Conwerz
Get started free

Privacy Policy

Last updated: 18 April 2026

How we collect, use, store, and protect your data β€” including Meta Platform Data from Instagram, Facebook, and WhatsApp Business.

1. Introduction

Conwerz AI ("Conwerz", "we", "our", or "us") operates the conwerz.ai website and the Conwerz AI platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information β€” including data you or your end-customers share via Meta products (Instagram, Facebook, WhatsApp Business, and Meta Lead Ads) when you connect those accounts to Conwerz.

This policy applies to (a) our direct customers who sign up for a Conwerz account (the "Business Admin"), and (b) end-users whose data flows through Conwerz when they interact with a Business Admin on a Meta platform ("End-Users").

2. Information We Collect

From Business Admins:

  • Account Information: name, email, phone number, company details, Firebase UID.
  • Billing Data: plan, invoices, and Razorpay transaction IDs. We do not store card numbers.
  • Usage & Technical Data: pages visited, features used, IP address, browser, device, OS, timestamps.
  • Knowledge Base Content: documents, FAQs, and files you upload for the chatbot.

From connected Meta accounts (with your explicit OAuth consent):

  • Page & Business metadata: Page ID, name, category, profile picture, business manager ID.
  • Instagram data: IG Business Account ID, username, follower counts, DM messages, comments, mentions, media metadata.
  • WhatsApp Business data: WABA ID, Phone Number IDs, display name, message content, media, contact phone numbers, template metadata.
  • Lead Ad data: leadgen_id and the form fields each End-User submitted (name, phone, email, custom fields).
  • OAuth tokens: short-lived user tokens, long-lived Page Access Tokens, and System User tokens. Stored encrypted.

3. Meta Platform Data & Purpose Limitation

We access Meta Platform Data strictly to deliver the features a Business Admin has configured. Each OAuth permission is used only for the purpose stated below:

  • pages_show_list, pages_manage_metadata, pages_read_engagement β€” list the Business Admin's Pages and read basic engagement metrics shown in the Conwerz dashboard.
  • pages_messaging β€” send and receive Messenger messages on behalf of the connected Page through the Conwerz inbox.
  • instagram_basic, instagram_manage_messages, instagram_manage_comments β€” display Instagram DMs, comments, and mentions in the Conwerz inbox and post replies the Business Admin composes.
  • whatsapp_business_management, whatsapp_business_messaging β€” manage WABA phone numbers, submit message templates, and send/receive WhatsApp messages.
  • leads_retrieval β€” fetch Lead Ad submissions in real time so they appear as qualified leads in the CRM.
  • business_management β€” identify the Business Manager that owns the connected assets (used only for scoping, never for editing).

We do not use Meta Platform Data to: train general-purpose AI models, build advertising profiles of End-Users, sell or rent data, or enrich third-party datasets. AI inference on message content happens only to generate the reply the Business Admin has configured.

4. How We Use Information

  • Provide, maintain, and improve the Service for the Business Admin.
  • Generate AI responses, qualify leads (BANT / CHAMP), and route conversations per the Business Admin's configuration.
  • Authenticate users and secure the platform.
  • Process subscriptions and detect fraud.
  • Send transactional and β€” only with consent β€” marketing emails.
  • Meet legal, tax, and regulatory obligations.

5. Information Sharing & Sub-Processors

We do not sell personal information. We share data only with the sub-processors listed at /sub-processors, including:

  • Infrastructure: Microsoft Azure / AWS (hosting), managed MySQL.
  • AI inference: OpenAI and Anthropic under zero-retention data processing agreements.
  • Meta: to deliver messages and retrieve leads through the Meta Graph API.
  • Payments: Razorpay for subscription billing.
  • Authentication: Google Firebase.
  • Legal: when required by law, court order, or to protect rights and safety.

6. Data Retention

  • Message bodies (Instagram, Messenger, WhatsApp): default 90 days, configurable down to 7 days by the Business Admin.
  • Lead Ad submissions: up to 13 months (Meta's own cap) or the Business Admin's configured window, whichever is shorter.
  • OAuth tokens: retained only while the Meta account remains connected. Purged within 24 hours of disconnect.
  • Account & billing records: retained for the life of the account plus 7 years for tax compliance.
  • Backups: rolling 30-day encrypted backups; deletion requests propagate to backups within 35 days.

7. Data Security

All traffic is encrypted in transit with TLS 1.2+. Data at rest is encrypted with AES-256. Meta OAuth tokens are additionally wrapped with envelope encryption using a KMS-managed key. Access is least-privilege and audit-logged. Full details at /security.

8. Cookies & Tracking

We use essential cookies for session management and optional analytics/marketing cookies (Google Analytics, Meta Pixel) only where allowed. See the Cookie Policy.

9. Your Rights

Under the EU/UK GDPR, India's DPDPA 2023, and California's CCPA you may:

  • Access the personal data we hold about you.
  • Request correction or deletion.
  • Export your data in a portable format.
  • Object to or restrict processing.
  • Withdraw consent and disconnect a Meta account at any time.
  • Lodge a complaint with your local supervisory authority.

Our lawful bases are Article 6(1)(b) (contractual necessity) for Business Admins and Article 6(1)(f) (legitimate interest) or 6(1)(a) (consent) for End-User data processed on behalf of a Business Admin. Instructions for deletion are at /data-deletion.

10. International Data Transfers

Conwerz is operated from India. Sub-processors may process data in the United States, the European Union, or other regions. Where required, we rely on Standard Contractual Clauses and equivalent safeguards.

11. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact privacy@conwerz.ai and we will delete it.

12. Changes to this Policy

We will notify Business Admins of material changes by email and in-product banner at least 15 days before they take effect. The "Last updated" date above reflects the most recent revision.

13. Contact Us

Data Protection Officer: privacy@conwerz.ai. For general enquiries visit our contact page.

Related policies

Other legal and compliance documents that govern your use of Conwerz AI.