Privacy Policy

• To authenticate you and your team members
• To relay WhatsApp messages between Meta's Cloud API and your inbox
• To run automations, broadcasts, and drip campaigns you configure
• To generate analytics dashboards visible only to your account
• To send transactional notifications (assignment alerts, SLA breach warnings)
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations and Meta's Platform Policies

We do not sell your data or your contacts' data to third parties. We do not use your message content to train AI models.

ChatSathi integrates with the Meta WhatsApp Business Platform. By connecting your WhatsApp Business Account you acknowledge that:

• Message data flows through Meta's infrastructure before reaching our servers
• Your use of WhatsApp is also governed by Meta's WhatsApp Business Policy and Meta's Privacy Policy
• We access the Meta Graph API only for the permissions you explicitly grant
• We do not share your WABA data with any party other than Meta as required to deliver the service

• Database: Supabase (Postgres) with row-level security (RLS) — every row is scoped to your account
• Encryption at rest: Sensitive tokens (WhatsApp access tokens, API keys, payment secrets) are encrypted with AES-256-GCM before storage
• Encryption in transit: All connections use TLS 1.2+
• Access control: Role-based permissions (owner / admin / agent / viewer) enforced at both application and database level
• Webhook verification: Inbound Meta webhooks are verified with HMAC-SHA256 signatures

No security system is perfect. In the event of a data breach we will notify affected users within 72 hours of becoming aware, as required by applicable law.

• Account data: Retained for the lifetime of your account. Deleted within 30 days of account closure upon request.
• Messages: Retained indefinitely unless you delete them or close your account.
• Server logs: 90 days.
• Backups: Up to 30 days after deletion from the primary database.

We use the following sub-processors to deliver ChatSathi:

ChatSathiuses only essential cookies required for authentication (session tokens set by Supabase Auth). We do not use advertising cookies or third-party tracking pixels. The Facebook JS SDK (used for WhatsApp account connection) may set its own cookies governed by Meta's cookie policy.

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — update inaccurate or incomplete data
• Deletion — request erasure of your account and associated data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request that we limit processing of your data

To exercise any of these rights, email legal@chatsathi.co.in. We will respond within 30 days.

ChatSathi is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, contact us immediately and we will delete it.

Your data may be processed in countries outside your own, including the United States, where our infrastructure providers operate. We ensure appropriate safeguards are in place (such as Standard Contractual Clauses) for transfers from the EEA or UK.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email or in-app notice at least 14 days before the change takes effect. Continued use of ChatSathi after the effective date constitutes acceptance.

For privacy questions, data requests, or complaints: