Privacy PolicyTaifa Hospitality Private Limited
This Privacy Policy describes how Taifa Hospitality Private Limited ("we", "us", or "our") collects, uses, stores, and protects information in connection with our WhatsApp automation and business chatbot services. By using our services, you agree to the practices described in this policy.
We are a registered WhatsApp Business Solution Provider (BSP) / Tech Provider operating through Meta's platforms. This policy complies with Meta's Platform Terms, WhatsApp Business API policies, and applicable data protection regulations.
Who We Are
Taifa Hospitality is a technology service provider that offers WhatsApp automation solutions, AI-powered chatbots, and messaging infrastructure services to businesses. We help businesses communicate with their customers through the WhatsApp Business API.
We act as a data processor on behalf of our business clients (who are data controllers), and we also collect certain data as a data controller for our own operational purposes.
Information We Collect
We may collect the following categories of information:
- Business Client Information: Company name, contact name, email address, phone number, billing details, and business registration information.
- End-User Messaging Data: WhatsApp messages, phone numbers, and conversation metadata exchanged through chatbot systems we operate on behalf of clients.
- Technical Data: API usage logs, IP addresses, device type, browser information, and system interaction records.
- Configuration Data: Chatbot workflows, message templates, automation rules, and integration settings configured by our clients.
- Website Data: Information submitted through contact forms, cookie data, and analytics from visitors to our website.
How We Use Information
We use collected information for the following purposes:
- Service Delivery: To operate, maintain, and improve our WhatsApp automation and chatbot services.
- Client Support: To respond to queries, troubleshoot issues, and provide technical assistance.
- Billing & Accounts: To process payments, manage subscriptions, and maintain business records.
- Compliance: To fulfill legal obligations and comply with Meta/WhatsApp platform policies.
- Service Improvement: To analyse usage patterns and improve performance of our automation systems.
- Communications: To send service updates, policy changes, or relevant product notifications to clients.
We do not use end-user messaging data for advertising, profiling, or any purpose beyond providing the contracted service to our business clients.
WhatsApp & Meta Platform Data
As a provider of WhatsApp Business API services, we operate under Meta's Platform Terms and WhatsApp Business API policies. Specifically:
- We access WhatsApp messaging data solely to provide the automation services requested by our business clients.
- We do not scrape, store, or repurpose WhatsApp user data beyond what is necessary for the service.
- Message content processed through our systems is handled in accordance with WhatsApp's data usage policies.
- We ensure our clients use our services only for permitted use cases under WhatsApp Business Policy.
- End users interacting with our clients' chatbots are subject to WhatsApp's own Privacy Policy at whatsapp.com/legal/privacy-policy.
We operate as a Tech Provider on Meta for Developers. Our use of Meta technologies complies with Meta's Platform Terms at developers.facebook.com/terms.
Sharing of Information
We do not sell personal information. We may share information only in these circumstances:
- Meta / WhatsApp: As required to operate the WhatsApp Business API and comply with platform policies.
- Service Providers: Trusted third-party vendors (cloud hosting, payment processors) who process data on our behalf under strict confidentiality agreements.
- Business Clients: Data belonging to a client's end-users is accessible to that client as the data controller.
- Legal Requirements: When required by law, court order, or regulatory authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to the same privacy commitments.
Data Retention
We retain data only as long as necessary for the purposes outlined in this policy:
- Client Account Data: Retained for the duration of the contract and up to 3 years after termination for legal compliance.
- Messaging Logs: Retained for up to 90 days unless a different period is agreed with the client or required by law.
- Billing Records: Retained for a minimum of 7 years as required by financial regulations.
- Website Analytics: Aggregated, anonymised data retained for up to 2 years.
Upon request or contract termination, client data is securely deleted or anonymised within 30 days, unless legal obligations require otherwise.
Security Measures
We implement industry-standard technical and organisational measures to protect your information, including:
- Encrypted data transmission (TLS/SSL) for all communications
- Access controls and authentication for all internal systems
- Regular security audits and vulnerability assessments
- Secure cloud infrastructure with reputable providers
- Employee data handling and confidentiality training
While we take all reasonable precautions, no system is 100% secure. In the event of a data breach that affects your rights, we will notify affected parties in accordance with applicable law.
Your Rights
Depending on applicable law, you may have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request that we limit how we use your data.
- Portability: Request your data in a portable, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days.
Cookies & Tracking
Our website may use cookies and similar tracking technologies to enhance user experience and analyse traffic. Types of cookies we may use:
- Essential Cookies: Required for core website functionality.
- Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
- Preference Cookies: Remember your settings and choices.
You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect website functionality.
Third-Party Services
Our services may integrate with or link to third-party platforms including:
- Meta / WhatsApp Business API
- Cloud service providers (e.g., AWS, Google Cloud)
- Payment gateways
- CRM and business tools integrated at client request
These third parties have their own privacy policies. We are not responsible for their data practices. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or industry practices. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active clients via email at least 14 days before changes take effect
- Post a notice on our website
Your continued use of our services after changes become effective constitutes acceptance of the updated policy.
Contact Us
For any privacy-related questions, requests, or concerns, please reach out to us:
We are committed to resolving privacy concerns promptly and transparently.