PRIVACY POLICY

HOME / PRIVACY POLICY

NOTICE: On January 1st, 2025, Katalis.App adopted an amended Privacy Policy, providing as follows:

Privacy Policy for Katalis.App Omnichannel

Effective Date: January 1st, 2025
Last Updated: January 1st, 2025

1. Introduction

Katalis.App Pte. Ltd. (“we,” “us,” or “our”) operates Katalis.App Omnichannel (the “Service”), an omnichannel customer service platform that enables businesses to manage customer communications across Facebook Messenger, Instagram Direct Messages, and WhatsApp Business from a unified interface.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our integration with Facebook, Instagram, and WhatsApp Business platforms.

2. Information We Collect

2.1 Information from Business Clients

When businesses use our platform, we collect:

Account Information:

  • Business name, contact details, and billing information
  • Email addresses and user credentials
  • Business verification documents (when required)

Facebook/Instagram/WhatsApp Integration Data:

  • Facebook and Instagram Page information and access tokens
  • WhatsApp Business Account information and API credentials
  • Page administrator and WhatsApp Business Account details and permissions
  • Business profile information from connected social media and messaging platforms

Usage Data:

  • Service usage statistics and analytics
  • Login times and feature usage
  • Performance metrics and error logs

2.2 Information from End Customers (Customers of Our Business Clients)

When end customers interact with businesses using our platform, we process:

Profile Information:

  • Name and profile picture from Facebook/Instagram
  • Phone number from WhatsApp conversations (when shared by customer)
  • Contact information from WhatsApp Business contacts
  • Unique user identifiers from social media and messaging platforms
  • Basic public profile information necessary for customer identification

Communication Data:

  • Message content sent to and from businesses via Facebook Messenger, Instagram Direct Messages, and WhatsApp
  • Media files shared in conversations (images, documents, voice messages, etc.)
  • Conversation timestamps and delivery status across all channels
  • Message metadata, read receipts, and conversation history
  • WhatsApp message status (delivered, read, failed)

Important Note: We process end customer data solely on behalf of our business clients and as directed by them. We do not use end customer data for our own business purposes beyond providing the customer service platform.

2.3 Technical Information

Device and Connection Information:

  • IP addresses and device identifiers
  • Browser type and version
  • Operating system information

Cookies and Tracking Technologies:

  • Session cookies for authentication
  • Analytics cookies for service improvement
  • Functional cookies for platform features

3. How We Use Your Information

3.1 For Business Clients

We use business client information to:

  • Provide and maintain our customer service platform
  • Authenticate and manage business accounts
  • Process payments and billing
  • Provide customer support and technical assistance
  • Improve our services and develop new features
  • Send important service updates and notifications
  • Comply with legal obligations

3.2 For End Customer Data (Processed on Behalf of Business Clients)

We process end customer data to:

  • Facilitate message delivery between customers and businesses across Facebook Messenger, Instagram Direct Messages, and WhatsApp
  • Display customer information to businesses for identification across all channels
  • Maintain conversation history for customer service continuity across platforms
  • Enable businesses to provide personalized customer support regardless of communication channel
  • Synchronize customer conversations across multiple messaging platforms
  • Generate customer service analytics for businesses across all integrated channels
  • Process WhatsApp Business API webhook events and message delivery notifications

Data Controller Relationship: For end customer data, our business clients are the data controllers, and we act as a data processor. This means:

  • Businesses determine how their customer data is used
  • We process data only according to business client instructions
  • End customers should contact the business directly for data requests
  • Businesses are responsible for obtaining proper consent from their customers

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We do not sell, rent, or trade personal information to third parties for monetary consideration.

4.2 How We Share Information

With Business Clients:

  • End customer profile and message data is shared with the respective business client only
  • We provide businesses access to their own customer conversations and data across Facebook, Instagram, and WhatsApp
  • Customer contact information from WhatsApp is shared with the business for customer service purposes

With Service Providers:

  • Cloud hosting providers (for secure data storage)
  • Payment processors (for billing purposes)
  • Analytics providers (for service improvement)
  • Customer support tools (for technical assistance)

For Legal Compliance:

  • When required by law, court order, or government request
  • To protect our rights, property, or safety
  • To prevent fraud or security threats
  • In connection with legal proceedings

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets
  • Personal information may be transferred to the new entity
  • We will notify users of any such transfer

4.3 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Other legally approved transfer mechanisms

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards:

  • Encryption of data in transit and at rest
  • Secure API connections with Facebook/Instagram
  • Regular security audits and vulnerability assessments
  • Access controls and authentication systems

Organizational Safeguards:

  • Employee training on data protection
  • Limited access to personal information on a need-to-know basis
  • Data breach response procedures
  • Regular security policy updates

Platform Security:

  • Secure webhook endpoints with signature verification for Facebook, Instagram, and WhatsApp
  • WhatsApp Business API security compliance and encryption
  • Rate limiting and abuse prevention across all platforms
  • Regular backup and disaster recovery procedures
  • Compliance with Facebook, Instagram, and WhatsApp security standards

5.2 Facebook/Instagram/WhatsApp Security

We maintain security standards required by Facebook, Instagram, and WhatsApp Business API:

  • Secure storage of access tokens and API credentials
  • Proper API usage and rate limiting across all platforms
  • Compliance with Facebook Platform Policies and WhatsApp Business Policy
  • End-to-end encryption for WhatsApp messages (maintained by WhatsApp)
  • Regular security reviews and updates for all integrations
  • WhatsApp Business API security requirements and certifications

6. Data Retention

6.1 Business Client Data

  • Account information: Retained while account is active plus 90 days after closure
  • Usage data: Retained for up to 2 years for analytics and improvement purposes
  • Billing information: Retained as required by tax and accounting laws

6.2 End Customer Data

  • Message data: Retained according to business client preferences and legal requirements
  • Customer profiles: Retained for customer service continuity until business requests deletion
  • WhatsApp contact information: Phone numbers and contact details retained for customer identification and service continuity
  • Conversation history: Stored according to business needs across all platforms, typically 1-3 years
  • Media files: Images, documents, and voice messages retained according to business requirements and storage policies
  • Analytics data: Aggregated and anonymized data may be retained longer for service improvement

6.3 Data Deletion

Business Clients can:

  • Delete their account and associated data through platform settings
  • Request specific data deletion by contacting our support team
  • Export their data before account closure

End Customers should:

  • Contact the business directly for data deletion requests
  • The business can then request deletion through our platform
  • We will delete data upon verified business client request

7. Your Rights and Choices

7.1 Rights for Business Clients

You have the right to:

  • Access: Request copies of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a portable format
  • Restriction: Limit how we process your information
  • Objection: Object to certain processing activities

7.2 Rights for End Customers

As end customers, your data is primarily controlled by the business you’re communicating with. You have the right to:

  • Access: Request information about data processing from the business
  • Correction: Ask the business to correct your information
  • Deletion: Request deletion through the business
  • Portability: Request your data from the business
  • Opt-out: For WhatsApp communications, you can opt out by messaging “STOP” or by blocking the business number

WhatsApp-Specific Rights:

  • Message Blocking: You can block business numbers directly in WhatsApp
  • Conversation Deletion: You can delete conversations on your device
  • Profile Control: You control your WhatsApp profile visibility settings
  • Contact Sharing: You control whether to share your contact information with businesses

Important: End customers should contact the business directly for data-related requests, as they are the data controller.

7.3 How to Exercise Your Rights

For Business Clients:

  • Email us at hello at katalis.app
  • Use the data management tools in your account dashboard
  • Contact our support team with specific requests

For End Customers:

  • Contact the business you were messaging directly
  • The business can process your request through our platform
  • For technical issues, the business can contact us on your behalf

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies:

  • Authentication and session management
  • Security and fraud prevention
  • Platform functionality

Analytics Cookies:

  • Usage statistics and performance monitoring
  • Service improvement and optimization
  • Error tracking and debugging

Functional Cookies:

  • User preferences and settings
  • Language and display preferences
  • Feature customization

8.2 Managing Cookies

You can control cookies through:

  • Browser settings and preferences
  • Opting out of analytics cookies in your account settings
  • Third-party opt-out tools and services

Note: Disabling essential cookies may limit platform functionality.

9. Third-Party Integrations

9.1 Facebook, Instagram, and WhatsApp Integration

Our service integrates with Facebook, Instagram, and WhatsApp Business platforms:

Facebook and Instagram:

  • Data Sharing: We share data with Facebook/Instagram as necessary for platform functionality
  • Platform Policies: We comply with Facebook’s Data Policy and Platform Terms
  • User Control: Businesses control their Facebook/Instagram integration settings

WhatsApp Business API:

  • Message Processing: We process WhatsApp messages through the official WhatsApp Business API
  • Encryption: WhatsApp’s end-to-end encryption is maintained for message content
  • Phone Numbers: Customer phone numbers are processed for conversation management and identification
  • Business Messaging: We comply with WhatsApp Business Policy and messaging guidelines
  • Data Handling: WhatsApp message data is processed according to WhatsApp’s Business Data Policy
  • User Consent: Businesses must obtain appropriate consent from customers for WhatsApp communications

Important WhatsApp Considerations:

  • Messages are encrypted in transit by WhatsApp’s infrastructure
  • We process message content only for customer service functionality
  • Phone numbers are used for customer identification and conversation management
  • Businesses are responsible for obtaining proper consent for WhatsApp business messaging
  • Customers can opt out of WhatsApp business communications directly with the business

9.2 Other Third-Party Services

We may integrate with other services for:

  • Payment processing
  • Analytics and monitoring
  • Customer support tools
  • Email and notification services

Each integration is governed by the respective third party’s privacy policy and our service agreements.

10. International Users and Data Transfers

10.1 Global Service

Our service is available globally, and we may process data in multiple countries to provide optimal service performance.

For users in the European Economic Area, we process data based on:

  • Contract: To provide services under our Terms of Service
  • Legitimate Interest: For service improvement and security
  • Consent: Where explicitly obtained for specific purposes
  • Legal Obligation: To comply with applicable laws

10.3 Data Protection Rights

Users in certain jurisdictions have enhanced rights under local data protection laws (GDPR, CCPA, etc.). We honor these rights and provide appropriate mechanisms for their exercise.

11. Children’s Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at hello at katalis.app.

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our services or business practices
  • Legal or regulatory requirements
  • Industry best practices and security improvements

12.2 Notification of Changes

We will notify you of material changes by:

  • Email notification to registered business clients
  • Prominent notice on our website and platform
  • Updated “Last Updated” date at the top of this policy

12.3 Continued Use

Your continued use of our service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Information

13.1 Privacy Questions and Requests

For privacy-related inquiries, please contact:

Katalis.App Pte. Ltd., a private limited company

  • Privacy Email: hello at katalis.app
  • Data Protection Officer: hello at katalis.app
  • Mailing Address: 60 Paya Lebar Rd #07-54 Paya Lebar Square, Singapore 409051 Singapore

13.2 Data Subject Requests

For data access, correction, or deletion requests:

  • Email: hello at katalis.app
  • Response Time: We respond to requests within 30 days
  • Verification: We may require identity verification for security

13.3 Privacy Complaints

If you have concerns about our privacy practices:

  • Internal: Contact our Privacy Team at hello at katalis.app
  • External: You may file complaints with relevant data protection authorities
  • Supervisory Authority: [Relevant Authority] (for EU users)

14. Effective Date and Jurisdiction

This Privacy Policy is effective as of January 1st, 2025 and is governed by the laws of Singapore. Any disputes related to this Privacy Policy will be resolved in the courts of Singapore.


This Privacy Policy was last updated on January 1st, 2025 and supersedes all previous versions.