Effective Date: January 8, 2026

1. Introduction

Cura is an AI-powered operational platform designed for businesses to automate customer engagement, bookings, communications, and payments.

We respect your privacy and are committed to protecting personal data processed through the Cura platform. This Privacy Policy explains how Cura Group Co., Ltd. (“Cura”, “we”, “our”, or “us”) collects, uses, discloses, and protects personal data, as well as the rights available to individuals whose data is processed.

Information privacy is an ongoing responsibility. We may update this Privacy Policy from time to time as our services, technology, or legal requirements evolve. Material changes will be communicated appropriately.

Unless otherwise agreed in writing:

• Clients (businesses using the Cura platform) act as the data controllers for personal data relating to their customers or end-users.

• Cura acts as a data processor or service provider, processing such data solely to provide the Cura services.

2. Contacting Us About Data Protection

If you have questions, concerns, or requests regarding this Privacy Policy or the processing of personal data, please contact:

Cura Group Co., Ltd.
Address: 18/407, Khlong Ton Sai, Khlong San, Bangkok 10600, Thailand
Email: support@cura.so
Tel: +66 81-750-5473

3. How We Collect and Use Personal Information

Cura processes personal information relating to two primary groups:

• Clients (business owners or authorized users of the Cura platform)

• End-Users (customers or individuals interacting with Cura on behalf of a Client)

A. Information from Clients (Business Users)

Cura may collect the following information from Clients:

• Name, job title, and business name

• Work email address and phone number

• Account credentials and user preferences

• Billing and subscription information (processed via secure third-party payment providers)

• Operational content uploaded by the Client (e.g., service lists, FAQs, pricing, workflows, SOPs)

Purpose of use:
To create and manage accounts, provide platform functionality, deliver customer support, process payments, and improve service reliability.

B. Information from End-Users (Customers of Clients)

When End-Users interact with Cura through supported channels (such as messaging apps, web chat, SMS, or voice), Cura may process information on behalf of the Client, including:

1. Communication and Interaction Data

• Messages, chat logs, transcripts, and voice recordings

• Images, documents, or files voluntarily submitted during interactions

2. Identity and Contact Data

• Phone numbers, usernames, or profile names provided by the communication platform

• System-generated identifiers related to bookings or conversations

3. Booking and Transaction Data

• Appointment details, service selections, booking history

• Payment or deposit status (payments handled by third-party providers)

4. Sensitive Personal Data (Optional and Contextual)
Depending on the Client’s industry and use case, End-Users may voluntarily share information that could be considered sensitive personal data (e.g. age, personal circumstances, or service-related details). Cura does not require such data and processes it only as instructed by the Client.

C. How We Use This Information

Cura processes personal data solely to operate and improve its services, including to:

• Automate responses to inquiries

• Coordinate bookings and scheduling

• Send confirmations, reminders, and follow-ups

• Facilitate deposits or payments

• Maintain platform security, performance, and reliability

Cura does not sell personal data and does not use Client or End-User data to train open or generalized AI models.

D. Cura’s Role, Data Visibility, and Limitations

• Cura is an operational automation platform, not a professional service provider in any specific industry.

• Cura does not provide advice, recommendations, or decisions that require professional judgment.

• Cura processes End-User data only on behalf of and under the instruction of the Client.

• Access to personal data is restricted to authorized systems and personnel strictly for operational, support, security, and compliance purposes.

• Cura does not intentionally review End-User content unless required for system operation, troubleshooting, abuse prevention, or legal obligations.

Clients remain responsible for:

• Determining what data is collected from End-Users

• Ensuring appropriate notices and consents are provided

• Complying with applicable industry-specific regulations

4. Use of Third-Party Integrations

Cura integrates with third-party services to provide core functionality, such as:

• Messaging platforms (e.g. WhatsApp, LINE, social platforms)

• Calendar and scheduling tools (e.g. Google Calendar)

• Payment processors

• Voice and telephony providers

Data shared with these services is limited to what is necessary to deliver the requested functionality and is governed by the respective third party’s privacy policies.

Data obtained through third-party APIs is used solely to provide the relevant service features and is not used to train generalized AI models.

5. Data Protection Measures

Cura implements appropriate technical and organizational safeguards to protect personal data, including:

• Encryption: Data encrypted in transit and at rest using industry-standard practices

• Access Controls: Role-based and purpose-limited access to systems and data

• Data Minimization: Processing only data reasonably necessary to deliver services

• Logical Segregation: Client data is logically separated to prevent cross-access

• Security Monitoring: Measures to detect, prevent, and respond to misuse or unauthorized access

No system can be guaranteed to be 100% secure, but Cura takes reasonable steps to protect personal data from loss, misuse, or unauthorized access.

6. Sharing Information with Third Parties

Cura may share personal data with third parties only as necessary to operate the platform, including:

• Cloud infrastructure and hosting providers

• Messaging, voice, and communication platforms

• Payment processors

• Analytics and monitoring providers

These third parties are contractually restricted from using personal data for purposes beyond providing their services to Cura.

We may also disclose personal data where required to:

• Comply with legal or regulatory obligations

• Enforce our rights or agreements

• Protect the safety, rights, or property of users or others

7. Data Storage and Retention

Cura retains personal data for as long as necessary to provide services to the Client and for a reasonable period thereafter for operational continuity, dispute resolution, or legal compliance.

Upon verified request, personal data may be deleted or anonymized, subject to legal, contractual, or regulatory retention requirements.

8. International Data Transfers

Personal data may be processed and stored in countries outside your country of residence, including Thailand, Singapore, and the United States.

Where required, Cura applies appropriate safeguards to protect personal data during international transfers in accordance with applicable data protection laws.

9. Data Subject Rights

Depending on your jurisdiction, you may have rights including:

• The right to be informed

• The right to access your personal data

• The right to correct inaccurate data

• The right to request deletion

• The right to object to or restrict processing

Requests may be submitted to support@cura.so. We may need to verify identity before fulfilling requests.

10. Children’s Data

Cura’s services are not directed at children. We do not knowingly collect personal data from children without appropriate consent. If such data is identified, it will be deleted promptly.

11. Consent and Acceptance