Privacy Policy

Last updated: December 2, 2025

Data Controller: ONORALL TECHNOLOGIES PRIVATE LIMITED, operating as fipzo ("we," "us," or "our"), is the data controller responsible for processing your personal data. For questions about this Privacy Policy, contact us at hello@fipzo.com.

1. Data Collection

We collect different types of data depending on how you interact with our Service:

From Customers (WhatsApp Users):

  • WhatsApp messages sent to business WhatsApp numbers
  • Phone numbers and contact information from WhatsApp
  • Profile names and display information from WhatsApp
  • Message content, timestamps, and metadata
  • Any media files (images, documents) shared via WhatsApp

From Business Owners (Dashboard Users):

  • Business account registration information (company name, email, contact details)
  • Dashboard usage data and activity logs
  • Ticket assignment, status updates, and resolution data
  • Team member information and access permissions
  • Payment and billing information
  • Usage analytics and performance metrics

2. Data Usage and Processing

We process your data for the following purposes:

  • Convert WhatsApp messages into trackable tickets in the business dashboard
  • Enable business owners to view, assign, and manage customer service requests
  • Send status updates and notifications to customers via WhatsApp
  • Track ticket progress, resolution times, and service quality metrics
  • Provide business owners with analytics and reporting capabilities
  • Facilitate communication between customers and businesses
  • Improve our service quality, features, and user experience
  • Provide customer support and technical assistance
  • Process payments and manage subscriptions
  • Comply with legal obligations and prevent fraud

Legal Basis for Processing:

  • Contract Performance: Processing necessary to provide our Service and fulfill our contractual obligations to business owners
  • Legitimate Interests: Processing customer messages to facilitate business-customer communication, improve our services, and ensure security
  • Consent: Where you have provided explicit consent for specific processing activities
  • Legal Obligations: Processing required to comply with applicable laws, regulations, or court orders

You have the right to object to processing based on legitimate interests. However, we may continue processing if we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

3. Third-Party Integrations

WhatsApp Business API: We integrate with WhatsApp Business API to receive and send messages. All WhatsApp messages are processed through secure, encrypted channels. WhatsApp processes messages according to their Privacy Policy and Terms of Service. We do not control WhatsApp's data practices.

Other Third-Party Services: We may use third-party services for cloud hosting, analytics, payment processing, email delivery, and customer support. These services act as data processors and are bound by their own privacy policies and data protection standards. We only share data necessary for service provision and ensure all third parties comply with applicable data protection laws through contractual agreements.

International Data Transfers: Your data may be transferred to and processed in countries outside your country of residence, including countries that may not have the same data protection laws as your country. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant data protection authorities, or other legally recognized transfer mechanisms.

Data Sharing: We do not sell your personal data to third parties. We may share your data only as described in this Privacy Policy or with your explicit consent, except where required by law or to protect our legal rights.

4. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest where applicable
  • Secure servers and infrastructure
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data security and privacy

Data Breach Notification: In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours where feasible, in accordance with applicable data protection laws.

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5. User Rights and Data Protection

Under applicable data protection laws (including GDPR, CCPA, and others), you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
  • Right to Complain: File a complaint with your local data protection authority

How to Exercise Your Rights: To exercise these rights, contact us at hello@fipzo.com with your request. We may need to verify your identity before processing your request. We will respond to your request within one month (30 days) as required by GDPR, or within the timeframe required by other applicable laws. If your request is complex or we receive multiple requests, we may extend this period by an additional two months, and we will inform you of any such extension.

Right to Lodge a Complaint: If you believe we have not addressed your concerns satisfactorily, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at edpb.europa.eu. For UK residents, contact the Information Commissioner's Office (ICO). For other jurisdictions, please contact your local data protection authority.

No Automated Decision-Making: We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

6. Data Retention

Customer Data (WhatsApp Messages): We retain customer messages and ticket data for as long as the business account is active and for up to 90 days after account termination, unless required by law to retain longer. Business owners can request deletion of specific tickets or customer data through the dashboard.

Business Account Data: We retain business account information for as long as the account is active. When a business account is deleted, we will delete or anonymize personal data within 30 days, except where retention is required for legal compliance, dispute resolution, or enforcement of agreements. Financial records may be retained for up to 7 years as required by tax and accounting laws.

7. Cookies and Tracking

Dashboard Users: We use cookies and similar tracking technologies in the business dashboard to maintain session state, improve functionality, analyze usage patterns, and enhance security. Essential cookies are required for the dashboard to function. You can control cookie preferences through your browser settings, though disabling certain cookies may limit dashboard functionality.

WhatsApp Users: Customers interact through WhatsApp and are subject to WhatsApp's cookie and tracking policies. We do not place cookies on customer devices through WhatsApp.

8. Children's Privacy

Our Service is not intended for individuals under the age of 13 (or the age of digital consent in your jurisdiction, which may be 16 in some regions). We do not knowingly collect personal information from children under the applicable age limit.

If you are a parent or guardian and believe we have collected information from a child under the applicable age, please contact us immediately at hello@fipzo.com. We will take steps to delete such information promptly upon verification.

Business owners must ensure they do not use our Service to collect information from children without proper parental consent as required by applicable laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Information

For privacy-related inquiries, questions, or to exercise your rights, please contact us at: hello@fipzo.com