muginlabs.
How it worksFeaturesContactES

Privacy and Personal Data Processing Policy

Last updated: July 7, 2026 · Effective since: July 7, 2026

This is an English translation provided for convenience. In case of any discrepancy, the Spanish version prevails, as Muginlabs is operated under Colombian law.

1. Who we are

Muginlabs is a conversational AI platform for businesses, operated by:

  • Legal entity: BLACOFI S.A.S.
  • Tax ID (NIT): 902081282-9
  • Registered address: Pereira, Risaralda, Colombia
  • Contact email: contact@blacofi.com
  • Website: https://muginlabs.com

BLACOFI S.A.S. (hereinafter, “Muginlabs”, “we”) is the data controller for the personal data described in this policy, under Colombian Law 1581 of 2012, Decree 1377 of 2013 and any rules that complement or amend them.

2. Scope: who this policy applies to and our roles

Muginlabs provides services to businesses (our customers), which use our platform to deploy artificial intelligence agents that handle conversations with their own customers or users, mainly through WhatsApp. For that reason, we process personal data in two distinct roles:

a) As data controller, regarding data of our business customers and of the individuals who represent them or use the platform on their behalf (account registration, contact, billing, service usage).

b) As data processor, regarding data of end users: the people who chat with our customers’ agents. That data belongs to the business customer, which acts as controller; Muginlabs processes it on behalf of and under the instructions of that business. If you are an end user and wish to exercise rights over your conversations, you may contact us and/or reach out directly to the business you chatted with.

3. Personal data we process

From business customers and their representatives (as controller):

  • Identification and contact data: name, email address, phone, company, role.
  • Account data: access credentials, platform configuration and business context settings.
  • WhatsApp Business assets: WhatsApp Business Account (WABA) identifiers, phone numbers, message templates and associated metadata.
  • Billing and service transaction data.
  • Technical and usage data (activity logs, IP address, device or browser type).

From end users (as processor, on behalf of the customer):

  • WhatsApp phone number and profile name.
  • Content of the conversations held with the customer’s agents (text messages and, where applicable, media files).
  • Messaging metadata (dates, delivery and read statuses).

4. Purposes and authorization of processing

We process personal data to:

  1. Provide the contracted service: operating AI conversational agents that handle, answer and follow up on conversations.
  2. Manage the business context configured by the customer (products, tone, service rules).
  3. Generate metrics, reports and insights derived from conversations for the customer itself.
  4. Manage the business relationship: support, billing, service communications.
  5. Comply with legal, accounting and regulatory obligations.
  6. Improve the quality, security and stability of the platform.

Authorization for processing is obtained when you create an account, contract the service, accept this policy, or provide your data through our contact channels. For end users, obtaining any required authorization is the responsibility of the business customer, as controller of that data.

We do not sell personal data to third parties. We do not use the content of end users’ conversations for our own or third-party advertising purposes.

5. Processing with artificial intelligence

Muginlabs uses artificial intelligence models from specialized providers (such as Anthropic or OpenAI), acting as sub-processors, to generate the agents’ automated replies. Conversation content is processed with these providers exclusively to provide the service. We do not use end users’ conversations to train our own AI models, and we contract with providers whose enterprise terms of service exclude the use of this data to train their models.

6. WhatsApp and Meta

The service runs on Meta’s WhatsApp Business Platform (Cloud API). This means messages and their metadata are transmitted and processed through the infrastructure of Meta Platforms, Inc. and its affiliates, under their own terms and policies, which we recommend reviewing:

  • WhatsApp Privacy Policy: whatsapp.com/legal/privacy-policy
  • WhatsApp Business Terms: whatsapp.com/legal/business-terms

Muginlabs acts as an authorized technology provider for the management of its customers’ WhatsApp Business accounts, subject to the customer’s express authorization during onboarding (Embedded Signup).

7. Processors, sub-processors and third-party providers

To provide the service we rely on providers that process data on our behalf, including: cloud infrastructure providers (such as Amazon Web Services and Supabase), Meta Platforms (WhatsApp messaging), AI model providers (such as Anthropic or OpenAI) and email/productivity tools (Google Workspace). We select all of them under criteria that include contractual guarantees and adequate security standards.

8. International data transfers

Our providers may store and process data on servers located outside Colombia (mainly in the United States). These international transfers and transmissions are made to providers that offer adequate protection standards and contractual guarantees in accordance with applicable Colombian regulations.

9. Data subjects’ rights (habeas data)

Under Law 1581 of 2012 and Decree 1377 of 2013, every data subject has the right to:

  • Know, update and rectify their personal data.
  • Request proof of the authorization granted for processing.
  • Be informed about how their data has been used.
  • Submit inquiries and complaints, and revoke authorization or request deletion of data where applicable.
  • Access their personal data free of charge.

How to exercise them: write to contact@blacofi.com stating your name, the right you wish to exercise and contact details for our reply. We will answer inquiries within a maximum of ten (10) business days and complaints within a maximum of fifteen (15) business days, as required by law.

If you believe we have not handled your request adequately, you may contact the Superintendence of Industry and Commerce (SIC), Colombia’s data protection authority: www.sic.gov.co

Note for end users: if your request concerns conversations held with a business customer’s agent, we will handle it in coordination with that business, which is the controller of that data, or we will guide you to submit it directly to them.

10. Data deletion

You may request the deletion of your personal data at any time:

  1. Business customers: request deletion of your account and its data by writing to contact@blacofi.com from your registered email address, with the subject “Data deletion”. We will delete the account data, its configuration and the associated conversations within thirty (30) days of verifying the request, except for data we must retain due to legal obligations (for example, billing information).
  2. End users: you may request deletion of your conversations by writing to contact@blacofi.com or directly to the business you chatted with. We will manage the deletion in coordination with that business within the same timeframe.

This section constitutes the data deletion instructions required by Meta Platforms for applications operating on its technologies.

11. Information security

We apply reasonable technical, administrative and organizational measures to protect personal data, including: encryption of data in transit, role-based access control, hardened authentication on critical systems, per-customer data isolation (multi-tenant architecture) and activity logging. No system is infallible; in the event of a security incident affecting personal data, we will manage and notify it in accordance with applicable regulations.

12. Data retention

We retain personal data for as long as a contractual relationship with the customer exists and for the periods required by Colombian legal, accounting and tax rules. End users’ conversations are retained according to the configuration and instructions of the responsible business customer. Once these periods expire, data is securely deleted or anonymized.

13. Cookies and website analytics

This website may use cookies and analytics tools (such as Google Analytics) to measure site usage in aggregate. You can configure your browser to reject cookies; the site will keep working.

14. Minors

The platform is intended for businesses and adults. We do not knowingly collect data from anyone under 18. If you become aware that a minor has provided us personal data, write to us so we can delete it.

15. Changes to this policy

We may update this policy to reflect regulatory or service changes. We will publish the current version on this page, indicating the date of the last update. Substantial changes will be communicated to customers through their registered contact channels.

16. Contact

For any questions about this policy or the processing of your data:

  • Email: contact@blacofi.com · consultas en español: contacto@blacofi.com
  • WhatsApp: +57 311 410 5282
  • Controller: BLACOFI S.A.S. (NIT 902081282-9), Pereira, Risaralda, Colombia
© 2026 muginlabs · A BLACOFI S.A.S. platform · Tax ID (NIT) 902081282-9 · Pereira, ColombiaPrivacy Policy