1. Who we are
Be Pelican S.A.S. BIC (Colombia), «the Operator», runs the Nido technology platform (Lab Tech El Nido), available at bepelican.online and its subdomains. Nido provides customer-service and sales operations to tourism businesses («Platform Clients») through AI agents supervised by humans.
This policy covers data processing performed by the Nido platform. Be Pelican's travel-agency business is additionally governed by the policies published on its own website.
2. Data we process
- Contact and profile data: public name or alias, messaging-platform user identifiers (Instagram, WhatsApp Business, email), phone number and email when the user shares them in the conversation.
- Conversation content: text messages, voice notes and images the user sends to a Platform Client's official channels.
- Commercial-intent data: information the user voluntarily shares to receive the service (destination of interest, tentative dates, number of travelers, departure city, occasion, budget).
- Technical metadata: message timestamps, originating channel and technical identifiers required to operate the messaging platforms' webhooks.
The platform does not request or store passwords, payment-card data or financial credentials in conversations.
3. Purposes
- Answering the user's questions about the catalog, availability, pricing and bookings of the Platform Client they contacted.
- Maintaining conversation continuity (history) and enabling human-agent takeover whenever the user requests it.
- Recording the commercial relationship in the Platform Client's CRM (only data the user shares explicitly).
- Producing aggregate quality and conversion metrics to improve the service.
- Complying with the Operator's legal obligations.
4. Automated processing (artificial intelligence)
First-line replies are generated by software agents using language models. These agents: (a) only use information from the Platform Client's databases; (b) record in the CRM only data the user states explicitly; and (c) can be replaced at any time by a human agent, which the user may request in the conversation itself. Decisions with legal or economic effect (confirming a booking, receiving a payment) always go through human verification by the Platform Client.
5. Processors and third parties
To operate, the platform relies on providers acting as data processors: Meta Platforms (Instagram and WhatsApp Business messaging), email providers, language-model providers, and compute/storage infrastructure. Each provider receives only what is necessary to deliver the service. We do not sell personal data or share it with third parties for advertising.
6. Retention
Data is kept while the conversation and the commercial relationship remain active and as long as necessary for the purposes described. Data from inactive conversations is deleted or anonymized following the Platform Client's retention policy and applicable law.
7. Your rights (Colombian Law 1581 of 2012)
You may at any time: access, update and rectify your data; request proof of authorization; be informed about how your data is used; file complaints with the Superintendencia de Industria y Comercio; and revoke authorization and request deletion of your data where no legal or contractual duty requires keeping it.
Rights channel: Management@bepelican.com. We answer within the legal terms (10 business days for inquiries, 15 for claims).
8. Data deletion
To request deletion of your data from the platform — including requests originated from Facebook or Instagram — follow the instructions at Data deletion.
9. Security
We apply reasonable technical and organizational measures: encryption in transit (TLS), signature verification of messaging webhooks, role-based access control with enforced strong authentication for administrators, per-client data isolation, and audit logging of administrative actions.
10. Changes
Any change to this policy will be published here with an updated version date. Substantial changes will be announced through official channels.