Privacy Policy

Effective date: 1 March 2026 · Last updated: 26 March 2026

1. Introduction

This Privacy Policy explains how DG Studios LLC ("Company", "we", "us", "our"), operating the ctrlroom.ai platform, collects, uses, stores, and protects your personal data when you use our services or visit our website.

We are committed to protecting your privacy and handling your data responsibly. This policy applies to all individuals who interact with our services, including clients, prospective clients, and website visitors.

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide

  • Contact information: name, email address, phone number, business name
  • Business information: industry, company size, role, business requirements
  • Account credentials: messaging platform usernames (e.g., Telegram handle) for Agent operation
  • Communication content: messages sent to and from your Agent, emails processed by workflows
  • Payment information: billing address, payment method details (processed by our payment provider; we do not store full card numbers)

2.2 Information Collected Automatically

  • Usage data: Agent interaction logs, workflow execution records, API usage metrics
  • Technical data: IP address, browser type, device information, access timestamps
  • Website analytics: pages visited, time on site, referral source (essential cookies only)

3. Why We Collect Your Data

We use your personal data for the following purposes:

PurposeData Used
Providing and operating the ServiceContact info, business info, message content, usage data
Agent configuration and workflow operationBusiness info, communication content, account credentials
Billing and invoicingContact info, payment info, API usage metrics
Improving Agent performance and Service qualityUsage data, workflow logs (aggregated/anonymised)
Customer supportContact info, usage data, communication content
Legal compliance and fraud preventionAll categories as necessary

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you've engaged us to deliver, including Agent operation, billing, and support.
  • Legitimate interests: Processing necessary for our legitimate business interests, including improving service quality, ensuring security, and preventing fraud, where these interests are not overridden by your rights.
  • Legal obligation: Processing necessary to comply with applicable laws, such as financial record-keeping requirements.
  • Consent: Where required by law, we will obtain your consent before processing. You may withdraw consent at any time.

5. How Long We Keep Your Data

  • Active service data: Retained for the duration of your service agreement.
  • Post-termination: Client data is deleted within thirty (30) days of service termination, unless otherwise requested or required by law.
  • Communication logs: Retained for up to twelve (12) months after termination for support and dispute resolution purposes, then deleted.
  • Billing and financial records: Retained for seven (7) years after the relevant transaction, as required by applicable financial regulations.
  • Website analytics: Aggregated data retained indefinitely; identifiable data deleted after twelve (12) months.

6. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients:

  • Infrastructure providers: Cloud hosting and compute providers who store and process data on our behalf, under strict data processing agreements.
  • Payment processors: Third-party payment services that process transactions on our behalf. They receive only the data necessary to process payments.
  • Messaging platforms: Telegram, WhatsApp, and other channel providers, to the extent necessary for Agent operation. Messages are transmitted through their infrastructure.
  • Professional advisors: Legal, accounting, or other professional advisors, under obligations of confidentiality, when necessary.
  • Law enforcement: Only when required by law, court order, or valid legal process.

We never sell your data to third parties for advertising or marketing purposes.

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit: All data transmitted between your devices and our systems is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Stored data is encrypted using industry-standard encryption algorithms.
  • Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis.
  • Regular security reviews: We periodically review and update our security practices.
  • Incident response: We maintain procedures for detecting, reporting, and responding to data breaches.

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at daniel@greavescapital.co. We will respond within thirty (30) days.

9. Cookies

Our website uses essential cookies only. These are strictly necessary for the website to function and cannot be switched off. They include:

  • Session cookies for basic website functionality
  • Security cookies for preventing cross-site request forgery

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in cross-site tracking or targeted advertising.

10. Children

The Service is intended for use by businesses and individuals aged eighteen (18) and over. We do not knowingly collect personal data from children under the age of eighteen (18). If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Provide at least thirty (30) days' notice of material changes via email to active clients.
  • Update the "Last updated" date at the top of this policy.
  • Post the updated policy on our website.

Continued use of the Service after the notice period constitutes acceptance of the updated policy.

12. Contact

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

DG Studios LLC
Email: daniel@greavescapital.co
Website: ctrlroom.ai