Privacy Policy

Introduction

Conecxt ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer engagement platform, including our WhatsApp Business API integration and related services.

This policy complies with the EU General Data Protection Regulation (GDPR), Meta's WhatsApp Business Messaging Policy, and other applicable data protection laws. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Data Controller Information

What Data We Collect

Data You Provide Directly

• Account Information: Name, email address, phone number, company name, job title
• Authentication Data: Username, password (encrypted), authentication tokens
• Business Information: Company details, billing information, tax identification numbers
• Communication Data: Messages, conversation history, contact preferences, opt-in consents
• Support Data: Support tickets, feedback, survey responses

Data We Collect Automatically

• Usage Data: Pages viewed, features used, time spent, click patterns
• Device Information: IP address, browser type, device type, operating system
• Log Data: Access times, error logs, performance metrics
• Cookie Data: Session identifiers, preference settings, analytics data

WhatsApp Business API Data

• Customer Contact Data: Phone numbers, names, profile information (with explicit opt-in consent)
• Message Content: Text messages, media files, message metadata
• Delivery Data: Message delivery status, read receipts, timestamps
• Interaction Data: Button clicks, quick replies, conversation flows

How We Collect Your Data

• Direct Provision: When you register, place orders, complete forms, or communicate with us
• Website Usage: Through cookies and analytics tools when you browse our website
• WhatsApp Integration: Through our WhatsApp Business API integration (only with your explicit opt-in consent)
• Third-Party Sources: From trusted partners or service providers (with proper authorization)
• API Integration: When you integrate our platform with third-party systems

Legal Basis for Processing & How We Use Your Data

Contract Performance

We process your data to provide our services:

• Creating and managing your account
• Processing transactions and billing
• Delivering customer engagement services
• Providing technical support
• Sending service-related notifications

Legitimate Interests

• Improving our platform functionality and user experience
• Conducting analytics to understand usage patterns
• Preventing fraud and ensuring security
• Optimizing performance and reliability

Consent

• Sending marketing communications (you may opt-out at any time)
• Contacting you via WhatsApp Business (requires explicit opt-in)
• Using non-essential cookies for analytics

Legal Obligations

• Complying with legal requirements and regulations
• Responding to legal requests and court orders
• Meeting tax and accounting obligations

WhatsApp Business API Compliance

How We Store Your Data

Conecxt securely stores your data using industry-standard encryption and security measures. Our servers are hosted in secure data centers with strict access controls, regular security audits, and compliance with SOC 2 and ISO 27001 standards.

Data Retention Periods

• Account Data: Retained for the duration of your account plus 90 days after closure
• Transaction Data: Retained for 7 years to comply with accounting requirements
• Communication Data: Retained for 3 years or until you request deletion
• Marketing Data: Retained until you opt-out or withdraw consent
• Log Files: Retained for 12 months for security and debugging purposes

After retention periods expire, we securely delete your data using industry-standard deletion methods that prevent recovery.

Data Sharing and Third Parties

Service Providers

• Cloud hosting providers (AWS, Azure, Google Cloud)
• Email service providers (for transactional emails)
• Payment processors (for billing and transactions)
• Analytics providers (Google Analytics, Mixpanel)
• Customer support platforms (Zendesk, Intercom)

Meta/WhatsApp

When you opt-in to WhatsApp communications, we share necessary data with Meta to deliver messages through the WhatsApp Business API. This sharing is governed by Meta's Business Terms and WhatsApp Business Policy.

Legal Requirements

We may disclose your data to comply with legal obligations, respond to lawful requests from public authorities, protect our rights and safety, or prevent fraud.

All third parties are contractually required to maintain the confidentiality and security of your data and may only use it for the specific purposes we authorize.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with all third-party processors
• Adequate protection measures as required by GDPR Article 46
• Regular assessments of data protection standards in recipient countries

Your Data Protection Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request copies of your personal data. We may charge a small administrative fee if requests are excessive.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data under certain conditions.
• Right to Restrict Processing: You can request that we limit how we use your data under certain circumstances.
• Right to Object: You can object to processing of your data for direct marketing purposes or based on legitimate interests.
• Right to Data Portability: You can request transfer of your data to another organization in a machine-readable format.
• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.
• Right to Lodge a Complaint: You can file a complaint with your local supervisory authority.

To exercise any of these rights: Contact us at privacy@conecxt.com or dpo@conecxt.com. We will respond within one month.

Marketing Communications

With your consent, we may send you marketing communications. You can opt-out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Replying "STOP" to WhatsApp marketing messages
• Contacting us at privacy@conecxt.com
• Adjusting your preferences in your account settings

Note: Opting out of marketing does not affect service-related notifications.

Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience, analyze usage, and deliver personalized content. For detailed information, see our Cookie Policy.

Security Measures

We implement comprehensive security measures:

• End-to-end encryption for sensitive communications
• SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication options
• Regular security audits and penetration testing
• Employee training on data protection
• Access controls and least-privilege principles
• Incident response procedures for data breaches

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such information, please contact us immediately at privacy@conecxt.com.

Contact Information

Supervisory Authority