Legal

Legal information

Malmros Group ApS

VAT DK41504102

Stamholmen 175, 1. · 2650 Hvidovre · Denmark

hello@zimi.chat

How Zimi acts

Zimi acts as a technical messaging agent authorized by and on behalf of the provider. The provider owns the customer relationship and is solely responsible for customer communications, WhatsApp consent, and compliance with applicable local law.

Privacy policy

This policy explains what data Zimi processes when a provider uses zimi.chat to handle customer messages.

Data we collect

  • Identity data: basic information about the provider and, when a customer provides it, identity needed to recognize the conversation.
  • Contact data: channels that allow communication with the provider or customer, such as phone, WhatsApp, email, or web support when configured. Customer email address is collected only when voluntarily provided and when the relevant consent has been given.
  • Conversation data: messages, requests, replies, and context needed to handle enquiries, bookings, reminders, or follow-up.
  • Usage data: technical and operational information about service function, message delivery, security, errors, and product activity.

How we use data

  • To provide the service: route messages to the right provider, generate receptionist replies, show conversations in the dashboard, and allow direct human replies.
  • To manage the provider relationship: support, security, abuse prevention, audit, billing where relevant, and service improvement.
  • We do not sell personal data or use customer messages for third-party advertising.

Outbound messaging and consent

  • Zimi supports outbound messaging on WhatsApp and email when the provider has the correct customer consent. Utility consent may cover booking reminders and no-show follow-ups when obtained at booking or first contact.
  • Marketing consent is separate from utility consent and must be an explicit marketing opt-in. It covers Google review requests, dormant customer reactivation, and any future promotional or engagement messages.
  • Marketing messages on WhatsApp are sent as pre-approved Meta Marketing Message Templates. Marketing emails always include an unsubscribe option.
  • Consent can be withdrawn at any time and will be respected immediately.
  • Zimi acts on the provider's instruction. The provider is responsible for having obtained the correct consent level before triggering each message type.

Retention

  • We keep account and configuration data while the provider account is active and as long as needed for support, security, or legal obligations.
  • Conversations are kept while needed to provide the service to the provider. As an operational rule, they are reviewed for deletion or anonymization after 24 months of inactivity, unless the provider requests deletion earlier or a legal obligation requires retention.
  • Technical logs and security records are normally kept for up to 12 months, unless incidents, audits, or legal requirements justify a longer period.
  • Data needed for billing, contracts, or legal compliance may be kept for up to 6 years where required by law.

Sub-processors and third parties

  • Twilio processes messages and metadata needed to send and receive WhatsApp.
  • Anthropic/Claude API processes the content needed to generate or validate receptionist replies.
  • Supabase hosts Zimi database, authentication, and operational storage.
  • We may also use technical providers such as Vercel or Stripe when needed for hosting, payments, or service operations.

Rights

  • Providers can request access, correction, export, or deletion of their data by writing to hello@zimi.chat.
  • End customers should contact the provider responsible for the communication first. Zimi will help the provider answer privacy requests where appropriate.
  • You may also withdraw consent or object to processing where the law allows.

© 2026 Zimi · Malmros Group ApS · VAT DK41504102

Legal