Privacy Policy

Effective Date: October 3, 2025

Last Updated: October 3, 2025

AiToolKit ("Company," "we," "our," or "us") is committed to protecting the privacy of our users ("you," "your," "customers"). This Privacy Policy describes how we collect, use, share, and protect your information when you use our website, mobile applications, and services including WhatsApp Business API, Messenger, Instagram, CRM, and related automation tools (collectively, the "Services").

By accessing or using our Services, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following types of information:

1.1 Personal Information

• Full name
• Email address
• Mobile/Phone number
• Business name and details
• Billing details (address, GST, tax information)
• Login credentials (encrypted)

1.2 Business & Customer Data

• WhatsApp API numbers linked to your account
• Messages sent/received via APIs (for delivery, support, and logs)
• Customer details uploaded to CRM (contacts, tags, attributes, notes)
• Chatbot configurations, flows, and triggers

1.3 Payment Information

• Transaction details (through secure payment gateways)
• No credit card or sensitive banking details are stored on our servers.

1.4 Technical & Usage Data

• IP addresses, device identifiers, browser type, operating system
• Access logs, crash reports, and performance analytics
• Cookies, beacons, and tracking tools for session management

2. How We Use Your Information

We use collected information to:

• Provide, operate, and improve our Services
• Authenticate and secure user accounts
• Facilitate communication via WhatsApp, Facebook, Instagram, etc.
• Process transactions and manage billing
• Automate workflows, campaigns, and chatbots
• Offer personalized experiences and recommendations
• Provide customer support and resolve technical issues
• Send service updates, promotions, and alerts (with consent)
• Comply with legal obligations and regulatory requirements

3. How We Share Your Information

We may share information only in the following circumstances:

3.1 With Service Providers

• Payment gateways, hosting providers, API providers, SMS/email providers

3.2 With Business Partners

• Meta (WhatsApp, Facebook, Instagram) for API integrations
• Third-party apps connected via automation builder (Shopify, WooCommerce, etc.)

3.3 For Legal Compliance

• To comply with applicable laws, court orders, and law enforcement requests
• To enforce our Terms & Conditions and prevent fraud or abuse

3.4 Business Transfers

• In case of merger, acquisition, or sale of assets, your data may be transferred.

We never sell your personal information to third parties for marketing purposes.

3A. WhatsApp Business Account Data (Embedded Signup)

When you connect a WhatsApp Business Account to AiToolKit using Meta's Embedded Signup flow at /connect-whatsapp.php, the following information is exchanged between Meta and AiToolKit as a Meta-authorised Tech Provider for the WhatsApp Business Platform:

3A.1 Data Collected from Meta

• WhatsApp Business Account (WABA) ID — the unique identifier of your business account.
• Phone Number ID(s) and the display phone numbers registered under the WABA.
• Verified business name, quality rating, and code verification status for each registered number.
• System User Access Token — used solely to call the WhatsApp Cloud API on your behalf. Stored encrypted at rest.
• Business Manager ID and name (if available).

3A.2 Permissions We Request

• whatsapp_business_management — to read and manage your WABA, phone numbers, templates and webhooks.
• whatsapp_business_messaging — to send and receive WhatsApp messages on your behalf via the Cloud API.
• business_management — to read the structure of your Business Manager (assets, roles).

We do not request email, public_profile, user_friends, user_birthday, or any other personal Facebook data outside of what is strictly required to operate the WhatsApp Business integration.

3A.3 How WhatsApp Data Is Used

• Sending and receiving WhatsApp messages, templates and broadcasts initiated by you from the AiToolKit dashboard.
• Receiving webhook events from Meta (incoming messages, delivery status, template approval updates).
• Displaying your connected WABA, phone numbers and templates inside the AiToolKit panel.
• Refreshing access tokens before expiry so messaging is not interrupted.

WhatsApp Business data is not used for marketing analytics, ad targeting, AI model training, or any purpose unrelated to operating the WhatsApp integration you connected.

3A.4 Where WhatsApp Data Is Stored

All WhatsApp Business data is stored in our managed MySQL database hosted in India (Hostinger VPS, Mumbai region). Access tokens are encrypted at rest. Webhook payloads are stored for up to 90 days for debugging and replay, after which they are purged automatically.

3A.5 Revocation and Deletion

You may revoke AiToolKit's access to your WhatsApp Business Account at any time:

• From Facebook: Business Settings → Business Integrations → AiToolKit → Remove.
• From the AiToolKit panel: open WhatsApp Business → click the connected WABA → Disconnect.
• For full deletion of all stored WhatsApp data, use our Data Deletion page or email info@aitoolkit.in. Deletion is completed within 30 days and a confirmation is sent.

3A.6 Subprocessors

The only subprocessor handling WhatsApp Business data is Meta Platforms Inc. (operator of the WhatsApp Cloud API). AiToolKit does not share WhatsApp data with any other third party.

4. Data Retention

• Customer data stored in CRM remains until you delete it or close your account.
• Transactional and legal records may be retained as required by law.
• Logs and analytics are typically retained for up to 12 months unless otherwise needed.

5. Cookies & Tracking Technologies

We use cookies and similar tools to:

• Maintain user sessions
• Remember preferences and login status
• Measure site traffic and improve performance
• Deliver targeted communications

You may disable cookies through browser settings, but some features may not function properly.

6. Data Security

We implement industry-standard security practices, including:

• SSL/TLS encryption for all data transmission
• Encrypted storage for sensitive information
• Regular security audits and vulnerability assessments
• Role-based access control for team members

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, Indian IT Act), you may have the following rights:

• Access your personal data
• Correct or update inaccurate data
• Request deletion of your data
• Opt out of marketing communications
• Restrict or object to certain processing
• Port your data to another provider

You can exercise these rights by contacting us at info@aitoolkit.in.

8. Third-Party Links & Integrations

Our Services may include links or integrations with third-party platforms. We are not responsible for the privacy practices of third parties. We encourage you to review their policies before sharing information.

9. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us data, please contact us for deletion.

10. International Data Transfers

As we integrate with global platforms (Meta, Shopify, etc.), your data may be transferred and processed outside your country. We ensure appropriate safeguards are in place to protect your information.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, or legal requirements. Updated versions will be posted on this page with a revised "Last Updated" date.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

AiToolKit™️
Email: info@aitoolkit.in
Phone: +919558133552
Website: www.aitoolkit.in