ZYVORA

AI PLATFORM

Privacy Policy

Effective date: January 1, 2026  |  Last updated: April 11, 2026

Zyvora ("Zyvora," "we," "us," or "our") provides the Zyvora AI platform (the "Service") — a software product that lets business owners train AI agents, connect messaging channels (including WhatsApp through Meta's APIs), and automate customer conversations, bookings, and related workflows. This Privacy Policy explains what information we collect, how we use it, and the choices you have. If you do not agree, do not use the Service.

This document describes our practices in good faith. It is not legal advice. You should consult qualified counsel for compliance with laws that apply to your business, industry, and regions where you operate or where your customers are located.

1. Scope

This Policy applies to information processed when you use our websites, dashboard, APIs, webhooks, and integrations — including when we receive data from or send data to Meta (e.g., WhatsApp Cloud API) and other third-party platforms you connect. It covers business users ("you") and, where relevant, end-customer data that flows through the Service when you enable automations (for example, a shopper who messages your WhatsApp number).

2. Information we collect

2.1 Account and identity

  • Identifiers you provide or that we derive for authentication (e.g., email, account identifiers, session tokens when you use sign-in features we offer).
  • Billing-related information processed by our payment providers where applicable; we do not store full payment card numbers on our own servers.

2.2 Business profile and onboarding (Agent 1 — Onboarding Consultant)

Zyvora includes an onboarding / consultant AI agent that helps you capture and structure information about your business (for example: services, pricing, hours, location, policies, staff, and other fields you confirm). We process:

  • Chat content between you and the onboarding agent (text, and file or image inputs you choose to send when supported).
  • Structured business datastored as part of your knowledge base — keyed fields (e.g., "services," "hours") tied to your agent configuration in our database.
  • Per-agent business naming and metadata needed to separate multiple agents under one account where the product allows it.

This data is used to configure and improve your use of the Service — including powering automated replies from your Sales Agent (see below) using the business context you have saved. We process onboarding data to operate the product you requested, not to sell unrelated marketing profiles.

2.3 Sales automation and customer conversations (Agent 2 — Sales Agent)

Zyvora includes a sales / customer-facing AI agent that responds using your saved business information. Depending on how you use the product, we may process:

  • Test conversations in the dashboard (preview mode) between you (acting as a sample customer) and the Sales Agent — used to validate behavior before you go live.
  • Live conversations on channels you connect and activate — for example, when a real customer sends a message to your WhatsApp Business number linked through our integration.
  • Tool outputs the model may produce when permitted by the product (for example, structured booking details) so we can create or update records you see in the Service (such as appointments in your dashboard).

To generate responses, message content may be sent to AI inference providers (e.g., large language model APIs) under our agreements with those providers, along with relevant business context from your knowledge base. We configure processing to deliver the Service; we do not use your business or customer chats to train public foundation models unless we notify you and offer a lawful basis where required.

2.4 WhatsApp and Meta-related data

When you connect WhatsApp (Meta / WhatsApp Business Platform) through Zyvora, we act as a technology platform that:

  • Receives webhook events from Meta (for example, inbound message notifications) at endpoints we operate for your configured workspace.
  • Stores identifiers needed to route messages correctly — such as the Meta Phone number ID you link to your Zyvora profile, and message/thread data required for conversation handling and support.
  • Sends outbound messagesback through Meta's APIs on your behalf when your Sales Agent replies, subject to your settings and Meta's rules (including templates where required).

Meta's role:Meta processes data under its own policies and terms. Your use of WhatsApp is also subject to Meta's Business Terms, Commerce Policies, and WhatsApp Business Policy, among others. We do not control Meta's platform enforcement or product changes. You are responsible for lawful use of WhatsApp (e.g., consent, opt-ins, and regional rules for business messaging).

Access tokens and app credentials for Meta APIs should be kept secret. We store platform credentials in secure server-side configuration (environment variables and/or encrypted secrets on our hosting provider), not in client-visible code.

2.5 Other channels and telephony

If you enable other integrations (e.g., Instagram, Messenger, voice/calling features, SMS providers), we process analogous message metadata, content, and configuration data needed to run those features. Details may be described in product documentation or supplemental notices when you enable a specific integration.

2.6 Technical, analytics, and security data

  • Server and application logs (e.g., timestamps, IP addresses, error diagnostics, request metadata).
  • Device/browser information and cookies or similar technologies where we use them for session or preferences.
  • Fraud-prevention signals and rate-limiting data needed to protect accounts and infrastructure.

3. How we use information

We use the categories above to:

  • Provide, operate, secure, and improve the Service (including AI agents, dashboards, webhooks, and appointments).
  • Authenticate users, enforce limits, and troubleshoot issues.
  • Route and deliver messages between your connected channels and our AI agents, including via Meta APIs when WhatsApp is enabled.
  • Communicate with you about the Service, billing, security, and policy updates.
  • Comply with law and respond to lawful requests from authorities where we are legally required to do so.

4. Legal bases (where GDPR or similar laws apply)

Depending on context, we may rely on performance of a contract (providing the Service you requested), legitimate interests (e.g., securing and improving the platform, provided those interests are not overridden by your rights), consent where we ask for it (e.g., certain marketing or non-essential cookies where required), or legal obligation.

5. Sharing and subprocessors

We may share information with:

  • Infrastructure providers (e.g., hosting, databases, DNS) who process data on our instructions.
  • AI and ML providers (e.g., model API vendors) to generate agent responses when you use AI features.
  • Meta / WhatsApp when we send or receive data through their APIs as part of the Service you configure.
  • Payment processors for billing, under their terms.
  • Professional advisors and authorities when required by law or to protect rights and safety.

We do not sell your personal information as a commodity. Where U.S. state laws require specific disclosures about "sale" or "sharing" for targeted advertising, we will provide additional notices as applicable.

6. Data retention

We retain information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Retention varies by data type (e.g., account records, message logs, knowledge-base fields, appointment rows). You may request deletion of certain data where applicable law gives you that right, subject to legal exceptions.

7. Security

We implement administrative, technical, and organizational measures designed to protect information. No system is perfectly secure; you are responsible for safeguarding your account credentials and for complying with Meta and other platforms' security recommendations (e.g., token rotation, least-privilege access).

8. International transfers

If we process data across borders, we use appropriate safeguards where required (such as standard contractual clauses or equivalent mechanisms).

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data, or to object to certain processing, and to lodge a complaint with a supervisory authority. Contact us at the email below to exercise rights that apply to you.

10. Children

The Service is intended for businesses and adults. It is not directed at children under the age required in your jurisdiction (typically 16+ for general privacy regimes). Do not use the Service to collect personal information from children in violation of law.

11. Changes to this Policy

We may update this Policy from time to time. We will post the revised version with an updated "Last updated" date and, where appropriate, provide additional notice (for example, by email or in-product notification for material changes).

12. Contact

For privacy-related questions, requests, or concerns about this Policy or how Zyvora handles data:

Email: adnanjanlimited@gmail.com