Disclaimer
This is a general template and not legal advice. You MUST consult with a qualified legal professional to ensure this policy is complete, accurate, and compliant with all applicable laws for your specific business, services, and jurisdictions (such as GDPR, CCPA, etc.).
Privacy Policy Template for Bote5
Last Updated: [Date]
1. Introduction
Welcome to Bote5 ("we," "us," or "our"). We provide [describe your solution, e.g., "a customer engagement platform," "an advertising analytics tool," "a WhatsApp Business messaging service"] (the "Services") to our business clients (our "Clients").
This Privacy Policy explains how we handle data when we provide our Services. It is important to understand our role:
Our Clients (the "Data Controllers"): Our Clients are the businesses that use our Services to interact with their customers ("End-Users"). They "control" the data, meaning they decide why and how personal data is collected and used.
We (the "Data Processor"): We only process data on behalf of and at the direction of our Clients. We do not use this data for our own purposes.
End-Users (the "Data Subjects"): These are the individuals who interact with our Clients, for example, by messaging our Client's Facebook Page or WhatsApp number.
This policy primarily describes our role and responsibilities as a Data Processor. If you are an End-User, you must read the privacy policy of the business you are interacting with (our Client), as they are the Data Controller responsible for your data.
2. Our Relationship with Meta (Facebook)
Our Services integrate with Meta platforms (including Facebook, Instagram, and WhatsApp), which provide data to us based on our Client's instructions.
As a registered Meta Tech Provider, we are contractually bound by the Meta Platform Terms and other related policies. We agree to:
Only process data (known as "Platform Data") on behalf of and at the direction of our Client.
Keep Platform Data for each Client segregated and secure.
Never use Platform Data for our own purposes, such as building user profiles for advertising.
Implement robust technical and organizational security measures to protect all data we process.
3. What Data We Process and Why
We only process the data that our Clients instruct us to process through their use of our Services. This data may include:
Data from Meta Platforms:
User Information: Publicly available information from Facebook or Instagram profiles (e.g., name, profile picture) when an End-User interacts with our Client's page.
Message Content: Messages, images, and other content that End-Users send to our Clients via Messenger, Instagram Direct, or WhatsApp.
Contact Information: WhatsApp or phone numbers of End-Users who communicate with our Clients.
Data from our Clients:
Our Clients may upload their own customer lists or other data into our Services to manage communications.
Technical Data:
Usage data and metadata (e.g., timestamps, message status) are necessary for the delivery and operation of the Services.
We process this data for the sole purpose of providing the Services to our Clients, such as:
Enabling our Client to receive, manage, and respond to End-User messages.
Delivering automated responses or notifications on behalf of our Client.
Providing analytics and reporting to our Client about their customer interactions.
Troubleshooting and maintaining the service.
4. Data Sharing (How We Act as a Processor)
We do not "sell" any personal data we process on behalf of our Clients. We only share data in the following limited circumstances, all of which are necessary to provide our Services:
With Our Client: The primary purpose of our service is to process data for our Client. They have access to the data related to their own End-Users.
With Our Sub-processors (Service Providers): We may use third-party service providers ("sub-processors") to help us operate our Services, such as cloud hosting providers (e.g., Amazon Web Services, Google Cloud) or infrastructure partners. We have strict data processing agreements with these providers, ensuring they only use the data as we instruct and maintain high security standards.
With Meta: Our Services necessarily transmit data to and from Meta's platforms to function (e.g., to send or receive a WhatsApp message).
As Required by Law: We may disclose data if we believe in good faith that it is required by law, a court order, or a valid legal request. We will notify our Client of such a request unless prohibited by law.
At Our Client's Direction: We may share data with other third-party services if our Client explicitly instructs us to do so (e.g., by integrating their account with another software).
5. Data Security
We take the security of the data we process very seriously. We have implemented robust administrative, physical, and technical safeguards to protect data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
Encryption: Data is encrypted both in transit (using TLS) and at rest.
Access Controls: Access to personal data is strictly limited to authorized personnel who require it to perform their job functions.
Data Segregation: Platform Data from each Client is logically separated and segregated from other Clients' data.
Vulnerability Management: We regularly conduct security assessments and patch management.
Incident Response: We have a plan in place to respond to any potential security incidents.
6. Data Retention
We retain personal data we process on behalf of our Clients for as long as the Client instructs us to, or as long as they maintain an active account with us.
When a Client terminates their account, we will delete or return all personal data associated with their account in accordance with our data processing agreement with them and the Meta Platform Terms.
7. Your Data Rights (for End-Users)
As we are a Data Processor, we do not have a direct relationship with you as an End-User. The business you are interacting with (our Client) is the Data Controller responsible for handling your data rights.
If you wish to exercise your rights—such as the right to access, correct, or delete your personal data—you must contact the Client (the business) directly.
If we receive a data rights request from an End-User, we will promptly forward the request to the relevant Client so they can respond.
8. Children's Privacy
Our Services are not intended for use by our Clients to knowingly collect data from children under the age of 13 (or another age as required by local law). We process all data at the direction of our Clients.
9. International Data Transfers
We may process and store data in jurisdictions outside of your home country, which may have different data protection laws. We ensure that any international transfer of data is done in compliance with applicable laws, such as by using Standard Contractual Clauses (SCCs) or other legal mechanisms.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, or the law. We will post any changes on this page and update the "Last Updated" date at the top.
11. Contact Us
If you are a Client of Bote5 and have questions about this policy or your data, please contact us at:
Bote5 4, Sunrise Road, Bangalore - 560049 info@printe5.in, e.g., privacy@bote5.com] [6385787229]
If you are an End-User, please direct your questions and data rights requests to the business you are interacting with.