Privacy Policy

Last updated: April 4, 2026

1. Who We Are

ZenithChat ("we", "our", "us") is a B2B SaaS platform that enables businesses to deploy AI-powered conversational agents on WhatsApp and Instagram. This policy explains how we collect, use, and protect personal data.

For the purposes of data protection law, ZenithChat acts as a Data Processor on behalf of our business clients (the Data Controllers), who determine the purposes and means of processing their end users' personal data.

2. Data We Collect

From business clients (account holders):

• Name, email address, and billing information
• Business details (company name, industry, WhatsApp/Instagram account info)
• Configuration data (bot settings, knowledge base content, automation rules)

From end users (your customers' contacts):

• Phone number and/or Instagram username
• Message content exchanged via WhatsApp or Instagram
• Order and scheduling data created during conversations

3. How We Use Data

• To provide and maintain the ZenithChat platform
• To process AI-powered conversations on behalf of our clients
• To handle billing and subscription management
• To improve our services and develop new features
• To comply with legal obligations

4. AI Processing

Messages are processed by AI language models to generate conversational responses. Message content is sent to third-party AI providers (Google, Anthropic) for processing. We do not use conversation data to train AI models. AI-generated responses are provided on behalf of our business clients.

5. Data Sharing

We share data only with:

• AI providers (Google, Anthropic) — for message processing
• Meta — as required for WhatsApp and Instagram messaging APIs
• Payment processors (Stripe) — for subscription billing
• Our business clients — who receive their end users' conversation data

We do not sell personal data to third parties.

6. Data Retention

Conversation data is retained for the duration of the client's active subscription. Clients may request deletion of their data at any time. Upon account termination, all associated data is deleted within 30 days.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, tenant-isolated data architecture, encrypted storage of third-party API credentials, and regular security reviews.

8. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. End users should contact the business they interacted with (the Data Controller). Business clients can contact us directly.

9. International Transfers

Data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers.

10. Cookies

Our dashboard uses essential cookies for authentication and session management. We do not use tracking or advertising cookies.

11. Children's Privacy

ZenithChat is a B2B service not directed at individuals under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email to registered clients.

13. Contact

For privacy inquiries:
Email: hello@zenithchat.ai
ZenithChat — Lisbon, Portugal