Privacy Policy

• MAGALVI SCM S.L.
• Tax ID: B93466050
• Address: Malaga, Spain
• Email: privacy@okviki.com
• Phone: +34 951 650 891
• Data Protection Officer (DPO): dpo@okviki.com

2.1. Data provided by the user

• Registration: name, email, phone, company name, Tax ID, sector, country
• Profile: position, profile photo, language preferences
• Business data: clients, invoices, projects, tasks, employees, products, suppliers
• Communications: VIKI chat messages, emails, WhatsApp conversations
• Diagnostic tools (X-Ray / PRECOG): business data voluntarily provided

2.2. Automatically collected data

• Technical data: IP address, browser type, operating system
• Usage data: pages visited, actions performed, time spent
• Cookies: as per our Cookie Policy

2.3. Third-party service data

• Google Workspace: Calendar, Drive and Gmail data as per granted permissions
• WhatsApp Business: messages managed through the integration
• Payment gateways: transaction data (we do not store card numbers)

4.1. User data may be processed by AI models to provide service features (PRECOG predictive analysis, conversational assistant, document classification, content generation, invoice OCR).

4.2. AI providers used:

• Google (Gemini): query processing, OCR, document analysis
• OpenAI (GPT): conversational assistant with action capabilities
• Anthropic (Claude): complex analysis and advanced reasoning
• Open-source models (Ollama/Qwen/Gemma): local processing without data leaving our servers

4.3. User data is NOT used to train AI models. AI providers are contractually bound not to use data processed through their APIs for training.

4.4. When local processing (Ollama) is used, data does not leave our servers.

When users connect their Google account to VIKI, we request access to:

• Google Calendar: read/write events for business agenda synchronization
• Google Drive: access to user-selected files
• Google Meet: meeting creation linked to calendar events

Access is optional and revocable at any time from settings or myaccount.google.com/permissions.

VIKI complies with the Google API Services User Data Policy, including Limited Use requirements.

International transfers are made with appropriate safeguards under the GDPR.

Under the GDPR, you may exercise the following rights:

• Access: obtain confirmation of whether we process your data
• Rectification: correct inaccurate data
• Erasure ("right to be forgotten"): request data deletion
• Restriction: request processing limitation
• Portability: receive your data in a structured format
• Objection: object to processing based on legitimate interest

To exercise your rights: privacy@okviki.com. We will respond within 30 days.

You may also file a complaint with the Spanish Data Protection Agency.

We implement appropriate technical and organizational security measures:

• Data encryption in transit (TLS 1.3) and at rest
• Per-tenant data isolation (multi-tenant with logical separation)
• Daily backups with 7-day retention
• Role-based access control
• Continuous monitoring and auditing
• Infrastructure hosted in the European Union (Spain)

The service is not directed at children under 16. We do not knowingly collect data from minors.

Any changes to this policy will be published on this page. For significant changes, we will notify users by email.

• Email: privacy@okviki.com
• DPO: dpo@okviki.com
• Phone: +34 951 650 891

Last updated: April 15, 2026