Data controller
What data we process
- Account and contact data: name, email, phone number, company (if you provide them).
- Technical data: IP address, session identifiers, browser/device type, and security and performance logs.
- Messaging data (WhatsApp Business): phone number, WABA/Phone Number ID identifiers, metadata (date/time, sender/recipient, delivery/read status) and message content (text and, where applicable, attachments or links) which is stored as conversation history for support, continuity and operational auditing.
- Meta/Platform data: technical identifiers and tokens required to operate authorized integrations, configure webhooks and manage assets (for example, accounts/numbers/templates) when authorized by the client.
- TikTok data: when a client connects their TikTok account to our publishing system, we process: OAuth access tokens, user identifier (open ID), username, avatar, and metadata of published posts (status, date, content type). Media content (videos, photos) is transferred directly to TikTok through its API and is not permanently stored on our servers.
How we use your data
Operating services
Providing WhatsApp Business integration and support from our application.
Technical management
Configuring WABA assets, numbers, templates and authorized webhooks.
Customer support
Handling requests and resolving incidents.
Security
Fraud prevention and infrastructure protection.
Improvements
Error diagnosis and service maintenance.
Content publishing
Publishing content on social networks (TikTok, Meta) on the client's behalf, with prior OAuth authorization.
Compliance
Meeting applicable legal and contractual obligations.
Legal basis
Providers and transfers
Security, DNS, content delivery and traffic protection.
VPS/hosting infrastructure where applications and/or databases are hosted.
Publishing videos and photos to clients' TikTok accounts through the Content Posting API, with prior OAuth authorization from the account owner.
Some of these providers process data outside Honduras. We only select providers that offer adequate protection guarantees in line with recognized international standards.
Data retention
Default retention from the last message (configurable).
For diagnostics and system protection.
For as long as the business relationship exists.
Security
We implement reasonable administrative, technical and organizational measures to protect your data against unauthorized access, loss, alteration or disclosure. This includes encryption in transit (TLS), role-based access controls, audit logs and periodic security reviews.
Important: No system is 100% secure. If we detect a security breach affecting your data, we will notify you within the timeframes and requirements established by applicable law.
Your rights and how to exercise them
Access
Find out what data we hold.
Rectification
Correct inaccurate data.
Erasure
Request deletion of your data.
Restriction
Restrict processing.
Data deletion (User Data Deletion)
Data deletion request
If you want us to delete your personal data, you can use our formal request page or contact us directly at [email protected].
Changes to this policy
We may update this policy to reflect changes in our practices, legal requirements or service improvements. When we do, we will update the "last updated" date at the top of this document.
If the changes are material, we will inform you through our usual communication channels (email or in-platform notification) at least 15 days before they take effect. Continued use of our services after the effective date constitutes your acceptance of the updated policy.