, México, and contact email info@presencia-mx.com.

Presencia. operates in Mexican territory and is governed by the laws of the United Mexican States. References to the Company in this document include its present and future subsidiaries, affiliates and successors.

We collect the following personal data from the account holder and any persons authorized to administer the client's business profile:

• Full name and, if applicable, business name.
• Contact email address.
• Mobile phone number (used to deliver WhatsApp alerts).
• Business information: trade name, address, line of business, hours, and category.
• Google account identifier associated with the business profile.

We do not collect sensitive personal data within the meaning of Article 3, section VI of the LFPDPPP.

When the client authorizes Presencia. through Google's OAuth flow, we access the following Google Business Profile information:

• Reviews posted on the client's profile, including rating, text, date, and the public name of the author (as displayed by Google).
• Previous owner replies and replies generated automatically by us.
• Establishment metadata (name, location, category) needed to personalize replies.

Reviewer names are public information made available by Google. Presencia. does not enrich, profile, or sell personal data of review authors.

To access the client's Google profile, we store access and refresh tokens issued by Google. These tokens are sensitive credentials and are stored encrypted at rest using AES (via Fernet) in databases managed by Amazon Web Services (AWS) in the us-east-1 region.

The client may revoke access at any time from their Google account security page or by writing to info@presencia-mx.com. Once revoked, the tokens are invalidated and removed from our operational systems.

We process personal data and business data for the following primary purposes, which are necessary to provide the service:

• Read reviews posted on the client's profile and generate automated replies using artificial intelligence.
• Post replies approved or accepted by the client directly to Google Business Profile, on the client's behalf.
• Notify the client, via WhatsApp and/or email, about negative reviews or other relevant events.
• Manage the contractual relationship: billing, support, and service communications.

Additionally, unless the data subject objects, we may process data for the following secondary purposes:

• Internal statistical analysis and product performance metrics.
• Improvement of our reply-generation models using aggregated or anonymized data.
• Communications about new features, improvements or promotions from Presencia.

The data subject may object to processing for secondary purposes by writing to info@presencia-mx.com.

We collect personal data directly from the data subject during sign-up and onboarding, whether through forms on our site, email, or WhatsApp conversations.

Business profile and review data is obtained from Google through the Google Business Profile APIs, after the client provides consent through Google's OAuth flow.

To deliver the service, Presencia. relies on the following processors and service providers, which process personal data on the Company's behalf:

• Google LLC (United States): to read reviews and post replies on Google Business Profile through the APIs authorized by the client.
• Anthropic, PBC (United States): provider of the Claude AI model, used to draft replies. Reviews and any required context are sent to Anthropic's API under its commercial terms.
• Twilio Inc. (United States): to deliver WhatsApp notifications to the phone number authorized by the client.
• Amazon Web Services, Inc. (United States): to host infrastructure, databases, and encrypted backups.
• Clerk Inc. (United States): to manage authentication of admin-panel users.

These transfers are necessary to perform the contract with the data subject and are made under Article 37, sections IV and VI of the LFPDPPP. Presencia. requires its providers to commit, contractually, to confidentiality and security obligations equivalent to those described in this Policy.

We do not sell, rent, or otherwise commercialize personal data to third parties for purposes different from those described herein.

The data subject has the right to Access, Rectify, Cancel, or Object (ARCO rights) to the processing of their personal data, and to revoke any consent previously granted.

To exercise any of these rights, the data subject must send a request to info@presencia-mx.com indicating: (i) name and means to receive a reply; (ii) a document evidencing identity or, where applicable, legal representation; (iii) a clear, precise description of the data over which the right is being exercised; and (iv) any other element that facilitates locating the data.

We will respond within a maximum of twenty (20) business days from the date the request is received, in accordance with Article 32 of the LFPDPPP. Revoking consent or canceling data may make it impossible to continue providing the service.

We use a minimal set of cookies and local-storage mechanisms, exclusively to:

• Maintain authenticated sessions in the admin panel (cookies operated by Clerk).
• Remember language and visual-theme preferences.

We do not use advertising cookies or third-party trackers for commercial purposes. We do not participate in behavioral advertising networks.

Presencia. implements reasonable administrative, technical, and physical measures to protect personal data against damage, loss, alteration, destruction, or unauthorized use, access, or processing. In particular:

• Encryption at rest (AES, via Fernet) for sensitive credentials, including OAuth tokens.
• Encryption in transit using TLS 1.2 or higher for all communications between the browser, the API, and external providers.
• Access controls based on the principle of least privilege. Only personnel strictly necessary have access to data, and such access is logged and audited.
• Encrypted backups, continuous monitoring, and incident-response procedures.

No system is completely impenetrable. In the event of a breach that significantly affects the property or moral rights of data subjects, we will notify them without delay in accordance with Article 20 of the LFPDPPP.

We retain personal data for as long as the client maintains an active contractual relationship with Presencia. and for an additional period of ninety (90) calendar days after service cancellation, in order to address contractual, tax, and audit obligations.

After that period, data is deleted or irreversibly anonymized, except where a legal obligation requires longer retention (for example, tax obligations may require keeping records for up to five years).

Presencia. may modify this Policy at any time to reflect changes in applicable law, the service, or our internal practices.

Changes will be posted on this same page and the “Last updated” date will be revised. When changes are material, we will notify the data subject by email at least thirty (30) calendar days in advance.

Presencia.'s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google's required disclosure is reproduced verbatim below:

Presencia. uses Google API Services User Data only to provide and improve user-facing features (specifically: reading and responding to Google Business Profile reviews on behalf of the authorized business owner). We do not use Google user data for advertising. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features. We do not allow humans to read Google user data unless we have explicit consent for specific limited purposes (e.g., security investigation, legal compliance), or the data is aggregated and anonymized.

For any question, complaint, or request related to this Policy or to the processing of your personal data, please write to us at info@presencia-mx.com. We will respond promptly and, in any event, within the time limits set by the LFPDPPP.