Privacy Policy for Duties Book™

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, company details, billing information.
• Profile Information: Business profile details, preferences, settings.
• Communication Content: Messages, files, images, and other content you send through our platform.
• Support Information: Information provided when contacting customer support.

2.2 Information Collected Automatically

• Usage Data: Platform usage patterns, feature utilization, session duration.
• Device Information: IP address, browser type, operating system, device identifiers.
• Log Data: Access logs, error logs, performance metrics.
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies.

2.3 Meta Platform Data (Facebook, Instagram, WhatsApp)

In compliance with Meta's Developer Platform Terms, we collect and process:

• WhatsApp Business API: Message content, contact information, delivery status, user identifiers.
• Facebook Messenger: Page interactions, message content, user identifiers, profile information.
• Instagram Business: Direct message content, profile interactions, user identifiers.
• Meta User Data: Profile information, photos, videos, location information (where permitted), communications between users, payment information, device information.
• Restricted Platform Data: Data that can reasonably identify particular users or devices, accessed through specific permissions.

We process Meta Platform Data only as permitted under Meta's Developer Platform Terms and in accordance with the purposes clearly described in this privacy policy.

3.1 Platform Operations

• Facilitate message delivery across all channels.
• Maintain conversation history and analytics.
• Provide unified inbox functionality.
• Enable automation and chatbot features.
• Generate performance reports and insights.

3.2 Business Purposes

• Account management and billing.
• Customer support and technical assistance.
• Platform improvements and new feature development.
• Security monitoring and fraud prevention.
• Legal compliance and regulatory requirements.

The platform may use automated analytics tools or artificial intelligence algorithms to improve service quality and user experience, without making any automated decisions that produce legal or significant effects on users without human involvement.

3.3 Communication

• Service announcements and updates.
• Technical notifications and alerts.
• Marketing communications (with consent).
• Support and troubleshooting assistance.

5.1 Meta Platform Data Sharing

Meta Platform Data may only be shared in the following limited circumstances:

• With our authorized Service Providers who have agreed in writing to process data solely at our direction.
• When required by applicable law or regulation (with proper documentation retained).
• When users expressly direct or consent to sharing for specified purposes.
• With other third parties for non-Restricted Platform Data only, with contractual prohibitions against Terms violations.

5.2 Third-Party Service Providers

We share information with trusted service providers who assist in:

• Cloud hosting and infrastructure (AWS, Google Cloud, Microsoft Azure).
• Payment processing and billing.
• Analytics and performance monitoring.
• Email delivery services.
• Customer support tools.

5.3 Platform Integrations

• Meta (WhatsApp/Facebook/Instagram): As required for message delivery and platform compliance.
• Apple Messages for Business: For business chat functionality.
• Email Providers: For email routing and delivery.
• API Partners: For enhanced functionality and integrations.

5.4 Legal Requirements

We may disclose information when required by:

• Legal process or court orders.
• Government investigations.
• Regulatory compliance.
• Protection of rights, property, or safety.
• Prevention of fraud or illegal activities.

5.5 Business Transfers

Information may be transferred in connection with mergers, acquisitions, or asset sales, with appropriate notice to users.

6.1 Security Measures

• End-to-end encryption for supported channels.
• TLS encryption for data transmission.
• Multi-factor authentication.
• Regular security audits and penetration testing.
• Access controls and employee training.
• Incident response procedures.

6.2 Data Storage

• Secure data centers with physical security controls.
• Regular backups and disaster recovery procedures.
• Data retention policies and secure deletion.
• Geographic data residency options.

Data is stored within data centers located in the Kingdom of Saudi Arabia to ensure compliance with local data protection requirements. International hosting options may be provided to clients upon request, subject to applicable legal and regulatory safeguards.

7.1 Access and Control

• View and download your data.
• Update account information and preferences.
• Export conversation history.
• Delete specific conversations or data.

7.2 Communication Preferences

• Opt-out of marketing communications.
• Control notification settings.
• Manage cookie preferences.
• Customize privacy settings.

7.3 Data Subject Rights (where applicable)

Under applicable privacy laws, you may have rights to:

• Data portability.
• Rectification of inaccurate data.
• Erasure ("right to be forgotten").
• Restriction of processing.
• Object to processing.
• Withdraw consent.

The company commits to processing any data subject request related to their rights within thirty (30) days from the date of receipt, unless otherwise required by applicable laws or regulations.

8.1 General Retention Periods

• Account Data: Retained while account is active plus 3 years.
• Message Content: Retained per customer settings (default 2 years).
• Analytics Data: Aggregated data retained for 5 years.
• Log Data: Retained for 1 year for security and troubleshooting.

8.2 Meta Platform Data Retention

In compliance with Meta's Developer Platform Terms, we will delete Meta Platform Data:

• Upon user request through our accessible deletion mechanism.
• When retention is no longer necessary for legitimate business purposes.
• When we cease operating services through which the data was acquired.
• Upon Meta's request for user protection.
• When a user no longer has an account with us (unless data is properly aggregated/anonymized).
• When required by applicable law.
• Within 28 days if Platform APIs/features are unused.

8.3 Deletion Process

• Secure deletion using industry-standard methods.
• Backup purging within 90 days of deletion request.
• Third-party data removal coordination.

13.1 Kingdom of Saudi Arabia (PDPL)

As a Saudi-based company, we comply with the Personal Data Protection Law:

• Lawful basis for data processing.
• Data subject rights including access, rectification, and deletion.
• Data localization requirements where applicable.
• Breach notification to the Saudi Data and AI Authority (SDAIA).

This policy is subject to the supervision of the Saudi Data and Artificial Intelligence Authority (SDAIA), which is the competent authority responsible for enforcing the Saudi Personal Data Protection Law (PDPL).

13.2 European Union (GDPR)

For EU data subjects:

• Legal basis for processing.
• Data Protection Officer contact information.
• Right to lodge complaints with supervisory authorities.

13.3 Other Jurisdictions

Compliance with applicable local privacy laws including:

• California (CCPA/CPRA).
• Canada (PIPEDA).
• Australia (Privacy Act).
• Brazil (LGPD).

Andromeda Information Technology Co