Privacy Policy

Your privacy is important to us. This policy explains how kirim.chat collects, uses, and protects your personal information in compliance with GDPR and Meta's policies.

Last Updated: November 14, 2025

1. Information We Collect

1.1 Account Information

When you create a kirim.chat account, we collect:

• Full name and email address
• Business name and business information
• WhatsApp Business Account (WABA) ID
• Phone number associated with your WhatsApp Business
• Password (encrypted and hashed)

1.2 Customer Data

We process customer data on your behalf, including:

• Customer phone numbers
• Customer names (if provided)
• Message content and metadata
• Consent records and communication preferences
• Interaction timestamps and delivery status

1.3 Technical Information

• IP addresses and device information
• Browser type and version
• Usage data and analytics
• Cookies and session data

2. How We Use Your Data

We use your information to:

• Provide Services: Enable WhatsApp messaging, template management, and customer communication
• Account Management: Create and manage your kirim.chat account
• Authentication: Verify your identity and secure your account
• Communication: Send service updates, security alerts, and support messages
• Analytics: Analyze usage patterns to improve our platform
• Compliance: Meet legal obligations and Meta's WhatsApp Business API policies
• Security: Detect and prevent fraud, abuse, and security incidents

3. Data Sharing & Disclosure

We share your data only in the following circumstances:

3.1 Meta/WhatsApp

We share necessary data with Meta to enable WhatsApp Business API functionality, including:

• Message content and recipients for delivery
• Business account information
• Template submissions for approval

3.2 Service Providers

• Database Hosting: Neon (PostgreSQL) - EU/US data centers
• Infrastructure: Cloud hosting providers with GDPR compliance
• Analytics: Aggregate, anonymized usage statistics only

3.3 Legal Requirements

We may disclose data if required by law, court order, or to:

• Comply with legal processes
• Protect our rights and property
• Prevent fraud or security threats
• Protect user safety

4. Data Security

We implement industry-standard security measures:

• Encryption: All data in transit uses TLS 1.3, data at rest is encrypted
• Authentication: Secure password hashing (bcrypt), session management
• Access Control: Role-based access control (RBAC) and least-privilege principle
• Monitoring: Continuous security monitoring and audit logging
• Infrastructure: Secure cloud hosting with regular security updates
• Data Isolation: Multi-tenant architecture with strict data segregation

While we implement strong security measures, no system is 100% secure. You are responsible for keeping your account credentials confidential.

5. Your Rights (GDPR Compliance)

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data we hold
• Rectification: Correct inaccurate or incomplete data
• Erasure (Right to be Forgotten): Request deletion of your data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain data processing activities
• Withdraw Consent: Revoke consent for processing at any time
• Lodge a Complaint: File a complaint with your local data protection authority

To exercise your rights, contact us at privacy@kirim.chat. We will respond within 30 days.

6. Data Retention

We retain data as follows:

• Account Data: Retained while your account is active
• Message Data: Stored for 30 days, then automatically deleted (compliance with Meta policies)
• Customer Contact Data: Retained as long as needed for your business operations
• Audit Logs: Retained for 90 days for security and compliance
• Backup Data: Deleted within 30 days after primary deletion

After account deletion, we permanently delete all your data within 30 days, except where retention is required by law.

7. WhatsApp Business API Integration

kirim.chat is a WhatsApp Business Solution Provider (BSP) using Meta's official WhatsApp Business API. Your use of WhatsApp messaging features is subject to:

• Meta's Terms: WhatsApp Business Terms of Service
• Meta's Privacy Policy: WhatsApp Privacy Policy
• WhatsApp Business Policy: Business Policy

8. Cookies & Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security (cannot be disabled)
• Functionality Cookies: Remember your preferences and settings
• Analytics: Understand usage patterns (aggregated and anonymized)

We do not use third-party advertising cookies or tracking pixels.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate data protection through:

• EU Standard Contractual Clauses (SCCs)
• Data Processing Agreements with service providers
• Adequate safeguards as required by GDPR

10. Children's Privacy

kirim.chat is intended for business use only. We do not knowingly collect information from individuals under 16 years old. If you believe we have collected data from a minor, contact us immediately at privacy@kirim.chat.

11. Policy Updates

We may update this Privacy Policy periodically. We will notify you of significant changes via:

• Email notification to registered users
• In-platform notification
• Updated "Last Modified" date at the top of this policy

Continued use of kirim.chat after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, data requests, or concerns:

• Email: privacy@kirim.chat
• Support: support@kirim.chat
• Data Protection Officer: dpo@kirim.chat

Response Time: We aim to respond within 72 hours