Data protection and transparency

Privacy Policy

This Privacy Policy explains how BotLinkd collects, uses, shares, protects and retains personal and business data across the BotLinkd website, business messaging platform, Android application, connected integrations and support services.

Last updated:

Privacy summary

Data minimisation

BotLinkd collects and processes data needed to operate accounts, messaging, support, security, billing and requested integrations.

Business-controlled data

Business customers control the customer contacts, messages and business content they submit to BotLinkd.

No sale of personal data

BotLinkd does not sell personal information for monetary consideration.

Deletion requests

Verified account and data deletion requests are handled subject to legal, security, fraud, billing and operational retention requirements.

BotLinkd is an independent platform

BotLinkd is an independent business messaging platform built on the official WhatsApp Business Platform Cloud API. BotLinkd is not owned or operated by Meta. Use of WhatsApp and connected third-party services is also subject to the privacy terms and policies of those providers.

Scope of this Privacy Policy

This policy applies to personal data processed through:

  • the BotLinkd website and public marketing pages;
  • the BotLinkd business messaging and automation platform;
  • the BotLinkd Chat Android application;
  • the WebView experience that loads chat.botlinkd.com;
  • BotLinkd APIs, webhooks, integrations and connected applications;
  • the BotLinkd Shopify app and other supported e-commerce integrations;
  • account registration, billing, support, sales and demo requests; and
  • communications sent directly to BotLinkd.

This policy does not replace the privacy notice of a BotLinkd business customer. Businesses using BotLinkd remain responsible for providing appropriate notices and obtaining required permissions from their own customers, contacts, employees and other data subjects.

When BotLinkd is a controller or processor

BotLinkd may act in different privacy roles depending on the data and processing activity:

  • Controller: BotLinkd determines why and how account, website, billing, security, sales, support and direct relationship data is processed.
  • Processor or service provider: When a business customer submits contacts, messages, templates, media, customer records or other business content to BotLinkd, BotLinkd generally processes that data on the customer’s instructions to provide the service.
  • Business customer responsibility: The customer determines the purpose of its messaging, selects recipients, manages lawful permissions and is responsible for the accuracy and legality of the data it uploads or connects.

Enterprise customers may contact BotLinkd to discuss data-processing terms relevant to their account and use case.

Categories of data we collect or process

The categories depend on the products and features used.

Account and identity data

  • name, business name, username and account identifier;
  • email address, phone number and contact details;
  • role, team membership and account permissions;
  • business verification or onboarding information where required; and
  • support, sales and account correspondence.

Billing and transaction data

  • plan, subscription, invoice, payment status and transaction references;
  • billing contact and tax information where applicable; and
  • limited payment information received from payment processors.

BotLinkd does not intentionally store complete payment-card details when payment is handled by an external payment processor.

WhatsApp and business messaging data

  • WhatsApp Business Account and phone-number identifiers;
  • business profile, template and messaging configuration data;
  • contact phone numbers and customer profile information provided by the business;
  • message content, media, attachments, timestamps and delivery events;
  • conversation assignment, status, tags, notes and agent activity; and
  • campaign, automation, webhook and API event data.

Technical and usage data

  • IP address, browser, operating system, device and app information;
  • login activity, session identifiers and authentication events;
  • feature use, page views, clicks, app interactions and diagnostics;
  • crash reports, error logs, performance and security telemetry; and
  • cookie, local-storage or similar technology identifiers.

Integration and uploaded content

  • API keys, webhook configuration and connected-account identifiers;
  • CRM, e-commerce, order, product, customer and notification data;
  • documents, knowledge sources and media uploaded for platform or AI features; and
  • configuration settings and metadata associated with integrations.

How we collect data

BotLinkd may receive data:

  • directly from a user, account owner, administrator or agent;
  • from a business customer that uploads or connects customer information;
  • automatically from browsers, devices, applications, cookies and logs;
  • from Meta and the WhatsApp Business Platform;
  • from payment, hosting, analytics, security and support providers;
  • from Shopify, CRM, e-commerce and other connected integrations; and
  • from public business sources where reasonably needed for verification or support.

How we use personal and business data

BotLinkd uses data to:

  • create, secure and administer accounts;
  • provide two-way messaging, shared inbox, campaigns and automation;
  • send messages and receive delivery events through the official Cloud API;
  • provide AI-assisted replies, knowledge features and human handover controls;
  • operate APIs, webhooks and requested integrations;
  • process subscriptions, invoices and payments;
  • provide support, onboarding, notices and service communications;
  • monitor availability, diagnose faults and improve reliability;
  • protect accounts, prevent abuse, fraud, spam and security incidents;
  • enforce applicable terms and platform policies;
  • meet legal, tax, accounting, compliance and regulatory obligations; and
  • send marketing communications where permitted, with available opt-out controls.

Where applicable law requires a legal basis, processing may rely on performance of a contract, legitimate interests, consent, compliance with legal obligations or another basis permitted by law.

WhatsApp Business Platform data

BotLinkd connects eligible businesses to the official WhatsApp Business Platform Cloud API. Message delivery and related platform events involve Meta and are subject to Meta and WhatsApp terms, privacy practices and technical requirements.

Business customers are responsible for:

  • obtaining valid consent or another lawful basis before messaging contacts;
  • using approved templates where required;
  • maintaining accurate recipient and opt-out records;
  • avoiding spam, prohibited content, deception, harassment and abuse; and
  • providing their own privacy notice to message recipients.

BotLinkd does not own customer contacts or message content submitted by a business customer. Access and use are limited to operating, securing, supporting and improving the contracted service, complying with customer instructions and meeting legal or platform obligations.

Learn more from Meta’s official WhatsApp Business Platform privacy and security documentation.

AI-assisted features and uploaded knowledge

When a customer enables AI features, BotLinkd may process message content, conversation history, instructions, uploaded documents and approved business knowledge to generate responses, summaries, classifications or other requested outputs.

  • Customers control whether AI features are enabled for their workflows.
  • Human handover and AI pause controls remain available where supported.
  • Customers should not upload data they are not authorised to process.
  • Sensitive data should be limited to what is necessary for the intended business purpose.
  • AI outputs may be inaccurate and should be reviewed where decisions or important customer outcomes are involved.

Depending on the configured feature, selected content may be processed by an AI infrastructure or model provider acting as a service provider. Provider, region and enterprise data-handling options may vary by configuration. Customers with specific requirements should contact BotLinkd before enabling the feature.

Android application, WebView and Google services

This policy applies to the BotLinkd Chat Android application, including its WebView-based access to chat.botlinkd.com.

Depending on the application version and configuration, the app may use Google Mobile Ads, Firebase and Google Play services. These services may process data such as:

  • IP address and approximate network information;
  • device, app-instance or advertising identifiers;
  • app interactions, session and feature-use data;
  • crash logs, diagnostics and performance data;
  • fraud-prevention and security signals; and
  • advertising and consent information where advertising is enabled.

Google processes data under its own terms and privacy policy. Advertising may be personalised or non-personalised depending on consent, user settings, legal requirements and app configuration. Users may manage advertising and privacy settings through their device and Google account controls.

Review the Google Privacy Policy and Google’s explanation of data from partner apps and sites.

Shopify app and other integrations

When a merchant installs or connects the BotLinkd Shopify app, BotLinkd may process store, order, product, customer and configuration data required to provide the WhatsApp notifications and workflows requested by that merchant.

Depending on permissions and features, this may include:

  • store identifier, domain and app-installation information;
  • order number, status, totals, products and fulfilment details;
  • customer name, email, phone and shipping information;
  • notification preferences, template mappings and delivery events; and
  • webhook events and integration logs.

BotLinkd limits Shopify data use to providing, securing, supporting and improving the installed app and complying with legal or platform obligations. Merchants remain responsible for their store privacy notice, customer permissions and use of WhatsApp notifications.

Similar principles apply to CRM, WooCommerce, OpenCart, Magento, WHMCS and other supported integrations: BotLinkd processes connected data only as needed for the configured workflow and authorised service.

Cookies, local storage and analytics

BotLinkd may use cookies, local storage, pixels, tags and similar technologies for:

  • authentication, security and session continuity;
  • remembering settings and preferences;
  • measuring website and product performance;
  • diagnosing errors and preventing fraud;
  • understanding feature use and improving usability; and
  • advertising or campaign measurement where enabled and permitted.

Browser controls can block or remove cookies, but essential functionality may not work correctly without required storage. Where legally required, BotLinkd may request consent before enabling non-essential analytics or advertising technologies.

When data may be shared

BotLinkd does not disclose data indiscriminately. Data may be shared with:

  • Meta and WhatsApp: to connect accounts, transmit messages and receive platform events.
  • Hosting and infrastructure providers: to store, transmit, back up and secure service data.
  • Payment processors: to process payments, prevent fraud and maintain transaction records.
  • Google and mobile-service providers: for app distribution, advertising, analytics, diagnostics, security and performance where enabled.
  • AI and technical service providers: where needed to provide an enabled feature or integration.
  • Support and communications providers: to deliver account notices, customer support and service communications.
  • Connected applications: when a customer authorises BotLinkd to exchange data with an integration.
  • Professional advisers and authorities: where reasonably necessary for legal, tax, audit, security, fraud or compliance purposes.
  • Corporate transactions: where data is involved in a merger, acquisition, financing, reorganisation or sale of assets, subject to appropriate confidentiality and legal safeguards.

Service providers are expected to process data only for authorised purposes and under applicable contractual, security and confidentiality obligations.

Sale of data and advertising disclosures

BotLinkd does not sell personal information for monetary consideration.

The Android app or website may use analytics, advertising or measurement services. Under some privacy laws, certain disclosures of identifiers to advertising or analytics providers may be described as “sharing” or targeted advertising even when no money is received for personal information.

Where required, BotLinkd will provide applicable consent, opt-out or settings controls. Users may also manage advertising identifiers, permissions and personalised-ad settings through their browser, device or Google account.

Data security

BotLinkd uses reasonable technical and organisational safeguards designed to protect data against unauthorised access, loss, misuse, alteration and disclosure. Measures may include:

  • encrypted network connections using HTTPS/TLS where applicable;
  • access controls, authentication and role-based permissions;
  • credential, token and secret-management controls;
  • logging, monitoring, backup and recovery procedures;
  • security updates and vulnerability remediation;
  • provider and infrastructure security controls; and
  • staff access restrictions based on operational need.

No internet service can guarantee absolute security. Customers are responsible for protecting account credentials, limiting user permissions, maintaining secure devices and promptly reporting suspected account compromise.

Data retention, export and deletion

BotLinkd retains data for as long as reasonably needed to provide the service, maintain security, resolve disputes, enforce agreements and meet legal, tax, accounting and compliance requirements.

Retention periods vary according to the data category:

  • account and subscription data may be retained while an account is active;
  • billing and transaction records may be retained for legally required periods;
  • customer messaging data may be retained according to account settings, service needs and customer instructions;
  • security, fraud and audit logs may be retained for protective and evidentiary purposes;
  • temporary, expired, cache, session and non-essential diagnostic data may be deleted or anonymised when no longer needed; and
  • backup copies may remain for a limited backup cycle before being overwritten.

Where an export feature is available, account administrators may export supported contacts, conversations or records from the dashboard.

A verified account or data deletion request can be submitted through the Data Deletion Instructions page or by contacting [email protected]. Eligible deletion requests are normally completed within 30 days after identity and authority are verified, except where data must be retained for legal, tax, billing, fraud, security, dispute or compliance purposes.

Deleting a BotLinkd account does not automatically delete data held independently by Meta, WhatsApp, Google, Shopify, payment providers or another connected service. Requests relating to those providers may need to be submitted directly to them.

International data transfers

BotLinkd and its service providers may process data in countries other than the country where a user or customer is located. Privacy laws and government-access rules may differ between jurisdictions.

Where required, BotLinkd uses contractual, organisational or other lawful safeguards intended to support international data transfers. Customers with data-location or transfer requirements should contact BotLinkd before purchasing or enabling relevant integrations.

Your privacy rights and choices

Depending on location and applicable law, a person may have rights to:

  • request access to personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of eligible data;
  • request restriction of or object to certain processing;
  • request a portable copy of eligible data;
  • withdraw consent where processing relies on consent;
  • opt out of non-essential marketing communications;
  • opt out of certain targeted advertising or data sharing where applicable; and
  • submit a complaint to an appropriate data-protection authority.

BotLinkd may need to verify identity, account ownership or authority before acting on a request. Requests can be limited or declined where permitted by law, including where they affect another person’s rights, conflict with legal obligations or cannot be reliably verified.

When BotLinkd processes customer contact or message data solely on behalf of a business customer, the request should normally be directed first to that business. BotLinkd will support verified customer instructions where required.

Children’s privacy

BotLinkd is a business platform and is not directed to children. Users must have legal authority to enter into the applicable agreement and operate a business account.

Business customers must not knowingly use BotLinkd to collect or process children’s personal data without an appropriate lawful basis, required notices and parental or guardian permission where applicable. Contact BotLinkd if you believe children’s data has been submitted improperly.

Changes to this Privacy Policy

BotLinkd may update this policy to reflect changes in services, technologies, integrations, legal requirements or provider rules. The latest version will be published on this page with an updated revision date.

Where appropriate, material changes may also be communicated through email, account notices or an in-product message. Continued use after an effective update is subject to the revised policy and applicable Terms & Conditions.

Contact BotLinkd about privacy

Contact BotLinkd for privacy questions, data requests, account deletion, security concerns or clarification about a connected service.

Privacy and data requests

Include the registered account email, business name and a clear description of the request. Do not email passwords, complete payment-card details or unnecessary sensitive data.

Account and data controls

Need help with privacy, deletion or account data?

Review the deletion instructions or contact BotLinkd support with the registered account details needed to verify your request.

AI trust & verification LLMs indexing guide AI transparency notice