Privacy Policy

1. Our Role in Data Processing

For the purposes of POPIA:

You (the customer) are the Responsible Party in respect of personal information processed using Tellexa’s services.

Tellexa acts as an Operator, processing personal information solely on your documented instructions and only for the purpose of providing the services.

Tellexa does not determine the purpose for which personal information is processed through the platform, except where required to operate, secure, and improve the service in a lawful and aggregated manner.

You warrant that you have a lawful basis to collect, use and submit personal information to the Services and that you have provided any required notices to data subjects. Tellexa does not independently verify the legality, accuracy, or completeness of personal information submitted by customers.

Tellexa has no obligation to monitor, review, or verify the legality, accuracy, or completeness of personal information submitted by users and shall not be deemed to have knowledge of any unlawful processing carried out through the Services.

2. Information We Process

We process the following categories of information, depending on how you use the services:

2.1 Account Information

Name, email address, phone number, company details, and login credentials provided when registering or administering an account.

2.2 Customer Content

Messages, commands, documents, files, and other content submitted to or generated through Tellexa’s AI Assistants via Telegram, WhatsApp, web interfaces, or integrations.

2.3 Usage and Technical Information

Information about how the services are used, including feature usage, timestamps, device information, IP addresses, and browser type. This information is processed primarily for security, reliability, and service performance.

2.4 Billing Information

Billing and payment details processed securely by authorised third-party payment providers. Tellexa does not store full payment card details.

3. Lawful Basis for Processing

Tellexa processes personal information on the following lawful bases under POPIA:

performance of a contract with you;

compliance with legal obligations;

legitimate interests, including securing, maintaining and improving the Services, provided such processing does not override data subject rights; and

consent, where required and explicitly obtained.

Where Tellexa acts as an Operator on customer instructions, the customer determines and warrants the applicable lawful basis for processing personal information.

Where Tellexa relies on legitimate interests, such processing relates solely to securing, maintaining and improving the Services and does not alter Tellexa’s role as Operator in respect of customer content.

4. How We Use Personal Information

Personal information is processed only to the extent necessary to:

Provide, operate, and maintain the Tellexa services

Process transactions and manage subscriptions

Respond to enquiries, support requests, and communications

Deliver system notifications, updates, and security alerts

Monitor service usage and performance in an aggregated and non-identifying manner

Detect, prevent, and investigate security incidents, fraud, or misuse

Tellexa does not use identifiable customer data to train general-purpose AI models.

5. AI Processing and Model Use

Customer content is processed by AI systems only to deliver the requested service outputs.

Customer data is logically isolated between customers.

Customer data is not used to train AI models for other customers.

Where third-party AI providers are used, they act as sub-operators and process data under contractual confidentiality and security obligations.

Tellexa does not permit third-party AI providers to use customer data for their own model training.

AI-generated outputs may contain personal information derived from customer inputs. Customers remain solely responsible for reviewing outputs before distribution or reliance.

6. Data Storage and Security

Tellexa implements appropriate technical and organisational measures to safeguard personal information, including:

Encryption in transit using TLS 1.3

Encryption at rest using AES-256

Role-based access controls and multi-factor authentication

Audit logging and access monitoring

Regular security assessments

While Tellexa implements appropriate safeguards, no method of transmission or storage is completely secure.

Further details are available in our Security Policy.

7. Data Retention

Personal information is retained only for as long as necessary to provide the services.

Upon cancellation or termination, customer data is retained for up to 90 days, after which it may be permanently deleted or anonymised in Tellexa’s discretion, unless retention is required by law.

Backup data is subject to controlled retention schedules and secure deletion processes.

8. Sharing of Personal Information

Tellexa does not sell personal information.

Personal information may be shared only with:

Service providers and sub-operators (e.g. cloud hosting, payment processing, AI providers) acting under written agreements

Legal or regulatory authorities, where required by law

Successors in business transfers, subject to equivalent data protection safeguards

All sharing is limited to what is necessary to provide the services.

9. International Data Transfers

Personal information may be processed in countries outside South Africa where Tellexa or its sub-operators operate. In such cases, Tellexa ensures that appropriate safeguards are in place in accordance with section 72 of POPIA.

By using the Services, you acknowledge and accept that processing may occur in jurisdictions with different data protection standards, subject to appropriate safeguards.

10. Data Subject Rights

Data subjects have the right to:

Request access to personal information

Request correction or deletion

Object to certain processing

Withdraw consent where applicable

Lodge a complaint with the Information Regulator

Requests may be subject to identity verification and lawful limitations under POPIA.

Where Tellexa processes personal information as an Operator on customer instructions, we may refer requests to the relevant customer (as Responsible Party) where appropriate. We may require sufficient information to verify identity and locate the relevant data.

11. Children’s Privacy

Tellexa’s services are not intended for individuals under 18 years of age. We do not knowingly process personal information relating to children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the website or other appropriate channels.

13. Contact Details

For privacy-related enquiries or requests:

Tellexa – Privacy & Data Protection

Email: privacy@tellexa.ai