Privacy Policy
Last updated: April 2026
DaveSoftBot is committed to protecting your privacy. This Policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Account data | Business name, WhatsApp phone number | Account creation & authentication |
| Payment data | Billing details (processed by Stripe — we never store card numbers) | Subscription management |
| Bot configuration | Menu content, business hours, translations | Operating your bot |
| Customer contacts | Phone numbers, names, conversation history | Bot functionality |
| Usage data | Message counts, AI usage, log files | Quota enforcement & debugging |
2. How We Use Your Data
- Provide, operate, and improve the Service
- Process payments and manage subscriptions
- Send transactional notifications (OTP codes, support replies)
- Enforce usage quotas and Terms of Service
- Comply with legal obligations
We do not sell your data or your customers’ data to third parties. We do not use conversation data for AI training.
3. Data Storage and Security
- Data is stored on servers using industry-standard encryption.
- Payment data is processed by Stripe (PCI-DSS Level 1 certified).
- WhatsApp session keys are stored encrypted.
- We perform daily backups retained for 30 days.
4. Data Sharing
We share data only with:
- Stripe — payment processing
- Groq / OpenAI / other AI providers — only if you enable AI features
- Cloudflare — DDoS protection and CDN
- Legal authorities when required by law
5. Your Customers’ Data (GDPR)
You (the bot owner) are the data controller for your customers’ data. DaveSoftBot acts as a data processor on your behalf. You are responsible for having a lawful basis to process your customers’ data via WhatsApp.
6. Data Retention
- Active account data: retained for the duration of your subscription.
- Cancelled accounts: data retained for 90 days, then permanently deleted.
- Log files: retained for 30 days.
7. Your Rights (GDPR)
If you are in the EU/EEA/UK, you have the right to:
- Access, correct, or delete your personal data
- Object to or restrict processing
- Data portability (export your data)
- Lodge a complaint with your local data protection authority
To exercise these rights, contact us at [email protected].
8. Israeli Privacy Rights
If you are an Israeli resident, you have additional rights under the Privacy Protection Law (חוק הגנת הפרטיות, תשמא״-1981):
- Right to review your personal data held in our databases (§13)
- Right to request correction of inaccurate data (§14)
- Right to request deletion of your data
- Right to withdraw consent for data processing
- Right to object to use of your data for direct marketing
- Right to file a complaint with the Israeli Law, Information and Technology Authority (ILITA)
9. Other Jurisdictional Rights
- California (CCPA/CPRA): California residents may request disclosure or deletion of personal information. We do not sell personal information.
- Brazil (LGPD): Brazilian data subjects may exercise rights under the Lei Geral de Proteção de Dados, including access, correction, anonymization, and portability.
To exercise any of these rights, contact [email protected].
10. Cookies
We use a single session cookie (ds_mgr_sid) for authentication. No tracking or advertising cookies are used.
11. Contact
Privacy questions: [email protected]
← Back to Home