Privacy Policy

If you are a business customer, you are generally the data controller for your end-customer conversations. 7Unit acts as a data processor and processes that data only to provide the Pingbot service under your instructions and our service agreement.

If you are an end customer messaging a business on WhatsApp, contact that business first about your data. They can reach us if needed.

This policy also covers visitors to our marketing website and dashboard users who manage a Pingbot account.

Business customers and dashboard users: name, email, phone number, company details, billing information, WhatsApp Business identifiers (phone number ID, WABA ID), bot configuration, knowledge-base content you upload (price lists, FAQs, services, documents), consent attestations, and usage metrics (message volumes, token usage, feature usage).

End customers (via WhatsApp): phone number, display name where available, message content (text and media), delivery/read status, timestamps, and data extracted during conversations (for example lead fields or booking details).

Website visitors: basic analytics such as pages viewed, referrer, and device type through privacy-friendly analytics on our marketing site.

Technical and security logs: structured service logs with tenant, conversation, and trace identifiers for reliability, debugging, and security. Routine error monitoring does not include message content.

We use personal data to:

• Receive, process, and reply to WhatsApp messages on your business number
• Qualify leads, book appointments, capture orders, and perform human handover when needed
• Ground replies in your uploaded knowledge base and configured persona
• Provide the tenant dashboard, daily summaries, exports, and support during onboarding
• Enforce plan limits, billing, and per-tenant rate and token budgets
• Monitor platform health, prevent abuse, and comply with legal obligations

AI replies are generated using Anthropic models with your business content. Customer messages are treated as data, not instructions. Automated actions (such as booking or lead capture) are validated server-side before execution. We do not use end-customer message content to train general-purpose AI models.

Pingbot uses a queue-first architecture designed for reliability and tenant isolation:

• Durable records (conversations, contacts, leads, configuration, usage metering) are stored in a managed PostgreSQL database hosted outside our compute servers, with row-level security per tenant.
• Ephemeral data (message queues, conversation context cache, rate limiters, tenant config cache) is held in Redis on our secured VPS infrastructure.
• Media received via WhatsApp is downloaded promptly (Meta media URLs expire quickly) and archived to secure object storage under tenant-scoped paths.
• Compute services (webhook ingestion, AI workers, outbound sender, dashboard API, scheduler) run as stateless containers on secured VPS infrastructure behind Cloudflare.
• Dashboard and marketing frontends are hosted on Vercel and communicate with our API over HTTPS.

Backups and retention policies are applied to durable stores. Cross-border processing may occur where our subprocessors operate; we apply appropriate safeguards where required.

We share data only as needed to operate Pingbot:

• Meta — WhatsApp Cloud API (message delivery, templates, status webhooks)
• Anthropic — intent classification and reply generation (metered per tenant)
• Razorpay — subscription billing and payment lifecycle
• Cloudflare — DNS, TLS, WAF, and edge protection
• Vercel — hosting for the marketing site and dashboard frontend
• Sentry — error monitoring (without routine inclusion of message content)

We do not sell personal data to advertisers or data brokers.

Default retention for raw message bodies is 12 months unless a different period is agreed in writing. After that, data may be reduced to anonymised aggregates. Business customers can export conversations and leads from the dashboard (JSON/CSV).

On cancellation or offboarding, you may request export before account closure. We run a hard-delete process on offboarding and can provide completion confirmation where contracted. We may retain limited billing or legal records as required by law.

End customers can opt out of further automated messaging by sending STOP (or equivalent). Opt-out is processed in the message pipeline and honoured for that contact.

Depending on applicable law — including India's Digital Personal Data Protection Act (DPDP) — you may have rights to access, correct, erase, restrict, or object to processing of your personal data, and to lodge a complaint with a supervisory authority where applicable.

We apply layered controls including webhook HMAC verification, tenant isolation in the application and database, encryption in transit, access controls on production systems, rate limits per tenant, and monitoring for platform health. No system is perfectly secure; please use strong credentials and limit dashboard access to trusted staff.

Pingbot is a business service and is not directed at children. We do not knowingly collect personal data from children under 18 without appropriate consent and lawful basis.

We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use of Pingbot after changes take effect constitutes acceptance where permitted by law.

Privacy questions, data requests, or processor enquiries: privacy@7unit.tech, WhatsApp +91 70907 73300.