Mitsolab Mitsolab
  • Products
    Portal — Inbox & CRM AI Agents & Dispatchers
  • Pricing
  • Integrations
  • FAQs
  • Contact Us

Dashboard

Team Portal

MitsolabMitsolab
Portal AI Agents Pricing Integrations FAQs Contact Us Team Portal
Last updated: July 6, 2026

Privacy Policy

This Privacy Policy explains how Mitsolab ("Mitsolab," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use Portal (our shared inbox and CRM), AI Agents and Dispatchers, and the Mitsolab Dashboard, available at mitsolab.com, app.mitsolab.com, portal.mitsolab.com, and api.mitsolab.com (together, the "Services"). It applies to workspace administrators and team members who create Mitsolab accounts ("Customers" or "you"), and, where noted, to the end customers who message a business through channels Mitsolab powers ("End Users").

Scope & roles Information we collect Messaging channels & Meta Platforms AI Agents & automated processing How we use information How we share information Third-party integrations you connect Cookies & tracking Data retention Security International transfers & hosting Your rights & choices Children's privacy Changes to this policy Contact us

1. Scope & roles

Mitsolab is a B2B software provider. Businesses ("Customers") sign up for a workspace to run Portal (shared inbox and CRM) and to configure AI Dispatchers and AI Agents that communicate with the Customer's own end customers ("End Users") over channels the Customer connects, such as WhatsApp, Instagram, Messenger, live chat widgets, email, and SMS.

For data Customers submit about their End Users (contact details, messages, order details, notes), Mitsolab generally acts as a data processor / service provider on the Customer's behalf, and the Customer is the data controller responsible for its own end customers under applicable law. For account, billing, and usage data about the Customer's own workspace and team members, Mitsolab acts as a data controller. Where a separate Data Processing Addendum ("DPA") has been executed with a Customer, that DPA governs in the event of a conflict with this section.

2. Information we collect

2.1 Account & workspace data

  • Name, email address, and password (hashed) when you register for a workspace on the Dashboard (app.mitsolab.com) or Portal (portal.mitsolab.com).
  • Workspace and team information: workspace name, invited team members, roles and permissions (e.g., admin, order access, human-agent access), shift and on-break status for support staff.
  • Billing details processed through our payment processor (see Section 6).

2.2 End User & contact data (submitted by Customers)

When a Customer's end customer messages them through a connected channel, or a Customer imports or creates a CRM record, the following may be collected and stored in the Customer's workspace:

  • Contact identifiers: name, phone number, email, social profile handle/ID (e.g. Instagram or Facebook profile identifiers), and channel/source (WhatsApp, Instagram, Messenger, web widget, email, SMS).
  • Conversation content: messages, attachments, and files exchanged between the End User, the AI Agent/Dispatcher, and human support staff.
  • CRM records: pipeline stage, notes, tasks, order details, and other fields a Customer chooses to record about their contact.
  • Support metadata: conversation subject, summary, country/locale, assigned agent, and handoff/activity logs.

2.3 Usage & device data

  • Log data such as IP address, browser type, device identifiers, pages viewed, and timestamps when you use the Dashboard, Portal, or a Mitsolab-hosted chat widget.
  • Product analytics we use to understand feature usage, message volume, and performance across the Services.

2.4 Information from third-party integrations

If a Customer connects a third-party account (see Section 7), we receive limited data from that provider — such as an access token, page/business identifiers, and the fields required to operate the integration (e.g., a HubSpot contact ID after we create a lead, or a Stripe usage count after an action runs).

3. Messaging channels & Meta Platforms

Portal and AI Agents can connect to Meta Platforms, Inc. products, including WhatsApp Business, Instagram, and Facebook Messenger, through Meta's Graph API and Business Login. When a Customer connects one of these channels:

  • Mitsolab requests only the permissions required to operate the integration the Customer enables — for example, pages_show_list, pages_read_engagement, pages_manage_metadata, instagram_basic, instagram_manage_messages, and business_management — to list connected Pages, subscribe to message webhooks, and send/receive messages on the Customer's behalf.
  • We receive and process message content, sender identifiers (such as a Page-scoped ID or Instagram-scoped ID), and Page/Business metadata solely to deliver the messaging, inbox, CRM, and AI Agent features the Customer has configured.
  • Data obtained through Meta's APIs is used in accordance with Meta's Platform Terms and Developer Policies. We do not sell this data, and we do not use it for purposes unrelated to providing the Services (such as unrelated advertising).
  • A Customer or End User can revoke Mitsolab's access to a connected Meta account or Page at any time from their Meta Business Settings, or by asking Mitsolab to disconnect the channel from the workspace.
  • We retain data received via Meta Platforms only as long as needed to provide the Services or as required by Section 9, and delete it on Customer request or account closure, subject to the retention terms below.

Similar principles apply to other channel integrations (SMS, email, and web chat widgets), each of which is governed by that channel provider's own terms in addition to this Policy.

4. AI Agents & automated processing

AI Dispatchers and AI Agents use a large language model to read conversation content and generate responses, route conversations, or trigger connected actions (for example, creating a CRM lead or a Stripe charge). To provide this functionality:

  • Message content, relevant contact/CRM fields, and Customer-provided knowledge-base content are sent to our AI model subprocessor (OpenAI) to generate a response or decide on an action.
  • Knowledge-base documents a Customer uploads are converted into vector embeddings — using OpenAI and Voyage AI — so AI Agents can search and reference that content when answering End Users.
  • We do not permit our AI subprocessors to use Customer or End User data to train their foundation models, consistent with those subprocessors' business/API terms.
  • AI Agents can be configured to hand off to a human teammate; when this happens, full conversation context is shared with the assigned human agent inside Portal.
  • Customers are responsible for ensuring their own use of AI Agents (including the instructions, knowledge base, and connected actions they configure) complies with applicable law and with any disclosures owed to their End Users.

5. How we use information

  • To provide, operate, and maintain Portal, AI Agents/Dispatchers, and the Dashboard, including routing conversations, generating AI responses, and syncing CRM records.
  • To authenticate accounts, manage workspaces, and enforce seat, plan, and usage limits.
  • To process payments, calculate usage-based charges, and manage subscriptions.
  • To monitor, secure, and improve the Services, including diagnosing technical issues and preventing abuse, spam, and fraudulent use.
  • To communicate with Customers about their account, service changes, security notices, and — where permitted — product updates.
  • To comply with legal obligations and enforce our Terms of Service.

6. How we share information

We do not sell personal information. We share information only as follows:

RecipientPurpose
Cloud hosting & database (Supabase, and underlying cloud infrastructure)Hosting the application, database, authentication, and file/document storage
AI model providers (OpenAI, Voyage AI)Generating AI Agent/Dispatcher responses, processing connected actions, and powering knowledge-base search
Paddle (our billing partner)Processing Mitsolab subscription payments, invoicing, and tax handling for workspace plans and add-ons
Meta Platforms (WhatsApp, Instagram, Messenger)Sending/receiving messages on channels the Customer connects
Integrations the Customer enables (e.g., HubSpot, Stripe, Slack, Notion, Google/Gmail, Zoho, Make)Executing the specific workflow the Customer configures
Professional advisors, auditors, and successorsLegal, accounting, or compliance purposes, or in connection with a merger, acquisition, or asset sale
Law enforcement or regulatorsWhere required by law, court order, or to protect rights, safety, and property

Within a Customer's own workspace, contact and conversation data is visible to the Customer's authorized team members according to the roles and permissions the Customer assigns.

7. Third-party integrations you connect

The Dashboard lets Customers optionally connect their own third-party accounts, including Stripe (via a Customer-supplied restricted secret API key, used to authorize specific payment actions the Customer enables — such as generating a payment link), HubSpot and Zoho (via OAuth, to create or sync CRM leads/contacts), and channel or productivity tools such as Gmail, Google Calendar, Slack, Notion, and Make. Each connection is initiated and authorized by the Customer, uses only the scopes/permissions necessary for the feature enabled, and can be disconnected by the Customer at any time from the Dashboard. Where a Customer stores a third-party credential (such as a Stripe key) with us, it is encrypted at rest and used only to execute the actions the Customer has explicitly enabled; the Customer remains responsible for that third-party account and its own compliance obligations. Use of these third-party services is also governed by each provider's own terms and privacy policy.

8. Cookies & tracking

Our marketing site, Dashboard, and Portal use cookies and similar technologies (such as local storage) to keep you signed in, remember preferences, secure the Services against fraud, and understand aggregate usage of the site. You can control cookies through your browser settings; disabling cookies may affect your ability to sign in or use certain features.

9. Data retention

We retain workspace, contact, and conversation data for as long as the Customer's account is active, plus a reasonable period afterward to allow account recovery, fulfill legal obligations, resolve disputes, and enforce agreements. Customers can request deletion of their workspace data by contacting us at privacy@mitsolab.com; we will delete or anonymize data within a reasonable time, except where retention is required by law or for legitimate business purposes such as fraud prevention and financial recordkeeping.

10. Security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction, including encryption in transit, database-level row security scoping data to each workspace, and access controls limiting internal access to what is needed to operate the Services. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. International transfers & hosting

Mitsolab is based in Jordan, and our infrastructure providers may process and store data in other countries, including the United States and the European Economic Area. Where we transfer personal data internationally, we rely on appropriate safeguards (such as our providers' standard contractual clauses or equivalent mechanisms) required under applicable data protection law.

12. Your rights & choices

Depending on your location and role, you may have the right to request access to, correction of, deletion of, or a copy of personal information we hold about you, and to object to or restrict certain processing. If you are an End User messaging a Mitsolab Customer, please direct data requests to that business first, since they control their own customer records; if you are unable to reach them, contact us at privacy@mitsolab.com and we will assist or route your request. Customers can access, export, or delete most workspace data directly from the Dashboard or Portal, or by contacting support.

13. Children's privacy

The Services are intended for business use by adults and are not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify Customers by email or through a notice within the Dashboard or Portal before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact us

Questions about this Privacy Policy or our data practices can be sent to privacy@mitsolab.com or sales@mitsolab.com. Mitsolab is based in Jordan.

Products
  • Portal
  • AI Agents
  • Pricing
  • Integrations
Company
  • FAQs
  • Contact Us
  • Enterprise
  • Privacy Policy
  • Terms of Service
Contact Detail
sales@mitsolab.com
Mitsolab

© 2026 Mitsolab. All rights reserved.