Legal

Privacy Policy

Last Updated: May 19, 2026

Aflatoon AI is a WhatsApp Business automation platform. This policy explains how we handle personal data collected through our platform — including data from business clients and from end-users who interact with Aflatoon-powered chatbots.

1Overview

Aflatoon AI (Private) Limited ("Aflatoon AI", "we", "us", or "our") operates a WhatsApp Business AI chatbot platform that enables businesses to automate customer engagement via the WhatsApp Business API. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you interact with our platform — whether you are a business client using our services or an end-user engaging with an Aflatoon AI-powered chatbot. By using our services or interacting with any chatbot powered by Aflatoon AI, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use immediately.

2Who We Are

Aflatoon AI (Private) Limited is a technology company registered in Pakistan, operating an AI chatbot automation platform. We act as a data processor on behalf of our business clients and, in some cases, as a data controller for platform-level operations. Company Name: Aflatoon AI (Private) Limited Registered Address: Plot No. 183, Sector I-10/3, Islamabad, Pakistan Contact Email: [email protected] Contact Phone: +92 323 985 6439

3Information We Collect

From Business Clients (Operators)

  • Full name, business name, and contact details during onboarding
  • WhatsApp Business Account (WABA) credentials and phone numbers via Meta Embedded Signup
  • Billing and payment information
  • Configuration data: bot workflows, menu/catalogue content, business hours, delivery policies
  • Usage data: message volumes, session logs, API call records

From End-Users (Customers of Aflatoon AI-Powered Chatbots)

  • WhatsApp phone number (provided automatically by the WhatsApp platform)
  • Display name as set in the user's WhatsApp profile
  • Messages, voice notes, and media files sent to the chatbot
  • Order and booking details: name, delivery address, item selections, payment method preferences
  • Application or membership data (e.g., for non-profit or political party clients): full name, city, province, education level, profession
  • Payment screenshots shared for order confirmation
  • Location data when voluntarily shared by the user within chat

Automatically Collected Technical Data

  • IP addresses and device identifiers
  • Timestamps of messages and API interactions
  • Browser type and operating system (for web-based dashboard access)
  • Webhook event metadata from Meta's WhatsApp Business API

4How We Use Your Information

  • To operate and deliver the Aflatoon AI chatbot platform and its features
  • To facilitate business onboarding via Meta's Embedded Signup flow
  • To process and relay messages between end-users and business clients through WhatsApp
  • To route and store orders, applications, bookings, or other structured submissions on behalf of business clients
  • To improve AI model performance, response quality, and platform reliability
  • To send transactional communications (order confirmations, escalation alerts, system notifications)
  • To comply with legal obligations under Pakistani law and Meta's Platform Policies
  • To prevent fraud, abuse, and unauthorized access
  • To generate anonymized, aggregated analytics for platform improvement

5Meta Platform & WhatsApp Business API

Aflatoon AI integrates with Meta's WhatsApp Business API and uses Meta's Embedded Signup to connect business clients' WhatsApp Business Accounts (WABAs). In doing so: - We request only the permissions necessary to send and receive WhatsApp messages on behalf of our business clients. - We do not use Meta platform data to target advertising or build user profiles for ad purposes. - We do not transfer WhatsApp conversation data to third-party ad networks. - We comply with Meta's Platform Terms, Business Messaging Policy, and WhatsApp Commerce Policy at all times. - Business clients remain the data controllers for their customers' data; Aflatoon AI acts as a processor. - Meta's own Privacy Policy governs data processed directly by Meta. We encourage you to review it at https://www.whatsapp.com/legal/privacy-policy.

6How We Share Information

We do not sell personal information. We may share data in the following limited circumstances:

  • With Business Clients: End-user conversation data, orders, and application details are shared with the respective business client whose chatbot the user interacted with.
  • With Meta Platforms, Inc.: Message data is transmitted through Meta's WhatsApp Business API infrastructure as required for service operation.
  • With Service Providers: Trusted third-party vendors (e.g., cloud hosting, database providers) who process data on our behalf under strict confidentiality agreements.
  • For Legal Compliance: Where required by Pakistani law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, with appropriate notice to affected parties.
  • With Your Consent: For any other purpose, only with your explicit consent.

7Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this policy or as required by law: - Business client account data: retained for the duration of the client relationship plus 2 years. - End-user conversation data: retained for up to 12 months unless a business client requests earlier deletion. - Order and application records: retained per the business client's configuration, typically 12–24 months. - Technical logs: retained for 90 days. Upon termination of a business client account, associated end-user data is deleted within 30 days unless legal obligations require otherwise.

8Data Security

We implement industry-standard technical and organizational measures to protect personal information, including: - Encrypted data transmission (TLS/HTTPS) - Access controls and authentication for platform dashboards - Restricted internal access to production data on a need-to-know basis - Regular security reviews and vulnerability assessments No system is completely immune to breach. We will notify affected parties in the event of a data breach as required under applicable law.

9Children's Privacy

Our platform is not directed at children under the age of 13. We do not knowingly collect personal data from minors. If we become aware that a child under 13 has provided personal information, we will delete it promptly. If you believe we have inadvertently collected such data, please contact us at [email protected].

10Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal and contractual obligations.
  • Restriction: Request that we limit how we process your data.
  • Objection: Object to processing based on legitimate interests.
  • Portability: Request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Note: for data held on behalf of a business client, we may need to direct your request to that client as the data controller.

11Cookies & Tracking

Our web-based dashboard may use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyse usage patterns. You can control cookie settings through your browser. Disabling cookies may affect certain platform features. We do not use cookies to serve advertisements.

12Third-Party Services

Our platform may integrate with or link to third-party services (e.g., payment gateways, mapping services, CRMs). This Privacy Policy does not cover those third parties. We encourage you to review the privacy policies of any third-party service you interact with through our platform.

13Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via email to business clients or via a notice on our platform. Continued use of our services after any update constitutes acceptance of the revised policy.

14Contact Us

For privacy-related queries, requests, or complaints: Aflatoon AI (Private) Limited Plot No. 183, Sector I-10/3, Islamabad, Pakistan Email: [email protected] Phone: +92 323 985 6439

© 2026 Aflatoon AI (Private) Limited. All rights reserved. Plot No. 183, Sector I-10/3, Islamabad, Pakistan.