Privacy Policy

1. Introduction

Welcome to ARCHIE TECH NEXUS ("we," "our," or "us"). We operate the ARCHIE TECH NEXUS platform, a WhatsApp Business Cloud API management dashboard accessible at https://whatsapp.archietech.app (the "Service").

ARCHIE TECH NEXUS is a technology consultancy company based in Nairobi, Kenya, offering professional technology services including WhatsApp Business API integration, business communication solutions, and digital transformation services.

This Privacy Policy describes how we collect, use, process, and protect information when you interact with our Service. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information from WhatsApp Business API

When users communicate with businesses managed through our platform, we process the following data via the Meta WhatsApp Business Cloud API:

• Message Content: Text messages, media files (images, videos, audio, documents, stickers), and interactive message responses exchanged between businesses and their customers
• Contact Information: Phone numbers, WhatsApp profile names of users who initiate conversations with businesses managed on our platform
• Message Metadata: Timestamps, delivery status (sent, delivered, read), message IDs, and message types
• Media Files: Images, videos, voice notes, documents, and stickers sent or received through the platform

2.2 Business Account Information

• WhatsApp Business Account (WABA) details: Phone number IDs, business display names, and account identifiers
• Authentication credentials: Login information for platform administrators
• API usage data: Request logs, response times, and error information for service monitoring

2.3 Automatically Collected Information

• Log Data: Server logs including IP addresses, browser type, access times, and referring URLs
• Usage Analytics: Message volumes, response times, and feature usage patterns for service improvement

3. How We Use Your Information

We use the collected information for the following purposes:

Purpose	Legal Basis
Delivering and routing WhatsApp messages between businesses and their customers	Contract performance
Storing conversation history for business reference	Legitimate interest
Providing real-time notifications (including via Telegram) for new messages	Legitimate interest
Generating analytics and reports on messaging activity	Legitimate interest
Managing contact labels, notes, and CRM features	Contract performance
Processing scheduled messages and broadcasts	Contract performance
AI-powered automated responses (when enabled by the business)	Consent / Legitimate interest
Ensuring platform security and preventing abuse	Legitimate interest
Complying with legal obligations and Meta Platform policies	Legal obligation

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information in the following circumstances:

• Meta / WhatsApp: Message data is processed through Meta's WhatsApp Business Cloud API as required to deliver the messaging service. Meta's own data policies apply to their processing of this data.
• AI Service Providers: When AI auto-reply features are enabled, message content may be sent to AI model providers (such as OpenAI) to generate responses. This is only activated when explicitly enabled by the business administrator.
• Telegram Notifications: Message summaries (sender name and message preview) may be sent via Telegram Bot API for real-time notification purposes.
• Legal Requirements: We may disclose information when required by law, legal process, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the business transaction.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

• Data is stored on secure servers with restricted access
• All data transmission is encrypted using HTTPS/TLS
• Access to the platform's administrative dashboard is protected by authentication
• Media files are stored locally on secured servers and served over encrypted connections
• Database access is restricted to authorized application processes only
• Regular security reviews and updates are performed

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

6. Data Retention

We retain data for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Messages and conversations: Retained for the duration of the business relationship plus any legally required retention period
• Media files: Stored for as long as associated messages are retained
• API logs and analytics: Retained for up to 90 days for operational purposes
• Account information: Retained until the account is deleted or deactivated

Users may request deletion of their data at any time by following our Data Deletion Instructions.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (see our Data Deletion page)
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at penguin@archietech.app.

8. Use of Meta Platform Data

Our application uses the Meta Platform, specifically the WhatsApp Business Cloud API, to provide messaging services. In connection with this:

• We access and process data from Meta's WhatsApp Business API solely to provide the messaging and business communication services described in this policy
• We do not use Meta Platform Data for purposes other than providing and improving our Service
• We do not use Meta Platform Data for advertising, data brokering, or selling to third parties
• We comply with Meta's Platform Terms, Developer Policies, and all applicable data use requirements
• Users can manage their data shared via WhatsApp through WhatsApp's own privacy settings and by contacting us directly

9. Cookies and Tracking

Our platform uses minimal cookies necessary for service functionality:

• Session cookies: Required for authentication and maintaining your logged-in state
• Preference cookies: Store your selected tenant and interface preferences

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track users across websites.

10. Children's Privacy

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete such information promptly.

11. International Data Transfers

Our servers are located in the United States (AWS). If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country different from your own. We ensure appropriate safeguards are in place for such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: