Privacy Policy

This Privacy Policy (the «Policy») governs the collection, use, storage, and protection of personal data of users of the VirtuOps platform (hereinafter — «Platform», «we», «us»), accessible at app.virtuops.io.

VirtuOps is a B2B SaaS platform for automating customer support via AI-driven chatbots across WhatsApp, Telegram, Instagram, and a web widget. The Platform is operated by VirtuOps and is intended for businesses and individual entrepreneurs located primarily in Uzbekistan and the CIS region.

By registering on the Platform and using its services, you expressly consent to the processing of your personal data in accordance with this Policy and the terms of the Public Offer Agreement.

This Policy is drafted in compliance with the Law of the Republic of Uzbekistan «On Personal Data» (No. ZRU-547, dated 2 July 2019) and other applicable legislation of the Republic of Uzbekistan.

We collect the following categories of personal data:

Registration data: full name, e-mail address. Collected when you create an account on the Platform.

Verification data: mobile phone number. Used for identity verification during registration and two-factor authentication.

Payment data: UzCard, Humo, or Visa card details provided at the time of payment. We do not store the full card number or CVV code. Upon the first successful payment, Paylov (paylov.uz) issues a payment token (card token) that we store in encrypted form for the purpose of recurring subscription charges.

Tax identification: Individual Tax Number (ПИНФЛ / STIR) — collected exclusively for users who receive payouts to a card, and verified via the Paylov API in accordance with the requirements of the Central Bank of the Republic of Uzbekistan.

Message history: conversation logs between end-users (your customers) and AI bots deployed on the Platform, processed to provide the core service functionality.

Technical data: IP addresses, browser type and version, device identifiers, access logs, and other technical metadata collected automatically when you use the Platform.

We use the collected data exclusively for the following purposes:

Account management: creating and maintaining your account, authenticating access, and providing Platform features.

Service delivery: operating AI bots, routing messages across connected channels (WhatsApp, Telegram, Instagram, web widget), and providing analytics.

Subscription billing: processing one-time and recurring payments for the Platform subscription via Paylov. The card token stored by us is transmitted to Paylov on a monthly basis via an automated cron job to charge the subscription fee.

Fiscal compliance: generating and issuing fiscal receipts through the Paylov API in accordance with the requirements of the Tax Code of the Republic of Uzbekistan.

Identity and fraud prevention: verifying user identity (ПИНФЛ / STIR) through Paylov and complying with the anti-fraud requirements of the Central Bank of the Republic of Uzbekistan.

Service improvement: analysing aggregated and anonymised usage data to improve Platform performance, reliability, and feature set.

Legal obligations: complying with requirements of competent authorities of the Republic of Uzbekistan where required by applicable law.

We do not use your personal data for advertising, marketing profiling, or sale to third parties.

All payment transactions on the Platform are processed exclusively through Paylov (paylov.uz) — a licensed payment aggregator certified to PCI DSS standards, holding a licence from the Central Bank of the Republic of Uzbekistan and integrated with the anti-fraud system of the Central Bank.

When you enter your card details to pay for a subscription, those details are transmitted directly to Paylov via an encrypted channel. We never receive, store, or process the full card number or CVV/CVC code.

Upon successful payment, Paylov issues a unique payment token bound to your card. We store this token in encrypted form using the AES-256-GCM algorithm. The token is used solely to initiate recurring subscription charges on a monthly basis via an automated cron process, which transmits only the token to Paylov.

Fiscal receipts (online checks) for each payment are generated through the Paylov API and delivered to the e-mail address specified in your account. Paylov acts as the fiscal agent (commissioner) for the purpose of issuing fiscal receipts.

By accepting the Public Offer Agreement, you expressly consent to the storage of the payment token and its transmission to Paylov for the purpose of recurring subscription billing, in accordance with the requirements of Paylov's terms of service.

To cancel a subscription and revoke consent to recurring charges, you may do so at any time through your account settings or by contacting our support team.

Your personal data is stored on servers of cloud infrastructure providers located in data centres that comply with international information security standards.

We implement the following technical and organisational security measures:

— Payment tokens are encrypted using AES-256-GCM prior to storage and are accessible only to the automated subscription processing system.

— All data is transmitted over encrypted connections (TLS 1.2 or higher).

— Access to personal data is restricted to authorised personnel who require it to perform their job functions.

— Systems are regularly audited for vulnerabilities.

Upon deletion of your account, all personal data associated with it is permanently deleted within 30 calendar days, except where retention is required by applicable law (e.g. fiscal records subject to mandatory retention periods).

In the event of a personal data breach that poses a risk to your rights and interests, we will notify you as required by applicable legislation.

We do not sell or transfer your personal data to third parties for commercial purposes. Personal data may be shared with the following categories of recipients solely to the extent necessary to provide the Platform's services:

Paylov (paylov.uz): payment processing, fiscal receipt generation, and ПИНФЛ / STIR verification. Paylov processes data in accordance with its own privacy policy and PCI DSS requirements.

Meta Platforms (WhatsApp, Instagram): transmission and delivery of messages via the WhatsApp Business API and Instagram Messaging API. Meta processes data in accordance with its Data Policy.

Telegram: transmission and delivery of messages via the Telegram Bot API. Data is processed in accordance with Telegram's Privacy Policy.

Cloud infrastructure providers: hosting, data storage, and computing resources. Providers operate under data processing agreements that include appropriate data protection obligations.

Competent state authorities: personal data may be disclosed to authorised state bodies of the Republic of Uzbekistan upon receipt of a lawful request in accordance with applicable legislation.

All third-party processors are engaged under contractual terms that ensure an adequate level of data protection.

VirtuOps's use and transfer to any other app of information received from Google APIs will adhere to the Google API Service User Data Policy, including the Limited Use requirements.

Our Platform requests access to your Google Sheets to enable AI-driven interactions. Specifically, we use the data to: (1) Read information from your spreadsheets to provide answers via AI bots, and (2) Write or update data in your spreadsheets to record bookings or customer requests as directed by your end-users.

We do not use Google user data for serving advertisements, and we do not sell this data to third parties. We only share Google user data with third-party service providers (such as AI model providers) to the extent necessary to provide the AI response functionality, and only with your explicit consent.

You can revoke the Platform's access to your Google account at any time through your Google Security Settings or by disconnecting the integration in the VirtuOps dashboard.

In accordance with the Law of the Republic of Uzbekistan «On Personal Data», you have the following rights with respect to your personal data:

Right of access: you may request confirmation of whether we process your personal data and obtain a copy of such data.

Right to rectification: you may request correction of inaccurate or incomplete personal data.

Right to erasure: you may request deletion of your personal data. Upon account deletion, data is permanently erased within 30 calendar days.

Right to withdraw consent: you may withdraw consent to the processing of your personal data at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

Right to restrict processing: you may request restriction of the processing of your personal data in cases provided for by law.

Right to object to recurring charges: you may cancel your subscription and revoke consent to recurring card charges at any time through your account settings or by contacting support.

To exercise any of the above rights, please contact us using the contact details provided in Section 8 of this Policy. We will respond to your request within 15 business days.

If you have any questions regarding this Privacy Policy, the processing of your personal data, or the exercise of your rights, please contact us:

Platform: VirtuOps

App: app.virtuops.io

Website: virtuops.io

Support: support@virtuops.io

Changes to this Policy will be published on this page with an updated «Last updated» date. Continued use of the Platform after publication of changes constitutes your acceptance of the revised Policy.