Privacy Policy – Gori.Dev

Gori.Dev is a technology solutions company based in Guadalajara, Jalisco, Mexico. We offer: - Custom software development - Web development - Implementation of digital solutions - Automation and messaging integration platforms (including WhatsApp Business) For purposes of the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), Gori.Dev may act as: - Data Controller, when it collects data directly through the website. - Data Processor, when it processes data on behalf of its clients through its technology platform.

A) Contact data (website): we only collect the data you voluntarily choose to share. B) Data processed through the automation platform (bot): when a client uses the GoriDev platform to automate messaging channels (for example, WhatsApp Business), we may process data on their behalf.

• Name
• Email address
• Phone number
• End user phone number
• Visible name in messaging profile
• Content of exchanged messages
• Associated metadata (date, time, technical identifiers)
• Business messaging account identifiers

On the website, we obtain data through contact forms and direct communication links. On the platform, we obtain data through integrations authorized by our clients with third-party services, such as WhatsApp Business.

• Contact forms
• Direct communication links (for example, WhatsApp)
• Authorized integrations with third-party services (for example, WhatsApp Business)

Website data:

• Follow up on requests
• Respond to inquiries
• Establish business contact
• Provide the contracted technology service
• Enable response automation
• Manage integrations with messaging platforms
• Maintain operational service records

Our platform may integrate with third-party services, including: - WhatsApp Business Platform - Google Calendar API - Cloud infrastructure services - Technology providers required for service operation When a client authorizes these integrations, GoriDev may receive and store technical identifiers such as: - Access tokens - Account identifiers - Phone number identifiers - Calendar identifiers required to perform the requested action Data obtained through Google services is accessed only after the user grants explicit consent through Google's authorization flow (OAuth 2.0). This data is used exclusively to provide the contracted service and to perform the actions expressly authorized by the user. GoriDev does not access end users' personal passwords nor control personal messaging or Google accounts.

Some product features use OpenAI or other third-party AI providers only to process user-submitted instructions and generate structured commands or suggested responses. OpenAI and other AI providers do not have direct access to user data obtained through Google services, including Google Calendar events, attendee details, or other information processed through authorized Google integrations. User data obtained through Google services is handled through separate application flows and is used only to perform the user-authorized action in the corresponding Google service. Google data is used exclusively to provide the functionality requested by the user and not for advertising, profiling, or model training purposes. We do not send user data obtained through Google services to OpenAI or other AI providers.

In the context of the automation platform: - The client is the Data Controller of its end users' data. - GoriDev acts as Data Processor. - We process data solely according to client instructions.

Each client is responsible for having the corresponding privacy notices and legal authorizations in place for its users.

Personal data will be retained only for the time necessary to: - Provide the contracted service - Comply with legal obligations - Address client requests In the case of the platform, information may be retained while the account remains active or until the client requests deletion according to contractual terms.

GoriDev does not sell or commercialize personal data. We may use technology providers required to deliver the service (such as cloud infrastructure, messaging platforms, or other authorized integrations). In these cases: - Data is processed under confidentiality agreements. - Reasonable security measures are implemented. - Applicable legal provisions are followed. GoriDev does not share data obtained through Google services with third parties, except when strictly necessary to execute the user-requested action through official Google APIs. When our services use OpenAI or another third-party AI provider, that provider is limited to processing user-submitted instructions for the AI feature itself. User data obtained through Google services, including Google Calendar data, is not shared with OpenAI or any other AI provider.

GoriDev implements reasonable technical and organizational measures, including: - Encryption in transit (HTTPS) - Restricted access control - Account isolation per client - Separation of AI-processing flows from third-party integration data flows, including data obtained through Google services - Protection of technical credentials No system is completely invulnerable; however, we apply appropriate security standards in the technology industry.

As a personal data holder, you may exercise your rights of Access, Rectification, Cancellation, and Opposition by sending a request to:

For data managed by a client through the platform, the request must first be addressed to the client acting as Data Controller.

Our services are not specifically directed to minors. We do not intentionally collect personal data from persons under 18 years of age.

This policy may be updated to reflect legal changes or service improvements. The current version will always be available at gori.dev with the corresponding update date.

For any questions related to this policy: