Last updated: May 17, 2026 · Effective: May 17, 2026
XCelerate AK LLC — a company registered in the United States, operating as XCelerate AK from Accra, Ghana ("we", "us", or "our") — is the data controller responsible for your information and operates the XCelerate AI Concierge platform, which provides AI-powered customer service automation for businesses via Meta platforms including Instagram and WhatsApp. This Privacy Policy explains how we collect, use, disclose, and protect information when you interact with our services.
When you interact with a business using the XCelerate AI Concierge, we may collect:
We do not sell your personal information. We may share data with:
Our application integrates with Meta platforms (Instagram, WhatsApp) under Meta's Platform Terms and Developer Policies. Data received through Meta's APIs is used solely to provide the messaging service described in this policy. We do not use Meta user data for advertising purposes.
When a business connects its Google account to XCelerate AI Concierge, our application accesses Google user data through the Google APIs. We request only the access necessary to provide scheduling and lead-tracking features, and our access, use, storage, and sharing of Google user data complies with the Google API Services User Data Policy, including its Limited Use requirements.
Data we access. With the connecting business's explicit consent on the Google consent screen, we request the following OAuth scopes:
https://www.googleapis.com/auth/calendar) — to read calendar availability and to create, update, and cancel calendar events.https://www.googleapis.com/auth/drive.file) — to create the business's lead-tracking spreadsheet and append booking/lead rows to it. With this scope the app can only access the specific spreadsheet it creates.We do not request access to your Google profile, name, email address, contacts, Gmail, Drive, or any Google data beyond the two scopes above.
How we use it. Google Calendar and Google Sheets data is used solely to provide the features the business has enabled: checking real-time availability and creating or managing bookings on the business's behalf in response to its customers' messages, and recording leads in the business's spreadsheet. Calendar availability may be read by the business's AI assistant only to answer scheduling questions and perform these booking actions.
How we store it. We store the OAuth access and refresh tokens needed to perform these actions. Tokens are encrypted at rest (AES-256) and transmitted only over encrypted (TLS) connections. We do not copy or retain the contents of your Google Calendar or Google Sheets beyond what is necessary to complete a requested operation.
How we share it. We do not sell Google user data, do not use it for advertising, and do not use it to train generalized artificial-intelligence or machine-learning models. Google user data is not transferred to third parties except the limited infrastructure and AI service providers needed to operate the features above (under data-processing agreements), where required by law, or in a merger or acquisition with appropriate notice.
Retention and revocation. Tokens are retained only while the integration remains connected. A business may disconnect Google at any time from its dashboard or by contacting us, and may revoke our access directly at myaccount.google.com/permissions. On disconnection or account termination, the stored Google tokens are deleted.
Conversation data is retained for up to 90 days to allow businesses to review interaction history and resolve disputes. After this period, message content is deleted. Analytics aggregates (non-personally identifiable) may be retained longer.
Depending on your location, you may have rights to:
To exercise these rights, please contact us at [email protected].
You may request deletion of your data at any time. To submit a data deletion request, please visit: https://concierge.xcelerateak.com/api/meta-data-deletion or email us at [email protected].
We implement industry-standard security measures including encrypted connections (TLS), access controls, and regular security reviews to protect your data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
Our services are not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, please contact: