Privacy Policy
Last updated: April 11, 2025
1. Introduction
Buddy Ecom ("we," "our," or "us") is an AI-powered sales assistant that operates over WhatsApp and Instagram Direct Messages on behalf of e-commerce businesses ("Brands"). This Privacy Policy explains how we collect, use, store, and protect information relating to both Brand owners and their end customers when they interact with a Buddy Ecom-powered chatbot.
By using Buddy Ecom — whether as a Brand or as a customer chatting with a Buddy-powered bot — you agree to the practices described in this policy.
2. Information We Collect
2.1 From Brand Owners
- Business name, contact phone number, and email address
- Product catalogue, pricing, variants, and delivery information
- WhatsApp Business phone number(s) and associated WhatsApp Business Account ID
- Instagram Page ID and associated access tokens (when Instagram DMs are enabled)
- Brand tone, language preferences, and customer service policies
- Subscription and billing information
2.2 From End Customers (via WhatsApp & Instagram DMs)
- WhatsApp phone number or Instagram Scoped User ID (IGSID)
- Message content and full conversation history with the bot
- Order details: product name, variant, quantity, delivery address, phone number, payment method
- Detected language preference (English, Arabic, Lebanese Arabizi)
- Message timestamps and WhatsApp / Instagram message IDs
2.3 Technical Data
- Server logs, webhook event logs, and error reports
- System events such as failed message deliveries or escalation triggers
3. How We Use Your Information
- Operate the AI sales assistant and process customer orders on behalf of Brands
- Generate AI replies using conversation context (sent to OpenAI for processing)
- Send order confirmations and escalation notifications to Brand owners
- Detect language and personalise responses in English, Arabic, or Lebanese Arabizi
- Maintain conversation history to provide continuity across sessions
- Detect and prevent abuse, duplicate messages, and system errors
- Comply with Meta's platform policies and applicable laws
- Improve our models, prompts, and overall service quality
4. Meta Platform Data (WhatsApp & Instagram)
Buddy Ecom integrates with the WhatsApp Business Platform and Instagram Messaging API, both provided by Meta Platforms, Inc. By using our service, you acknowledge:
- Message data is received via Meta webhooks and stored in our secure database
- We do not sell or share Meta platform data with third parties other than those listed in Section 5
- We comply with Meta's Platform Terms and Developer Policies
- Instagram users may revoke app access at any time via Instagram Settings → Apps and Websites. Upon revocation, we automatically deactivate the associated account in our system
- Users may submit a data deletion request as described in Section 7
5. Third-Party Services
We share data with the following trusted third-party providers solely to operate the service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Meta (WhatsApp & Instagram) | Message delivery | Reply text, recipient ID |
| OpenAI | AI response generation | Conversation history, brand info (no full PII) |
| Supabase / PostgreSQL | Database storage | All structured data |
| Render | Backend hosting | Server-side processing |
| Vercel | Frontend hosting | Web traffic only |
6. Data Storage and Security
All data is stored in a PostgreSQL database hosted on Supabase with SSL encryption in transit and encryption at rest. Access is restricted to authorised personnel and automated system processes only.
We implement technical and organisational safeguards including environment variable isolation, webhook deduplication, and access logging. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Your Rights & Data Deletion
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate data be corrected
- Deletion — request that your data be deleted from our systems
- Objection — object to certain types of processing
- Portability — receive your data in a structured, machine-readable format
To submit a data deletion request, contact us at privacy@buddyecom.co or via WhatsApp. We will process your request within 30 days.
Instagram users may also revoke access via Instagram Settings → Security → Apps and Websites, which will automatically deactivate your account in our system.
8. Data Retention
We retain conversation history and order data for as long as the Brand's account is active, plus a maximum of 12 months after account termination, unless a longer period is required by law or requested by the Brand. Technical logs are purged after 90 days.
9. Children's Privacy
Our service is not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe we have received data from a child, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the revised policy.
11. Contact Us
For any questions, data requests, or concerns about this Privacy Policy:
- Email: privacy@buddyecom.co
- WhatsApp: Chat with us on WhatsApp
- Company: Buddy Ecom by Buddy AI
- Website: https://www.buddyecom.co