Privacy Policy – ELIAs Automation Agency (Grupo Nacaes SAS)
1. Overview
ELIAs Automation Agency, a service operated by Grupo Nacaes SAS, provides automation workflows for businesses, primarily within the insurance industry. These workflows may be deployed in client-managed environments (self-hosted) or hosted infrastructure managed by ELIAs.
This Privacy Policy explains how data is handled within our automation services.
2. Nature of Our Service
ELIAs provides workflow automation using tools such as n8n. These workflows connect systems, process data, and execute tasks across multiple platforms.
We act as a data processor, not a data owner.
Clients are fully responsible for:
The data they choose to process
The legality of its use
Its accuracy and integrity
3. Information We Process
Our workflows may process data provided by the client, including but not limited to:
Personal data (names, emails, identification numbers)
Insurance-related data
Operational and transactional business data
We only process data that is explicitly integrated into the workflows configured by the client.
We do not collect data independently, nor do we enrich, resell, or reuse client data.
4. How We Use Information
Data is used strictly to execute automated workflows as defined by the client. This may include:
Data transfer between systems
Data transformation and validation
Triggering actions across platforms (e.g., CRM, messaging services, APIs)
We do not use data for:
Advertising
Analytics unrelated to the workflow
Profiling or secondary purposes
5. Data Storage and Hosting
Depending on the service model:
a) Self-hosted deployments
All data is processed and stored within infrastructure controlled by the client
ELIAs has no control over storage policies or data retention
b) ELIAs-hosted deployments
Data may be temporarily processed and, in some cases, stored (e.g., logs, execution history, backups)
Storage is limited to what is necessary for system operation and reliability
Important:
ELIAs does not act as a system of record
Primary data storage should always reside in client-owned systems or third-party platforms selected by the client
6. Data Sharing
We do not sell, share, or distribute client data to third parties.
Data may only be transmitted:
Between systems explicitly configured in the workflow
To third-party services selected and authorized by the client (e.g., APIs, CRMs, messaging platforms)
Outside of these client-defined automations, data is not accessed or transferred.
7. Data Integrity and Responsibility
The client is solely responsible for:
Data accuracy
Data integrity
Backup strategies at the source systems
While ELIAs may implement operational backups in hosted environments, we:
Do not guarantee data preservation
Do not assume responsibility for data loss originating from external systems or integrations
8. Third-Party Services
Our workflows frequently interact with external services via APIs.
These may include:
Communication platforms (e.g., messaging services)
CRM systems
Insurance platforms
Databases and cloud services
Each third-party service operates under its own privacy and data handling policies. ELIAs is not responsible for how these external services manage data once transmitted.
9. Security Measures
We implement reasonable technical measures to protect data during processing, including:
Secure API communication (HTTPS)
Credential handling within controlled environments
Access control to automation infrastructure
All workflows are executed within controlled environments using tools such as n8n. However, no system is completely risk-free, and clients must evaluate their own risk tolerance.
10. Compliance with Colombian Law
Grupo Nacaes SAS operates under Colombian regulations, including applicable data protection laws (Habeas Data).
Clients are responsible for ensuring that any personal data processed through our systems complies with:
Authorization requirements
Applicable legal frameworks
11. Contact
For any questions regarding this Privacy Policy or data handling practices:
Grupo Nacaes SAS
Email: software@nacaes.com