← Back to home

Privacy Policy

Last updated: March 19, 2026

1. Information We Collect

We collect the following categories of information:

  • Account Information: Name, email address, phone number, business name, and password when you create an account.
  • WhatsApp Business Data: WhatsApp Business API credentials, phone number IDs, and business account IDs you provide for integration.
  • Contact Data: Phone numbers, names, and tags of your WhatsApp contacts that you add or that message your business.
  • Message Data: Content of WhatsApp messages sent and received through our platform, including text, media metadata, and delivery status.
  • Usage Data: Feature usage, API calls, message volumes, and platform interaction analytics.
  • Payment Data: Billing information processed through our payment providers (Razorpay, Stripe, PayPal). We do not store full credit card numbers.

2. How We Use Your Information

  • To provide, maintain, and improve our WhatsApp Business CRM platform.
  • To process and deliver WhatsApp messages on your behalf via the official Meta Cloud API.
  • To operate AI chatbot features using the LLM providers you configure (OpenAI, Anthropic, or custom endpoints).
  • To manage your subscription, billing, and usage metering.
  • To send you service-related notifications and support communications.
  • To detect, prevent, and address technical issues, fraud, and security incidents.

3. Data Storage and Security

  • Data is stored in PostgreSQL databases hosted on Railway infrastructure.
  • Sensitive credentials (API keys, tokens) are encrypted at rest using AES-256-GCM.
  • All data transmission uses HTTPS/TLS encryption.
  • We implement rate limiting, input validation, and SSRF protection.
  • Access to data is restricted by multi-tenant organization scoping and role-based access control.

4. Data Retention

  • Message data is retained for a configurable period (default: 90 days) and then permanently deleted by automated cleanup.
  • Media files (images, documents, audio, video) are retained for a shorter configurable period (default: 30 days) and then permanently deleted.
  • You can configure these retention periods in your organization settings.
  • Automated retention cleanup runs on a regular schedule and removes all expired messages and media across all organizations.

5. Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policies:

  • Meta (WhatsApp Cloud API): Message delivery and template management.
  • OpenAI / Anthropic: AI chatbot responses (only when you configure an AI agent with your own API key).
  • Razorpay / Stripe / PayPal: Payment processing.
  • Google: OAuth authentication (optional).

6. Your Rights

  • Access: You can export all your organization data at any time from Account settings.
  • Deletion: You can request deletion of your account and all associated data.
  • Portability: Data export is available in JSON format.
  • Correction: You can update your personal and organization information through the platform.
  • Opt-out: Your WhatsApp contacts can opt out of messages at any time by sending STOP.

7. AI and Automated Processing

  • When you enable AI chatbot agents, incoming message content from your contacts is sent to the third-party AI provider you configure (OpenAI, Anthropic, or a custom LLM endpoint) for response generation.
  • Contact context (name, phone number, tags) may be included in AI prompts to personalize responses. This data is transmitted to the AI provider as part of the request.
  • AI Disclosure: Before the first AI response in any conversation, your contact receives a mandatory disclosure message: "Hi! You're now chatting with an AI assistant. A human agent is available if needed — just type HUMAN at any time to connect with a person."
  • Human Escalation: Contacts can type HUMAN, AGENT, PERSON, or similar keywords at any time during an AI conversation to instantly connect with a human agent.
  • Content Safety: All AI responses are filtered through a content safety system that checks for prohibited categories (medical advice, financial recommendations, violence, adult content) before delivery to the contact.
  • AI chatbot features are opt-in for you as a business owner. Your contacts are always informed and can always reach a human.
  • AI as Incidental Service: AI chatbot functionality is provided as a tool incidental to your business operations on WhatsApp, not as a standalone AI service. AI processing occurs only in the context of specific business tasks you configure (such as customer support, FAQ, or order tracking).
  • Messaging Costs: WhatsApp messaging costs are billed directly by Meta on a per-message basis. Kaanha AI does not add per-message fees — your subscription covers platform features only.
  • You are responsible for ensuring that your use of AI chatbots and the data sent to AI providers complies with your own privacy obligations to your contacts and with any applicable data processing agreements.

8. Data Processing Location

Your data is processed and stored on US-based infrastructure (Railway PostgreSQL databases). Data transmitted to third-party AI providers (OpenAI, Anthropic) is processed according to their respective data processing agreements and privacy policies. Payment data is processed by your selected payment provider (Razorpay, Stripe, or PayPal) according to their respective terms and privacy policies.

9. Opt-Out and STOP Processing

Your WhatsApp contacts can opt out of receiving messages at any time by sending STOP or UNSUBSCRIBE. We process these keywords immediately within the same WhatsApp conversation and send a confirmation that the contact has been unsubscribed. Opted-out contacts are automatically excluded from all future broadcasts and proactive messaging. Contacts can re-subscribe by sending START.

10. Contact Us

For privacy-related inquiries, data access requests, or to exercise your data rights, contact us at privacy@kaanha.ai.