Privacy Policy

Last updated: March 30, 2026

1. Introduction

ATBot ("we", "us", "our") is a business management platform developed by Alfatonics, registered in Dar es Salaam, Tanzania. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our web application, mobile application (iOS and Android), and related services (collectively, the "Service").

By using ATBot, you consent to the practices described in this policy. If you do not agree, please discontinue using the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and password when you register.
  • Business Information: Business name, category, description, city, and operational settings you configure.
  • Payment Information: Mobile money phone number used for subscription payments (processed via third-party payment providers — we do not store your financial credentials).
  • Product Catalog: Product names, descriptions, prices, and images you upload to your catalog.
  • Knowledge Base: Custom business information, FAQs, and training data you provide for the AI chatbot.

2.2 Information from Third-Party Services

  • Facebook Login: Public profile (name, email) when you sign in with Facebook. We also receive a Meta access token to manage your WhatsApp Business and Meta Ads integrations.
  • Google Sign-In: Name, email address, and Google account ID when you sign in with Google.
  • Apple Sign-In: Name, email address (may be a relay address), and Apple account ID when you sign in with Apple.
  • WhatsApp Business API: Messages, contacts, and conversation metadata from your WhatsApp Business account.
  • Instagram Messaging: Direct messages, contacts, and conversation metadata from your linked Instagram account.
  • Meta Ads API: Ad campaign performance data, audience insights, and ad creative information.

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, click patterns, and session duration.
  • Device Information: Device type, operating system, browser type, app version.
  • IP Address: Used for security (rate limiting, fraud prevention) and approximate location.
  • Cookies: Session cookies for authentication. We do not use tracking or advertising cookies.

3. How We Use Your Information

  • Provide the Service: AI chatbot, CRM, WhatsApp/Instagram messaging, Meta Ads management, broadcast messaging, and analytics.
  • Account Management: Registration, authentication, billing, subscriptions, and support.
  • AI Processing: Your knowledge base and conversation context are sent to AI providers (OpenAI/Google) to generate chatbot responses. We do not use your data to train AI models.
  • Communication: Send transactional emails (password resets, email verification, trial expiry notifications).
  • Security: Rate limiting, fraud detection, session management, and audit logging.
  • Service Improvement: Aggregate usage analytics to improve features and performance.

4. Information Sharing

We do not sell your personal information. We share data only with:

  • Meta Platforms (Facebook/WhatsApp/Instagram): To provide WhatsApp Business API, Instagram messaging, and Meta Ads services. Subject to Meta's Privacy Policy.
  • AI Providers (OpenAI/Google): Conversation context for AI-generated responses. No personal identifiers are shared.
  • Payment Processors: Mobile money providers (via Selcom/payment gateways) to process subscription payments.
  • Cloud Hosting (Vercel/Neon/Cloudflare): Infrastructure providers that host and serve the platform.
  • Email Service (Zoho): For sending transactional emails.
  • Legal Requirements: When required by law, court order, or to protect our legal rights.

5. Data Storage and Security

  • Data is stored on secure servers hosted in the EU (Neon PostgreSQL) and globally via Cloudflare CDN.
  • Passwords are hashed using bcrypt with a cost factor of 12.
  • All data transmission is encrypted via TLS/HTTPS.
  • Access to user data is restricted to authorized personnel only.
  • We implement rate limiting, webhook signature verification, and input validation to prevent attacks.
  • Admin actions are logged in an audit trail for accountability.

6. Data Retention

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Conversation Data: Retained while your account is active for CRM and analytics purposes.
  • Audit Logs: Retained for 12 months for security and compliance.
  • Backup Data: Database backups are retained for 7 days and then deleted automatically.

7. Your Rights

You have the right to:

  • Access: Request a copy of all data we hold about you.
  • Correction: Update or correct inaccurate personal information.
  • Deletion: Request deletion of your account and all associated data.
  • Portability: Request your data in a machine-readable format.
  • Revoke Permissions: Disconnect Facebook, Google, or Apple login at any time via your account settings or the provider's settings page.
  • Opt-Out: Unsubscribe from non-essential communications.

To exercise any of these rights, contact us at hello@alfatonics.com.

8. Data Deletion

You can request data deletion by:

  • Sending an email to hello@alfatonics.com with subject "Data Deletion Request".
  • Removing ATBot from Facebook Settings → Apps and Websites → Business Integrations.

Upon receiving a valid request, we will delete all your personal data within 30 days. Some data may be retained as required by law or for legitimate business purposes (e.g., payment records for tax compliance).

9. Children's Privacy

ATBot is designed for business use and is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 13, we will delete it immediately.

10. International Data Transfers

Your data may be processed in countries outside Tanzania, including the EU and the United States, where our infrastructure providers operate. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

  • 📧 Email: hello@alfatonics.com
  • 📱 WhatsApp: +255 656 586 676
  • 🏢 Company: Alfatonics, Dar es Salaam, Tanzania
Terms of ServiceHome