Privacy Policy
Last updated: July 8, 2026
ConvoFly ("ConvoFly", "we", "us", or "our") is a business messaging platform that lets businesses connect their WhatsApp Business Account and other messaging channels to send, receive, organize, and automate conversations with their own customers from a single inbox. This Privacy Policy explains what information we process, why we process it, and the choices available to businesses that use ConvoFly and to the customers who message them.
ConvoFly connects to the WhatsApp Business Platform (WhatsApp Cloud API) and to other Meta products (Instagram and Facebook Messenger) as a Meta Tech Provider. Our access to and use of information obtained through Meta APIs complies with the Meta Platform Terms and Developer Policies, including the WhatsApp Business Messaging Policy.
Who This Policy Covers
- Business users — the organizations and their team members (agents) who sign in to ConvoFly to manage conversations.
- End customers — the people who message a business through a channel that the business has connected to ConvoFly. We process end-customer data on behalf of, and under the instructions of, that business.
Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account & connection data | Business name, your login email, WhatsApp Business Account (WABA) ID, phone number ID, display phone number, verified business name, business verification status, and the access tokens needed to operate the connected account. | Provided by you and returned by Meta Embedded Signup / Graph API when you connect an account. |
| Conversation data | Message content (text, images, documents, audio/voice notes, video, stickers, location, and contact cards), sender and recipient phone numbers or platform IDs, sender display names, message IDs, timestamps, and delivery/read status. | Received from the WhatsApp Cloud API and Meta messaging webhooks when a customer messages the connected business or the business replies. |
| Team & usage data | Agent accounts and actions, message assignments, tags, quick replies, automation rules, broadcasts, and audit/activity records. | Created by your team as you use ConvoFly. |
| Integration data | Where you enable an integration, data needed to run it — e.g. Shopify order and customer details, or Google Sheet rows — limited to what the workflow requires. | Retrieved from the third-party service you connect (Shopify, Google, etc.). |
| Technical data | Log data, IP address, and request metadata used to operate, secure, and debug the service. | Generated automatically when the service is used. |
How We Use Information
- To receive, display, organize, and reply to customer messages on behalf of the connected business.
- To route each conversation to the correct organization, connected channel, and agent.
- To provide inbox features such as tags, read status, quick replies, message history, broadcasts, and automations.
- To run integrations you explicitly enable (for example, looking up a Shopify order to answer a customer, or logging a row to Google Sheets).
- To send messages initiated by your business or by automation rules your business has configured.
- To secure the service, prevent abuse and fraud, troubleshoot issues, and improve reliability.
We do not use the content of customer messages to build advertising profiles, and we do not sell personal information. We do not use Platform Data received from Meta for any purpose other than providing and improving the messaging features the business has asked us to perform.
How We Share Information
We share information only in these limited ways:
- Service providers (sub-processors) that host and run the platform on our behalf, including our application host (Heroku), our database provider, our media/object storage provider (Cloudflare R2), and Meta's APIs. Where you enable them, integration providers such as Google and Shopify also process the relevant data.
- Within your organization — connected accounts and conversations are visible to the agents of the business that owns them, and only that business.
- Legal and safety — when required by law, regulation, legal process, or to protect the rights, property, or safety of ConvoFly, our users, or the public.
We do not sell or rent personal information to third parties.
Data Retention
We retain connection and conversation data for as long as the business account remains connected and as needed to provide the service. A business may request deletion of its connected account and conversation data at any time (see below). Some records may be retained for a limited period where required for security, fraud prevention, legal compliance, backups, or dispute resolution, after which they are deleted or anonymized.
Data Deletion
A business can request deletion of its data at any time. See our Data Deletion Instructions for how to submit a request and what is removed. A business may also disconnect an account, or remove ConvoFly's access from its Meta Business Settings, to stop future data collection.
Security
Access tokens are encrypted at rest, and we enforce tenant isolation so each organization can access only its own connected accounts and conversations. We use access controls, encrypted transport (HTTPS), and operational safeguards to protect data. No method of transmission or storage is perfectly secure, but we work continuously to protect information against unauthorized access.
International Transfers
ConvoFly and its service providers may process and store data in countries other than the one in which you are located. Where we transfer data, we take steps to ensure it remains protected consistent with this policy and applicable law.
Children's Privacy
ConvoFly is a business tool and is not directed to children. We do not knowingly collect personal information from children.
Your Rights
Depending on your location, you may have rights to access, correct, export, or delete personal data. Because ConvoFly processes end-customer data on behalf of the businesses that use it, end customers should direct such requests to the business they messaged; that business can act on them using ConvoFly, and we support businesses in fulfilling these requests. You can also contact us using the details below.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice.
Contact
For privacy questions or data requests, contact: hammad@rocketreply.io.