Privacy Policy

This Privacy Policy explains how chatdivo ("we", "us", "our") collects, uses, stores, shares, and protects information when you use our website, dashboard, APIs, AI agent services, and integrations including WhatsApp Business messaging ("Services"). By using our Services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our Services.

We collect the following categories of information:

• Account information — name, email address, password (hashed), workspace details, and login credentials.
• Agent & knowledge data — content you upload or connect (URLs, documents, files), AI agent configurations, training data, and knowledge base content.
• Conversation data — messages exchanged between end users and your AI agents, including messages received and sent via WhatsApp Business API, web widget, and dashboard.
• WhatsApp integration data — phone numbers, WhatsApp Business Account IDs, access tokens, message delivery statuses, and webhook events received from Meta's WhatsApp Business Platform.
• Usage & analytics data — feature usage, interaction logs, conversation counts, token usage, and performance metrics.
• Technical data — IP address (hashed), browser type, device type, operating system, referrer URL, and country/city (approximate).
• Billing data — payment information is processed securely by our third-party payment processor (Stripe). We do not store full credit card numbers.

We use the information we collect for the following purposes:

• To operate, maintain, and deliver your AI agents and messaging services
• To process and deliver WhatsApp messages on your behalf via Meta's WhatsApp Business Platform
• To train and improve your AI agent's accuracy using your provided knowledge base
• To analyze usage patterns and improve service performance and reliability
• To send service-related communications, updates, and important alerts
• To detect, prevent, and address abuse, fraud, or security issues
• To comply with legal obligations and enforce our terms

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for processing personal data, we rely on the following:

• Contract performance — to provide you with the Services you signed up for
• Consent — where you have given explicit consent (e.g., connecting WhatsApp via Meta OAuth)
• Legitimate interest — to improve and secure our Services
• Legal obligation — to comply with applicable laws and regulations

You retain full ownership of all content you upload, connect, or create through chatdivo, including knowledge base content, agent configurations, and conversation data. We only use your content to operate and deliver the Services to you. We do not sell, rent, or trade your personal data or content to third parties for their marketing purposes.

When you connect your WhatsApp Business account through chatdivo, the following applies:

• We use Meta's official WhatsApp Business Platform APIs and OAuth-based Embedded Signup to securely connect your account. We request only the permissions necessary to operate the service (whatsapp_business_management and whatsapp_business_messaging).
• Access tokens received from Meta are stored encrypted and used solely for sending and receiving messages on your behalf. We do not share these tokens with third parties.
• Inbound and outbound WhatsApp messages are processed to deliver AI-powered responses and are stored as part of your conversation history within chatdivo.
• You may disconnect your WhatsApp account at any time from the chatdivo dashboard, which will immediately stop message processing. You may also request deletion of all associated data.
• Meta's own WhatsApp Privacy Policy and Terms of Service also apply to your use of the WhatsApp Business Platform.

chatdivo uses artificial intelligence (including large language models) to generate responses to end-user messages based on your knowledge base. AI processing is performed using third-party AI providers (such as OpenAI). Your data sent to AI providers is used solely to generate responses and is subject to the respective provider's data processing terms. We do not use your data to train third-party AI models. You may switch to human-only response mode at any time from your dashboard.

We share your data only with trusted third-party providers necessary to operate the Services:

• Infrastructure — cloud hosting and database providers
• AI providers — for generating AI-powered responses (e.g., OpenAI)
• Meta Platforms — for WhatsApp Business API messaging
• Payment processing — Stripe for billing and subscriptions
• Analytics — anonymized usage analytics to improve the service

We require all third-party providers to process data in accordance with our instructions and applicable data protection laws. We do not sell your personal data to any third party.

We use cookies and similar technologies for authentication sessions, preferences, and analytics. Essential cookies are required for the service to function. Analytics cookies help us understand usage patterns and improve the product. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect service functionality.

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/HTTPS), encrypted storage of sensitive credentials, hashed passwords, secure authentication with JWT tokens, and regular security reviews. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

We retain your data for as long as your account is active or as needed to provide the Services. Conversation data and WhatsApp messages are retained for the duration of your account unless you request earlier deletion. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal compliance (e.g., billing records may be retained for up to 7 years). Webhook logs and diagnostic data are automatically purged after 90 days.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of your personal data we hold
• Rectification — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data and account
• Data portability — request an export of your data in a machine-readable format
• Objection — object to processing based on legitimate interest
• Restriction — request restricted processing of your data
• Withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@chatdivo.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

You may request deletion of your data at any time by emailing privacy@chatdivo.com or by deleting your account from the dashboard settings. Upon deletion request, we will permanently remove your personal data, agent configurations, knowledge base content, conversation history, and WhatsApp integration data within 30 days. Some data may be retained in anonymized form for analytics, or as required by law (e.g., billing records).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt out of the sale or sharing of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

We do not sell or share personal information as defined by the CCPA/CPRA.

Your data may be processed and stored in countries outside your own, including the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms, to protect your data in accordance with applicable data protection laws.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@chatdivo.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through a prominent notice on our dashboard at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the Services after changes become effective constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: