Privacy Policy
Last updated: June 22, 2026
This policy explains what information Convlox collects from the businesses and end customers who use our WhatsApp automation platform, how that information is used, and who we share it with. It applies to the Convlox dashboard and the WhatsApp messaging services we provide on behalf of our business customers ("tenants").
1. Who we are
Convlox is a WhatsApp chatbot platform that helps e-commerce businesses automate customer replies, take orders, and run broadcast campaigns over WhatsApp. Convlox is an early-stage, independently operated service. We have not yet registered a formal business entity; until we do, this policy is issued by the individual(s) operating Convlox, and the contact details below remain the authoritative way to reach us.
2. Information we collect
We collect different information depending on whether you are a business using Convlox to run your WhatsApp account ("tenant"), a member of a tenant's team ("agent"), or a customer messaging a business that uses Convlox ("end customer").
- Tenant account data: business name, contact details, WhatsApp number, login credentials (passwords are hashed, never stored in plain text), and configuration such as catalog, pricing, and automated reply settings.
- WhatsApp message content: messages exchanged between end customers and a tenant's WhatsApp number, including text content, timestamps, and delivery status, so that we can generate automated replies and maintain conversation history.
- End customer data: phone number, name, address, and order details, when voluntarily provided through a WhatsApp conversation in order to place or fulfil an order.
- Order and analytics data: order records, conversation tags, response-time metrics, and aggregated usage statistics used to power the tenant's dashboard.
- Technical data: log data such as IP address and request metadata, used for security, debugging, and rate-limiting.
3. How we use this information
- To deliver the core service: receiving, automatically replying to, and routing WhatsApp messages.
- To generate AI-assisted replies based on a tenant's configured catalog, tone, and instructions.
- To record orders, customer history, and conversation status so tenants and their agents can manage customer relationships.
- To produce analytics and reporting for the tenant dashboard.
- To secure accounts, prevent abuse, and enforce rate limits on login attempts.
We do not sell personal data, and we do not use end customer message content for advertising.
4. Third-party processors
To operate the service, we share data with the following third-party processors. Each processes data only as needed to provide their respective service to us:
| Processor | Purpose | Data involved |
|---|---|---|
| Meta WhatsApp Cloud API | Sending and receiving WhatsApp messages for tenants using the official integration | Phone numbers, message content, delivery metadata |
| Groq | Generating AI-powered automated replies | Message content, tenant-configured business context |
| MongoDB Atlas | Hosting our database where account, conversation, order, and customer data is stored | All categories of data described in Section 2 |
We do not control how Meta, Groq, or MongoDB Atlas independently use data outside the scope of the service they provide us; each operates under their own privacy policy and data processing terms.
5. Data security
We apply technical safeguards appropriate to the sensitivity of the data we hold:
- Sensitive credentials, such as WhatsApp API access tokens and app secrets, are encrypted at rest using AES-256-GCM.
- Passwords are hashed and never stored or logged in plain text.
- Access to tenant data is scoped by account and role — agents only see what their permissions allow, and one tenant cannot access another tenant's data.
- Login endpoints are rate-limited to reduce the risk of credential-stuffing attacks, and standard HTTP security headers are enforced across the platform.
- Incoming WhatsApp webhook requests are verified using HMAC signature checks before being processed.
6. Data retention
We retain tenant account data, conversation history, and order records for as long as the tenant's account remains active, plus a reasonable period afterward to comply with legal or operational requirements. Tenants may request deletion of their account and associated data at any time by contacting us.
7. End customer rights
If you are an end customer who has messaged a business using Convlox and would like your data corrected or removed, you may contact that business directly, or reach out to us using the details below and we will coordinate with the relevant tenant.
8. Children's privacy
Convlox is intended for use by businesses and their adult customers. We do not knowingly collect data from children, and our service is not directed at children.
9. Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected by updating the "Last updated" date above. Continued use of Convlox after changes are posted constitutes acceptance of the revised policy.
10. Contact us
Questions about this policy or your data? Reach out:
Email: hello@convlox.com