Privacy Policy

KLB Solutions FZCO (trading as "Worldie", "we", "us") provides an AI-powered concierge and guest-communication platform to hospitality and property operators worldwide (each a "Property"). We act as a Data Processor on behalf of each Property (the Data Controller) for guest data collected through our platform, and as the Data Controller for the account and operational data of Property operators.

Company & data protection contact:
KLB Solutions FZCO
Unit No. 21089-001, IFZA Business Park, DDP, Dubai, United Arab Emirates
Company registration: DSO-FZCO-19439
Email: adam@klb-solutions.com

When you interact with a Property via our platform (including WhatsApp, Instagram, Facebook Messenger, or the web widget), we may collect:

• Name (if provided)
• Phone number (WhatsApp/SMS channels)
• Email address (if provided or collected via form)
• Message content and conversation history
• Channel metadata (e.g. WhatsApp message IDs, Instagram account IDs)
• Device language preference
• Booking and service request details submitted through the concierge
• Consent records (opt-in timestamp, method)

We do notcollect payment card data, passport or government ID numbers, or sensitive personal categories (health, religion, etc.) unless a Property has explicitly enabled a specific intake flow — in which case the Property's own privacy notice governs that collection.

Data collected through the platform is used to:

• Provide concierge responses and route requests to Property staff
• Create and manage guest profiles on behalf of the Property
• Deliver service bookings, information requests, and escalations
• Enable multi-session memory so responses improve across interactions
• Aggregate anonymised analytics for Worldie platform improvement
• Detect and prevent abuse, fraud, and policy violations

We do not sell personal data. We do not use guest data to train AI models without explicit consent.

Where GDPR applies, we rely on:

• Consent — for WhatsApp Business messaging (opt-in required before concierge engages)
• Legitimate interests — for session continuity and fraud prevention
• Contract performance — where processing is necessary to fulfil a service request
• Legal obligation — where required by applicable law

Guest data is stored in a PostgreSQL database provisioned on Supabase (Supabase, Inc.). By default, databases are provisioned in the EU West region (eu-west-2). For EU and UK Properties, data does not leave the European Economic Area except where one of the third-party processors listed below applies (all covered by Standard Contractual Clauses).

Non-EU Properties may be provisioned in other regions (e.g. US East, Asia Pacific) — the Property's order form specifies the region at onboarding.

We engage the following sub-processors to deliver the service:

All processors operate under Data Processing Agreements and, where applicable, Standard Contractual Clauses (SCCs) approved under EU GDPR Chapter V. The current list of AI language model providers Worldie engages on a Property's behalf is available on request to adam@klb-solutions.com and is updated when Worldie changes vendors. Property administrators can also see the AI provider currently routing their concierge traffic in the Property settings.

By default, guest conversation data is retained for 2 years after the last interaction. Individual Properties may configure shorter retention windows in their platform settings. Anonymised aggregate analytics may be retained indefinitely.

Data is deleted within 30 days of a valid erasure request (see Section 9). Backup copies are purged within the next backup cycle (maximum 35 days).

Worldie uses the Meta WhatsApp Business API, Instagram Messaging API, and Facebook Messenger API. By messaging a Property via these channels:

• Your WhatsApp number, Instagram handle, or Messenger ID is shared with us by Meta
• Message content is processed to generate concierge responses
• All WhatsApp conversations require explicit opt-in before the AI concierge engages
• Message history is retained per the retention policy above

Meta's own privacy policy governs their collection and use of your data on their platforms: facebook.com/policy.

If you are in the EU, UK, or another jurisdiction with applicable data protection law, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request we restrict processing in certain circumstances
• Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any right, submit a request at /data-deletion or email adam@klb-solutions.com. We will respond within 30 days.

To request deletion of your data via WhatsApp, send the message "DELETE MY DATA" to any Property using Worldie. Our system will log your request and our team will process it within 30 days. Alternatively, use our online deletion request form.

The Worldie web widget uses a single session cookie to maintain conversation continuity. No third-party tracking cookies are set. No cross-site tracking is performed.

We implement industry-standard safeguards including: TLS 1.2+ in transit, AES-256 encryption at rest for API keys and sensitive config, webhook signature verification for all Meta channel events, and access control restricted to authenticated operators.

We may update this policy periodically. Material changes will be communicated via email to Property operators. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For any privacy enquiry or to exercise your rights:
adam@klb-solutions.com
KLB Solutions FZCO, Unit No. 21089-001, IFZA Business Park, DDP, Dubai, United Arab Emirates