Last updated: May 18, 2026 · Effective immediately for all visitors and customers.
This site is operated by Athena Management ("we", "us", "our"), trading as Web by Lods.AI, headquartered in Bacolod, Negros Occidental, Philippines. We build and host per-business websites for Filipino small businesses — dental clinics, dermatology / aesthetics clinics, veterinary clinics, and similar service businesses. This page explains what data we collect, why we collect it, how we store it, and how you can request that we delete it.
Lods.AI Web operates under the parent brand Lods.AI. Where this policy refers to "the Service" it covers web.lods.ai, every per-business demo site we host (e.g. web.lods.ai/your-clinic/), and the Web by Lods.AI Facebook Page (Page ID 1033246809883226) and any AI chatbot we operate through Facebook Messenger.
1. What data we collect
1a. Visitors to a demo site (web.lods.ai/{slug}/)
Form submissions — when you use the booking form, quote estimator, or chatbot on a demo site, we collect what you typed: name (optional), phone number, email (optional), the service you asked about, photos you uploaded, and any free-text concern.
Page-view beacons — anonymous counters for page visits, button clicks, and section views. No cookies, no third-party tracking.
IP address — used only for short-window rate-limiting on form submissions to prevent spam. Not retained beyond 24 hours.
1b. Customers (businesses who paid us to build their site)
Business info you provided — biz name, address, phone, email, FB Page link, hours, photos, service list, pricing list.
Billing data — GCash reference numbers, payment dates, amounts. We do not store credit card numbers; GCash handles payment confirmation directly.
Public data we scraped — Google Business Profile reviews, Facebook Page posts and photos, all from publicly accessible URLs and used only to draft your website.
1c. Facebook Messenger conversations
If you message our Facebook Page (Web by Lods.AI), we receive:
Your Page-Scoped ID (PSID) — a numeric identifier Facebook assigns. We never see your actual Facebook account ID.
Your public profile name — first name + last name + profile photo URL, fetched once from Facebook Graph API to label inbound conversations in our operator inbox.
Message content — anything you typed in chat with our Page.
We do not receive your email address, phone number, friend list, or any other Facebook profile data unless you explicitly type it in a message to us.
1d. Lead-scouting data (for prospects we discover but don't yet contact)
To build personalized demo sites for businesses we'd like to pitch, we collect publicly-listed information from Google Business Profile and Facebook Pages: business name, address, phone number, public photos, public reviews, and category. This data is treated as "leads" until the business opts in or out:
If you tell us you want a website → we onboard you as a customer.
If you tell us to remove your data → we delete every record within 7 days (see Section 6).
2. How we use this data
To build, host, and operate your website (for paying customers)
To respond to your form submissions, chatbot questions, and Messenger conversations
To send confirmations and follow-ups via SMS or email (only for explicit requests like booking confirmations or review prompts)
To produce weekly + monthly analytics reports for paying customers
To improve our service via aggregated, anonymized usage stats (e.g. "X% of dental-clinic site visitors use the chatbot")
For lead-scouting prospects: to draft a free demo and reach out one time via SMS or Messenger. If you do not respond after two attempts, we stop.
We never:
Sell your data to third parties
Run ad-tracking pixels on your demo site without your explicit go-ahead
Share your customer list with other Lods.AI Web customers
Use your data to train external AI models
3. Where we store data
Application server: Fly.io (Singapore region) — runs the website backend
Database: Supabase (Tokyo region) — stores customer records and chat history
Files: Fly.io persistent volume (Singapore) — stores photos and form uploads
AI processing: Anthropic Claude API — message content is sent to the model for reply generation. Per Anthropic's commercial terms, customer content is not used to train Anthropic's models. Anthropic retains content for up to 30 days for trust & safety review and may retain longer if required by law.
4. Third-party services we integrate with
Facebook / Meta — Messenger API for chatbot replies; Page API for posting content. Subject to Meta's Privacy Policy and Developer Terms.
Google Business Profile — read-only scrape of publicly listed business info. Subject to Google's Privacy Policy.
Apify — scraping tool that pulls public FB Page posts on our behalf. Subject to Apify's Privacy Policy.
GCash — payment processor. We see only the reference number and amount, never your full GCash account details.
Anthropic — Claude AI for chatbot replies and content drafting.
5. How long we keep data
Customer business data: as long as you are an active customer + 12 months after cancellation (for billing reconciliation), then permanently deleted.
Form submissions on demo sites: 24 months from submission, then permanently deleted.
Messenger conversation history: 24 hours of in-memory conversation context per visitor (auto-evicted); inbound message log retained 12 months for operator review.
Lead-scouting prospect data: 6 months from last contact attempt; deleted if no response and we've stopped trying.
IP addresses: 24 hours (rate-limiting window only).
6. How to request data deletion
You have the right under the Philippines Data Privacy Act (RA 10173) and Meta's platform requirements to request:
Access to what we have about you
Correction of any inaccuracy
Deletion of your records
Withdrawal of consent for ongoing processing
To make a request, email privacy@lods.ai with:
Your name + business name (for customers/leads)
Your Facebook profile link or PSID (for Messenger-only contacts)
The phone number you submitted (for form-only contacts)
What you'd like us to do (access / correct / delete)
We will respond within 7 business days and complete deletion within 30 days at the latest (typically same-day for straightforward requests).
You can also message our Facebook Page directly with the word "DELETE" — our bot routes deletion requests to the operator immediately and confirms once complete.
7. Children's data
Our service is intended for business owners (18+). We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, email privacy@lods.ai and we'll delete it.
8. Security
All connections to web.lods.ai use HTTPS (TLS 1.3).
Database access uses scoped service keys, never shared with humans.
Passwords are scrypt-hashed (never stored in plain text).
Operator sessions use HTTP-only cookies with 30-day TTL.
Webhook payloads from Facebook are HMAC-SHA256 verified to prevent spoofing.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours.
9. Changes to this policy
We may update this policy as the service evolves. Material changes will be announced on this page and (for customers) emailed at least 14 days before they take effect. Continued use of the service after an update means acceptance of the new terms.
10. Contact
Web by Lods.AI (a Lods.AI service)
Privacy contact: privacy@lods.ai
General contact: hello@lods.ai
Facebook: Web by Lods.AI
11. Data Deletion (per Meta Platform requirement)
If you used our Facebook chatbot and want all your Messenger data deleted, message our Page with the word "DELETE" or email privacy@lods.ai with your name. Within 7 business days we will:
Remove your PSID and name from our operator inbox
Delete the full conversation history
Confirm deletion via the same channel you requested it
This page also serves as our Data Deletion Instructions URL for the Meta app review process.