Privacy Policy

Mesengr("we", "our", "us") operates an AI-powered WhatsApp business automation platform. This Privacy Policy explains how we collect, use, store, and share information when you use our services — including information processed through the Meta WhatsApp Business Platform.

By using Mesengr, you agree to the practices described in this policy. If you do not agree, please do not use our services.

This policy applies to:

• Business clients — companies and individuals who subscribe to Mesengr to automate their WhatsApp communications.
• End customers — individuals who interact with a Mesengr-powered WhatsApp bot operated by one of our clients.
• Website visitors — anyone who visits mesengr.co or any Mesengr web property.

3.1 Account & Business Information

When you register or are onboarded as a business client, we collect:

• Business name, owner name, email address, and phone number
• WhatsApp Business Account (WABA) ID and phone number ID (obtained via Meta Embedded Signup)
• Business category, timezone, and operational settings
• Billing information (processed by Paystack — we do not store card numbers)
• Payment history and subscription status

3.2 WhatsApp Message Data

Mesengr connects to your WhatsApp Business Account via the Meta WhatsApp Business Platform. Through this integration, we receive and process:

• The content of inbound messages sent by your customers to your WhatsApp number
• The content of outbound messages our AI sends on your behalf
• Sender phone numbers and display names provided by WhatsApp
• Message IDs, timestamps, and delivery status metadata
• Media attachments (if enabled — images, documents, audio)

This message data is stored in our database to enable conversation continuity, AI context, analytics, lead tracking, and order management. Message content is never used to train AI models and is never shared with third parties for marketing purposes.

3.3 Business Catalog & Configuration Data

We store product catalogs, FAQs, pricing, delivery policies, and bot configuration that you provide during onboarding. This data is used solely to generate accurate AI responses for your customers.

3.4 Usage & Analytics Data

We automatically collect:

• Conversation counts and monthly usage metrics
• Bot performance statistics (leads captured, orders taken, escalations)
• Service uptime and error logs
• IP addresses and browser information for web dashboard access

We use the data we collect to:

• Operate and improve the Mesengr platform
• Generate AI-powered replies to your customers' WhatsApp messages using Anthropic Claude
• Provide your business dashboard with conversation history, leads, orders, and escalations
• Process payments and manage your subscription through Paystack
• Send transactional emails (bot status, payment receipts, usage alerts) via Resend
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do notsell your data, your customers' data, or WhatsApp message content to any third party. We do not use message content for advertising.

Mesengr is built on the Meta WhatsApp Business Platform. Our use of WhatsApp data is governed by:

• WhatsApp Business Policy
• Meta Platform Terms
• WhatsApp Business Data Processing Terms

Key commitments for WhatsApp data:

• WhatsApp message data is only used to deliver the messaging service your business has contracted us for.
• Message data is not used to target users with advertisements.
• Message data is not shared with Meta or third parties for advertising purposes.
• We process message data as a data processor on behalf of our business clients, who are the data controllers for their customers' messages.
• Access tokens for your WhatsApp Business Account are stored securely and used only to send/receive messages on your behalf.

We share data with the following trusted service providers who process it on our behalf:

We do not share data with any other third parties except where required by law or with your explicit consent.

We retain data for the following periods:

• WhatsApp conversation messages: Retained for the duration of your active subscription plus 90 days after termination, then permanently deleted.
• Account and business data: Retained for the duration of your subscription plus 1 year for billing/legal compliance purposes.
• Payment records: Retained for 7 years as required by Nigerian financial regulations.
• Usage analytics: Aggregated (non-personally identifiable) analytics may be retained indefinitely.

You may request earlier deletion of your data by contacting us at hello@mesengr.co.

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) for all data transfers
• Encryption at rest for database storage via Supabase
• WhatsApp access tokens stored securely in an isolated database with access controls
• Row-level security (RLS) policies ensuring each client can only access their own data
• Regular security reviews and dependency updates

No system is perfectly secure. If you discover a vulnerability, please report it to hello@mesengr.co.

Depending on your location, you may have rights including:

• Access: Request a copy of the data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data (subject to legal retention obligations).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain types of processing.

To exercise any of these rights, email us at hello@mesengr.co with the subject "Privacy Request". We will respond within 30 days.

For end customers whose data is processed on behalf of a Mesengr business client, please contact that business directly. We will cooperate with deletion requests upon their instruction.

Our website uses minimal cookies to maintain login sessions and remember preferences. We do not use advertising cookies or sell cookie data. You may disable cookies in your browser, though this may affect dashboard functionality.

As a Nigerian business using global infrastructure, your data may be processed in countries outside Nigeria including the United States and European Union. We rely on our sub-processors' standard contractual clauses and privacy frameworks to provide equivalent protection.

Mesengr is not intended for use by persons under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a minor, contact us immediately.

We may update this policy from time to time. We will notify active business clients of material changes by email at least 14 days before they take effect. Continued use of Mesengr after the effective date constitutes acceptance of the updated policy. The current version is always available at mesengr.co/privacy.

For privacy-related questions, requests, or concerns: