Privacy Policy

Last updated: May 18, 2026

1. Who we are

talkady (“talkady”, “we”, “us”) operates a multi-tenant platform that lets businesses (“Customers” or “Tenants”) connect a WhatsApp number and provide AI-assisted customer service to their own end customers (“End Users”).

For data exchanged through a Customer’s connected WhatsApp account, talkady acts as a data processor on behalf of that Customer, who is the data controller for their End Users’ data. We process that data only to provide the service and only under the Customer’s instructions.

2. Data we process

Customer account data. Name, work email, business name, login credentials (passwords are stored only as bcrypt hashes), and team-member records.

WhatsApp connection data. WhatsApp Business Account IDs, phone number IDs, and access tokens for connected numbers. All third-party tokens and secrets are encrypted at rest with AES-256-GCM and are never exposed back through the API or UI.

Message data. For conversations on a Customer’s connected WhatsApp number: message content, inbound and outbound, the End User’s phone number and WhatsApp profile name, media files, and message metadata (timestamps, message IDs, delivery status).

Derived data. AI-generated reply context, short per-customer memory summaries, and any lead / CRM fields a Customer chooses to record about a conversation.

We do not sell personal data and do not use WhatsApp message data for advertising or for any purpose other than providing the service to the connected Customer.

3. How we use it

To deliver, secure, and operate the service: routing inbound and outbound WhatsApp messages, generating AI replies, maintaining the Customer’s inbox and CRM, processing webhooks, and providing support. We process data on the legal bases of contract performance and the Customer’s documented instructions.

4. Sub-processors

We rely on the following providers to deliver the service:

  • Meta Platforms — WhatsApp Business Cloud API (message transport).
  • Anthropic — large-language-model processing for AI replies. Conversation content sent for a reply is not used to train models.
  • Railway — application hosting and PostgreSQL database.
  • Cloudflare R2 — storage of WhatsApp media and assets.
  • Inngest — background job processing.
  • Resend — transactional email (e.g. password reset).

5. Storage, security, isolation

Data is encrypted in transit (TLS) and secrets/tokens are encrypted at rest (AES-256-GCM). The platform is strictly multi-tenant: every Customer’s data is scoped to their tenant and is not accessible to other Customers.

6. Retention

Message and conversation data is retained while the Customer’s account is active and for as long as needed to provide the service. When a Customer disconnects a WhatsApp account, the stored access token for that number is removed. On account termination or a valid deletion request, associated data is deleted as described in our Data Deletion policy.

7. Your rights & deletion

End Users who have messaged a business using talkady may request access to or deletion of their data by contacting that business (the data controller) or by emailing us; we action verified requests and Customer instructions. Customers may export or request deletion of their workspace at any time. See Data Deletion for the procedure and timelines.

8. WhatsApp / Meta compliance

Our use of the WhatsApp Business Platform complies with the Meta Platform Terms, the WhatsApp Business Messaging Policy, and Developer Policies. Data obtained via WhatsApp is used solely to provide the messaging and customer-service functionality to the connected business.

9. Contact

Questions or privacy requests: privacy@talkady.com.