Skip to main content
Chatsvia
Login
Chatsvia

Privacy Policy

How Chatsvia — operated by iiniit — collects, uses, and protects your data and your customers' conversations.

Last updated: 31 May 2026

We never sell your data

Encrypted at rest

No third-party ad trackers

1. Who is responsible for your data

Chatsvia is operated by iiniit, our parent company. For the data you and your customers share with us, iiniit is the "data controller" under applicable privacy laws (including the EU and UK GDPR where relevant). In this policy, "we", "us", and "our" all refer to iiniit.

If you are our customer (a business using Chatsvia), you act as the controller for your own customers' personal data, and we act as a processor for that data strictly under your instructions and these terms.

You can contact us at [email protected] for any privacy question.

2. Information we collect

We only collect what we need to run Chatsvia for your business:

  • Account data

    Your name and email, provided through iiniit SSO when you sign up.

  • Business profile & catalog

    Your business name, contact info, policies, products, prices, and any images you upload to train the AI.

  • Messenger and WhatsApp conversations

    Messages sent to your connected Facebook Pages or WhatsApp Business numbers, including the customer's Facebook name or WhatsApp profile name and any details they share (e.g. address, phone). Used only to generate replies and capture orders on your behalf.

  • Facebook Page and WhatsApp access tokens

    Provided by Meta when you connect a Page or a WhatsApp Business number. Encrypted at rest with AES-256 and used only to read messages and send replies.

  • Usage telemetry

    Counts such as number of conversations and AI messages, and basic server logs (IP address, timestamp, user agent) needed for security, debugging, and billing.

  • Billing metadata

    Plan, invoice history, and transaction IDs from our payment processor. We never store full card numbers.

3. How we use your information

We use the data above only to:

  • Operate Chatsvia — read incoming Messenger and WhatsApp messages and send AI replies on your behalf.
  • Create and manage orders captured from chat.
  • Enforce plan limits, prevent abuse, and keep the service secure.
  • Send transactional emails (order notifications, account changes, billing receipts).
  • Provide customer support when you ask for it.
  • Improve the product — in aggregate, never by analysing a specific customer's messages.
  • Meet legal, accounting, and regulatory obligations.

✓ We do not sell your data or your customers' data to any third party, ever. We do not use your conversations to train third-party AI models.

5. Who we share data with

We share data with a small, carefully chosen set of providers that help us run Chatsvia. We do not share it with advertisers, data brokers, or for any marketing purpose:

  • Meta Platforms — to receive webhooks and send replies through Facebook Messenger and the WhatsApp Cloud API.
  • AI provider (OpenAI) — we send the minimum conversation context needed to generate a reply. Our provider does not use this data to train their models in our configuration.
  • Email provider — to deliver transactional emails (order notifications, password changes, receipts).
  • Payment processor (iiniit Payments) — to take subscription payments. They see the billing details required to process the charge.
  • Hosting and infrastructure — our application and database run on reputable cloud providers that operate under appropriate data-processing agreements.

We may also disclose information if we are required to do so by law, regulation, or a valid legal request, or to protect the rights, property, or safety of iiniit, our users, or the public.

6. How long we keep it

  • Account and business data — while your account is active, and for a reasonable period after you close it so we can honour legal, tax, and dispute-resolution obligations.
  • Messenger and WhatsApp conversations and orders — kept in your dashboard as long as your account is active. Deleted shortly after you disconnect a Page or WhatsApp number, or close your account, subject to backups that age out on a rolling basis.
  • Product images — kept until you delete the product or close your account.
  • Server logs — kept for a short operational window (typically up to 90 days).

You can request earlier deletion at any time by emailing us.

7. How we protect your data

We take reasonable technical and organisational measures to protect your information, including:

  • HTTPS on every connection.
  • AES-256 encryption at rest for sensitive tokens (e.g. Facebook Page access tokens).
  • Principle of least privilege — only a small number of people can access production data, and only when needed.
  • Regular patching of dependencies, monitoring, and incident response procedures.

No system is perfectly secure. If we ever become aware of a breach that affects you, we will notify you and the relevant authorities as the law requires.

8. Your rights

Depending on where you live, you may have some or all of the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct data that is wrong.
  • Erasure — ask us to delete your data (subject to legal retention obligations).
  • Portability — receive a copy of your data in a machine-readable format.
  • Objection / restriction — object to certain processing, or ask us to limit it.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Complaint — lodge a complaint with your local data-protection authority.

To exercise any of these rights, write to [email protected]. You can also disconnect a Facebook Page or delete your account directly from your dashboard at any time.

9. International transfers

Our infrastructure and processors may be located outside of your country, including in the United States and the European Union. When we transfer personal data across borders, we rely on appropriate safeguards such as standard contractual clauses and each provider's own transfer mechanisms.

10. Children's privacy

Chatsvia is a business-to-business product and is not designed for or directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Cookies and similar tech

We use a small number of first-party cookies and similar technologies — strictly to keep you signed in and to remember essential preferences. We do not run advertising cookies or cross-site tracking pixels on our website or dashboard.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for significant changes, let you know by email or an in-app notice. Please check back occasionally.

13. Contact us

If you have any questions about this Privacy Policy or the way we handle your data, email us at [email protected]. You can also learn more about our parent company at iiniit.com.