Privacy Policy | Chatbot iTech

1. Overview

This Privacy Policy explains how we collect, use, disclose and protect personal data in connection with Chatbot iTech — a cloud-based chatbot & CRM platform for business messaging (WhatsApp, Instagram DM, Facebook Messenger, Email, Telegram). Our goal: be transparent and provide the information Meta partners expect during WhatsApp Business API onboarding.

2. Data Controller & Contact

Data Controller: iTech Digital

For privacy requests, DPO contact or data deletion requests, email admin@itechdigitalnet.com. We aim to respond to verifiable requests within applicable legal timeframes.

3. Data We Collect

We only collect personal data necessary to provide the service and to comply with business objectives and legal obligations.

• Contact data: name, phone number, email, company name.
• Conversation content: message text, attachments (images, videos, documents), timestamps, message metadata.
• Usage & technical data: session timestamps, IP addresses, device type (if available), webhook events.
• Payment metadata: invoice number, transaction ID (we do not store raw card data).
• Optional KYC/Order data: shipping address, IC number (only if customer explicitly provides for a business process — stored securely and limited access).

4. Lawful Basis & Purposes

We process personal data for the following lawful bases and purposes:

• Performance of contract: to provide chatbot services, CRM, onboarding, and billing.
• Legitimate interests: product improvement, analytics, fraud prevention, security operations.
• Consent: for marketing communications where explicit opt-in is required (e.g., WhatsApp promotional messages).
• Legal obligations: to comply with law enforcement or regulatory requests.

5. WhatsApp-specific opt-in and messaging

Explicit user opt-in: Chatbot iTech only sends marketing or templated WhatsApp messages to users who have explicitly opted in. Accepted opt-in capture methods include:

• Web form with a labeled checkbox (example: “Yes, I agree to receive WhatsApp messages from {Business}”).
• In-app opt-in or checkout checkbox recording timestamp and origin.
• Conversational opt-in recorded on WhatsApp (user types “I agree” after shown opt-in script).

We store the opt-in timestamp and source. For every campaign, an unsubscribe (opt-out) instruction is included (e.g., “Reply STOP to unsubscribe”).

Sample opt-in wording (to use on forms)

6. Message Templates & Examples

For WhatsApp Business API use, we support templated messages for transactional and notification use cases. Examples (these are sample templates — final templates submitted to Meta must follow their template rules):

We recommend businesses submit templates to Meta via their BSP or partner, and retain records of approved templates.

7. Opt-out & Unsubscribe

All marketing messages include opt-out instructions (e.g., “Reply STOP to unsubscribe”). When a user opts out, we mark them as unsubscribed immediately and exclude them from future marketing campaigns. Transactional/support messages may still be sent if necessary for contract/performance.

8. Data Sharing & Subprocessors

We do not sell personal data. We may share data with subprocessors to deliver the service. Typical subprocessors:

• Cloud hosting provider (e.g., AWS / Google Cloud / Azure) — storage & compute.
• Messaging providers / BSPs for WhatsApp connectivity.
• AI providers (OpenAI, Anthropic, Google) for natural language features — only prompt & non-sensitive context is sent; sensitive PII is minimized where possible.
• Payment processors (for invoices & payment metadata).
• Analytics & monitoring providers.

We maintain Data Processing Agreements (DPAs) with our subprocessors where required and will provide a subprocessors list upon request.

9. Storage, Security & Retention

Storage location: We store customer data in secure cloud servers. Default storage region: Malaysia / Singapore / selected region as per customer configuration. Please confirm region with sales/technical team.

Security measures:

• Encryption in transit (HTTPS/TLS) and encryption at-rest for critical data.
• Role-Based Access Control (RBAC) — admin, support, sales roles.
• Audit logging & activity monitoring.
• Regular backups & patching.
• Two-factor authentication available for admin accounts.

Retention: Default retention period is 24 months for contact & message data, configurable by customer. Data deletion requests will be processed subject to backups and legal obligations.

10. Automated Processing & Profiling

We use automated logic to route messages and trigger follow-ups. If a business uses profiling or automated decision-making that has legal or significant effects, we will provide explanations and manual review options.

11. Data Subject Rights

Users may request access, correction, deletion, restriction, or portability. To exercise rights, contact admin@itechdigitalnet.com. We will verify identity before processing sensitive requests.

12. Children

Our service is for business use; we do not knowingly collect data from children under 16.

13. Changes to this Policy

We may update this policy. We will post the updated policy at this URL and notify registered business users of material changes.

14. Partner Checklist (for WhatsApp Business API)

• Business registration & contact details — included above.
• Use case description & message templates — see sections 5 & 6.
• Opt-in capture method examples & storage of opt-in timestamp — shown in section 5.
• Opt-out mechanism — section 7.
• Subprocessors list & DPA statement — section 8.
• Security & storage region details — section 9.
• Support & DPO contact — admin@itechdigitalnet.com.

15. Contact

Privacy or policy requests: admin@itechdigitalnet.com

Company address: ALMYRA RESIDENCE, LAMAN PUTERI 3, BANDAR BUKIT MAHKOTA, 43000 BANGI, SELANGOR