Your Privacy Matters
We are committed to protecting your personal data and being transparent about how we use it.
Table of Contents
This Privacy Policy explains how Chatori ("we", "us", or "our") collects, uses, and protects information when you use our WhatsApp automation services and this application. By using our service, you agree to this policy.
1. Who We Are
Chatori is a WhatsApp Business automation platform that helps local businesses automate customer communication, reservations, and CRM workflows. Our primary website is chatori.at.
This application ("Chatori App") is operated under the Chatori brand and is used to manage WhatsApp integrations, AI responses, and calendar synchronisation for our customers.
Data Controller: Chatori · Email: office@chatori.at
2. Data We Collect
We collect the following categories of information:
- Account Information: Name, email address, business name, phone number provided during registration or setup.
- WhatsApp Data: Messages sent and received through your connected WhatsApp Business number, including customer phone numbers and message content, as needed to provide the automation service.
- Google Calendar Data: When you connect Google Calendar, we access calendar event data to manage reservations. We request only the minimum permissions required (read/write access to calendars you authorise).
- Usage Data: Log data such as IP addresses, browser type, pages visited, and timestamps when you access the admin dashboard.
- Configuration Data: Settings, AI profiles, FAQs, and business hours that you configure within the application.
3. How We Use Your Data
We use your data to:
- Deliver and operate the WhatsApp automation service on your behalf
- Respond to customer messages using your configured AI profiles and FAQs
- Synchronise reservations and appointments with Google Calendar
- Send transactional and operational emails (e.g., calendar connection confirmations)
- Monitor service performance, diagnose errors, and improve the platform
- Comply with legal obligations
We do not sell your data or use it for advertising purposes.
4. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR):
- Contract performance: Processing necessary to deliver the services you've subscribed to.
- Legitimate interests: To operate, secure, and improve the platform.
- Legal obligation: To comply with applicable laws and regulations.
- Consent: For optional integrations such as Google Calendar, where you explicitly authorise access.
5. Data Sharing & Third Parties
We share data only with the following trusted providers:
- Meta (WhatsApp Cloud API): To send and receive WhatsApp messages on your behalf. Governed by Meta's Business Terms.
- Google (Calendar API): To sync reservations when you connect Google Calendar. Governed by Google's Privacy Policy.
- OpenAI / AI Providers: Message content may be sent to AI providers to generate responses, subject to their data processing terms.
- Hosting Providers: Infrastructure and data storage providers (e.g., cloud hosting) operate under strict data processing agreements.
We do not disclose your data to third parties for marketing or analytics beyond what is stated above.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the service. Specifically:
- Conversation and message logs: retained for up to 12 months by default.
- Account data: retained until account deletion or termination.
- Logs and analytics: retained for up to 6 months.
You may request earlier deletion by contacting us at office@chatori.at.
7. Your Rights
Under GDPR and applicable data protection law, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten") under certain conditions
- Restrict processing in certain circumstances
- Data portability — receive your data in a machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time for consent-based processing
To exercise any of these rights, contact us at office@chatori.at. We will respond within 30 days.
8. Cookies
This application uses the following cookies:
- Session cookies: Essential for login and authentication to the admin panel.
- CSRF token: Security cookie to prevent cross-site request forgery.
We do not use third-party tracking or advertising cookies on this application.
9. Security
We implement appropriate technical and organisational measures to protect your data, including:
- HTTPS encryption for all data in transit
- Encrypted storage of sensitive credentials (e.g., API tokens)
- Access controls and authentication for the admin panel
- Regular security reviews
While we take security seriously, no system is completely immune. If you discover a vulnerability, please report it to office@chatori.at.
10. Children's Privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us: