Messagio

AI Disclosure

Version 1.0 · Effective: 15 April 2026 · Last updated: 15 April 2026

At a glance: Messagio uses AI (our "Melina AI" / "Mariza AI" assistant) to help businesses respond to customer messages. End users are clearly informed when they are talking to an AI and can always request a human agent. We do not use your data or your end users' data to train AI models.

1. Who we are

Messagio is operated by Mariza Katsantoni, sole proprietor trading as BIGG AI. We are established in the European Union (Greece) and act as the provider of the Messagio platform.

2. Scope of this disclosure

This disclosure describes how we deploy and operate AI features in accordance with:

  • The EU AI Act (Regulation (EU) 2024/1689), in particular Article 50 on transparency obligations for providers and deployers of AI systems;
  • The GDPR (Regulation (EU) 2016/679), in particular Articles 13-14 (information), 22 (automated decision-making) and 32 (security);
  • The Council of Europe Framework Convention on Artificial Intelligence (CETS 225, 2024).

3. What the AI does

When our customer enables the AI feature:

  • The AI may suggest draft replies to a human agent, or automatically reply to end-user messages on live chat, Facebook Messenger, Instagram DM, WhatsApp, Telegram, Viber and email;
  • The AI may look up information from the customer's configured knowledge base (website content, documents, Q&A pairs) and, where connected, from e-commerce bridges (e.g. Magento) to provide order or product information;
  • The AI may classify the case (e.g. sales, support, complaint) and route the conversation.

The AI is a limited-risk AI system under the EU AI Act. It is not used for biometric categorisation, emotion recognition, social scoring, or any prohibited practice.

4. Transparency to end users (Article 50 AI Act)

  • Every AI reply is clearly identifiable as AI-generated. Our platform labels AI messages with an "🤖 AI assistant" indicator or equivalent wording in the relevant channel.
  • The first AI message in a new conversation includes a notice that the end user is interacting with an AI system and how to reach a human agent.
  • The end user can always request a human agent by typing phrases such as "human", "agent", "representative", etc., or by using the escalation option in the widget. When this happens, the conversation is escalated to the customer's human team and the AI stops auto-replying.
  • Customers of Messagio must not disable or circumvent these transparency features.

5. Data used for AI processing

When the AI feature is active, the following data may be sent to the AI provider for inference:

  • The current end-user message and relevant recent messages in the conversation;
  • Relevant excerpts from the customer's knowledge base (retrieved via semantic search);
  • Relevant order/product context retrieved from the customer's connected e-commerce bridge (only when the AI determines it is relevant);
  • A system prompt configured by the customer.

We do not send unrelated personal data and we minimise the context window to what is necessary for the reply.

6. AI providers (sub-processors)

Inference is performed by third-party AI providers chosen per tenant:

  • OpenAI, L.L.C. — when the customer chooses an OpenAI model;
  • Anthropic, PBC — when the customer chooses a Claude model.

Both providers are engaged under contractual terms that (i) prohibit the use of customer data to train their models, and (ii) implement appropriate transfer safeguards (SCCs / DPF). Full details are in our Sub-processors list.

7. No training on customer data

We do not use Customer Personal Data or end-user conversations to train our own or any third-party AI models. We call provider APIs configured for zero data retention / no-training where such options are offered.

8. Automated decision-making (Art. 22 GDPR)

Our AI does not make automated decisions that produce legal effects or similarly significantly affect end users (e.g. credit, employment, benefits). AI replies are informational and commercial in nature. Where a reply may influence a transaction (e.g. quoting a product or initiating an order), a human agent and/or the customer's e-commerce system remains in the loop for the final transaction.

9. Accuracy, limitations and human oversight

  • AI output can be inaccurate, incomplete, outdated or biased. Customers are responsible for reviewing AI suggestions before sending them where "suggest-only" mode is configured, and for monitoring auto-reply output in real time.
  • Customers can disable the AI at any time from the admin dashboard.
  • We provide tools (AI usage logs, conversation history) so customers can audit AI behaviour.
  • End users can always escalate to a human and can request correction or deletion of personal data.

10. Security

All communication with AI providers is over TLS. API keys are stored per-tenant in an encrypted database column and are never exposed in source code. Prompts and responses are logged for abuse prevention, debugging and billing reconciliation for up to 12 months.

11. Rights of end users

End users interacting with an AI-driven conversation retain all their GDPR rights, including the right to access, rectify, erase, restrict and object to the processing, and to lodge a complaint with a supervisory authority. For requests concerning end-user data of a specific business, the primary point of contact is that business (the Controller); we assist as the Processor. See our Privacy Policy and DPA.

12. Incident & serious-incident reporting

We monitor AI behaviour for safety incidents. Where the AI Act requires reporting of a serious incident, we will notify the relevant authority and cooperate with investigations. Customers must notify us at hello@bigg.gr of any serious incident related to the AI feature.

13. Changes

We will update this page whenever we change AI providers, models, or materially change how the AI is used. The "Last updated" date at the top reflects the latest version.

14. Contact

Questions about our AI: hello@bigg.gr