Privacy Policy

Effective date: March 21, 2026  ·  Last updated: March 21, 2026

1. Who We Are

BizBotify ("we", "our", "us") is a WhatsApp Business communication platform operated at bizbotify.com. We help businesses manage WhatsApp conversations, automate responses, run broadcast campaigns, and analyse customer engagement.

For privacy matters, contact us at: privacy@bizbotify.com

2. Information We Collect

2.1 Information you provide to us

  • Account registration details: full name, email address, phone number, organisation name
  • Authentication credentials (passwords stored as salted bcrypt hashes — we never store plaintext passwords)
  • WhatsApp Business account details: phone number ID, business display name, access tokens
  • Message templates, campaign content, canned responses, and chatbot flow configurations you create
  • Billing and payment information (processed by our payment provider — we do not store full card numbers)

2.2 Information received from WhatsApp / Meta

  • Inbound WhatsApp messages sent to your business number, including message content, media, and sender phone numbers
  • Message delivery and read status updates (delivered, read, failed)
  • Contact display names shared by Meta's API when available
  • Webhook events from the Meta WhatsApp Business Platform

2.3 Information collected automatically

  • Authentication tokens and session identifiers (stored in HTTP-only cookies)
  • API request logs: timestamps, endpoint paths, HTTP status codes, and response times — without message content
  • Error logs for debugging — stripped of personally identifiable content before logging

2.4 Information from Google Sign-In (if used)

  • Name, email address, and profile photo URL from your Google account
  • We do not receive your Google password or access to your Gmail, Drive, or other Google services

3. How We Use Your Information

  • To provide, operate, and improve the BizBotify platform
  • To authenticate you and keep your account secure
  • To send and receive WhatsApp messages on your behalf via the Meta WhatsApp Business API
  • To process and deliver broadcast campaigns you initiate
  • To power chatbot automation flows you configure
  • To generate analytics and conversation reports for your organisation
  • To send transactional notifications: account verification, password resets, trial expiry reminders
  • To detect, investigate, and prevent fraud, abuse, or violations of our Terms of Service
  • To comply with legal obligations

We do not use the content of WhatsApp messages for advertising, profiling, or training machine learning models without your explicit written consent.

4. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

4.1 Meta Platforms (WhatsApp)

To deliver WhatsApp messages, we transmit message content, recipient phone numbers, and media to the Meta WhatsApp Business API. This is governed by Meta's WhatsApp Business Policy and Meta's Privacy Policy.

4.2 Service providers

We use trusted third-party services strictly to operate the platform:

  • DigitalOcean — cloud infrastructure and database hosting
  • Resend — transactional email delivery (account verification, password resets)
  • Payment processors — for subscription billing

All processors are bound by data processing agreements and may not use your data for their own purposes.

4.3 Legal requirements

We may disclose information if required by law, court order, or to protect the rights, property, or safety of BizBotify, our users, or the public.

5. Data Retention

  • Account data is retained for as long as your account is active
  • WhatsApp message history is retained for up to 12 months by default, after which it is automatically deleted
  • When you delete your account, your personal data is permanently deleted within 30 days, except where retention is required by law
  • Anonymised, aggregated analytics data (no personal identifiers) may be retained indefinitely

6. Data Security

  • All data is encrypted in transit using TLS 1.2 or higher
  • Sensitive fields (WhatsApp access tokens) are encrypted at rest using AES-256
  • Passwords are hashed using bcrypt with a cost factor of 12
  • Database access is isolated per organisation using PostgreSQL Row Level Security (RLS)
  • Access to production systems is restricted to authorised personnel only

No method of transmission or storage is 100% secure. In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware, in accordance with applicable law.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Restriction — ask us to limit how we process your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email privacy@bizbotify.com. We will respond within 30 days.

8. WhatsApp End-User Data

BizBotify processes WhatsApp messages on behalf of our business customers (data controllers). If you are a consumer who sent a message to a business using BizBotify, your data is processed under the direction of that business. To request access, correction, or deletion of your WhatsApp messages, contact the business directly.

We comply with Meta's requirements for handling end-user data as a Meta Business Tools service provider.

9. Cookies

We use only essential cookies required to operate the service:

  • Session cookie — HTTP-only, used to maintain your authenticated session. Expires when you sign out or after 7 days of inactivity.
  • CSRF token — prevents cross-site request forgery attacks

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. International Data Transfers

Our servers are located in India (DigitalOcean BLR1 — Bangalore). If you access BizBotify from outside India, your data is transferred to and processed in India. We apply appropriate safeguards for cross-border transfers where required by applicable law.

11. Children's Privacy

BizBotify is a business platform not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected such data, contact us immediately at privacy@bizbotify.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice in the platform at least 14 days before the changes take effect. Continued use of BizBotify after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions or requests:

BizBotify (bizbotify.com)

Email: privacy@bizbotify.com

Website: https://bizbotify.com