Privacy Policy

This Privacy Policy explains how ChatPilot collects, uses, discloses, and protects personal information when you visit https://chatpilot.biz, create an account, use our software, contact us, or interact with a business that uses ChatPilot to manage WhatsApp-based customer engagement.

ChatPilot is an AI-powered WhatsApp customer engagement and commerce platform for businesses. The platform helps businesses answer customer questions, manage leads, send follow-ups, process payments, and review analytics. Depending on the context, ChatPilot may act as a controller of account and website data, and as a processor or service provider when handling customer conversations and end-user data on behalf of a business customer.

We collect information directly from you, automatically through the service, and from third-party services you connect to ChatPilot.

• Account information: name, business name, email address, phone number, role, password credentials, team settings, and account preferences.
• Customer and conversation data: WhatsApp messages, phone numbers, customer names, order details, bookings, product questions, support requests, campaign preferences, and metadata needed to deliver messages.
• Usage data: log data, device and browser data, IP address, pages viewed, features used, timestamps, errors, performance data, and analytics events.
• Payment and billing data: plan, invoices, billing address, tax details, transaction identifiers, payment status, and limited payment metadata from providers such as Stripe, M-Pesa providers, PayHero, or similar processors. We do not store full payment card numbers.
• Integration data: information from services you choose to connect, such as Meta WhatsApp Cloud API, Facebook or Instagram advertising tools, Google Analytics, WooCommerce, CRM systems, and payment providers.
• Communications: messages you send to support, sales, or privacy contacts, including feedback, attachments, and call or meeting notes.

We use personal information for the following purposes:

• Provide, operate, maintain, secure, and improve ChatPilot.
• Create and manage accounts, authenticate users, and provide customer support.
• Send and receive WhatsApp messages through connected Meta services and other authorized messaging providers.
• Generate AI-assisted responses, conversation summaries, lead routing, campaign suggestions, analytics, and workflow automation.
• Process subscriptions, invoices, payments, refunds, taxes, and fraud checks through third-party payment processors.
• Analyze usage, measure marketing performance, troubleshoot errors, and develop new features.
• Send service notices, product updates, security alerts, billing messages, and marketing communications where permitted by law.
• Comply with legal obligations, enforce our Terms, prevent abuse, and protect the rights, safety, and security of ChatPilot, customers, end users, and the public.

If the GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following legal bases:

• Contract: to provide ChatPilot, manage accounts, process subscriptions, provide support, and deliver requested services.
• Legitimate interests: to secure the service, prevent fraud, improve products, understand usage, respond to inquiries, and market relevant services, provided those interests are not overridden by your rights and freedoms.
• Consent: where required for cookies, certain marketing communications, optional integrations, or other processing where we ask for permission. You may withdraw consent at any time.
• Legal obligation: to keep required business records, respond to lawful requests, comply with tax or accounting rules, and meet regulatory obligations.
• Vital interests or public interest: where needed in limited circumstances to protect someone from serious harm or comply with lawful public-interest obligations.

We do not sell personal information for money. We share information only as described in this policy, with appropriate contractual, technical, and organizational safeguards where required.

• Service providers: hosting, infrastructure, analytics, customer support, email delivery, security monitoring, database, storage, and payment processing vendors.
• Messaging and platform providers: Meta, WhatsApp, Facebook, Instagram, and other connected services needed to send messages, templates, campaign events, and delivery data.
• Payment processors: Stripe, M-Pesa providers, PayHero, banks, card networks, tax providers, and fraud prevention vendors.
• Connected integrations: services that a business customer authorizes, such as ecommerce stores, CRMs, advertising tools, analytics platforms, and data warehouses.
• Business customers: if you are an end user messaging a business through ChatPilot, your conversation and related data are available to that business.
• Legal and safety reasons: regulators, courts, law enforcement, professional advisers, or others where disclosure is necessary to comply with law, enforce agreements, prevent abuse, or protect rights and safety.
• Business transfers: parties involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.

Some analytics or advertising activities may be considered "sharing" or "targeted advertising" under certain privacy laws. Where required, we provide opt-out controls or honor legally recognized browser-based opt-out signals.

ChatPilot uses cookies, pixels, local storage, SDKs, and similar technologies to keep users signed in, remember preferences, secure the service, measure performance, understand product usage, and support marketing analytics.

Cookies may be set by ChatPilot or by third parties such as Google Analytics, Meta advertising tools, payment processors, and customer support tools. You can control cookies through your browser settings, device settings, and any cookie consent controls we provide. Blocking some cookies may affect account login, security, analytics, or other platform features.

Some browsers offer "Do Not Track" or global privacy control signals. We respond to legally required opt-out preference signals where applicable and continue to evaluate recognized standards as they evolve.

We retain personal information for as long as reasonably necessary to provide ChatPilot, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and support legitimate business purposes.

Account information is generally retained while an account is active. Conversation data, analytics, billing records, logs, and backups may be retained for different periods depending on customer settings, legal requirements, security needs, and contractual commitments. When information is no longer needed, we delete, de-identify, or aggregate it in accordance with our retention practices.

ChatPilot is designed for global use, and personal information may be processed in countries other than where you live. These countries may have privacy laws that differ from your local laws.

When required, we use appropriate safeguards for international transfers, such as standard contractual clauses, data processing agreements, vendor due diligence, access controls, encryption, and transfer impact assessments.

We use administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and loss. These measures may include encryption in transit, access controls, authentication controls, monitoring, logging, vendor review, employee access limits, and incident response procedures.

No online service can guarantee absolute security. You are responsible for using a strong password, protecting your account credentials, limiting account access to authorized users, and promptly telling us about suspected unauthorized access.

Depending on your location and relationship with ChatPilot, you may have rights over your personal information.

GDPR, UK GDPR, and similar rights. You may have the right to request access, correction, deletion, restriction, portability, or objection to processing. You may also withdraw consent where processing is based on consent and lodge a complaint with a data protection authority.

California privacy rights. California residents may have the right to know what personal information we collect, use, disclose, sell, or share; request deletion; request correction; opt out of sale or sharing and certain targeted advertising; limit use of sensitive personal information where applicable; and be free from discrimination for exercising privacy rights.

Canadian and other regional rights. Residents of Canada and other jurisdictions may have rights to access, correct, withdraw consent, challenge processing, or file a complaint with a privacy regulator, subject to local law.

To exercise privacy rights, contact us at privacy@chatpilot.biz. We may need to verify your identity and authority before acting on a request. If we process your information on behalf of a business customer, we may direct your request to that business or assist them in responding, as required by applicable law.

ChatPilot is not directed to children under 13, or the higher age required by local law, and we do not knowingly collect personal information from children without required consent. If you believe a child has provided personal information to us, contact us at privacy@chatpilot.biz and we will take appropriate steps to delete it.

Business customers are responsible for using ChatPilot in a manner that complies with laws that protect minors, including requirements for parental consent where applicable.

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as posting a notice in the service, sending an email, or updating the date at the top of this page. Your continued use of ChatPilot after an update means the revised policy applies from the effective date allowed by law.

If you have questions about this Privacy Policy or want to exercise a privacy right, contact us:

• Email: privacy@chatpilot.biz
• Support: support@chatpilot.biz
• Website: https://chatpilot.biz
• Mailing address: ChatPilot, Nairobi, Kenya