Privacy Policy
Last updated: April 2026
This Privacy Policy explains how ZentrixSys ("we", "us", "our") collects, uses, stores, and protects information when you use the ZenChat WhatsApp Automation Platform. By using ZenChat you agree to the practices described here.
1 Who We Are
ZenChat is a multi-industry WhatsApp Business automation platform operated by ZentrixSys, based in Coimbatore, Tamil Nadu, India.
- Website: zentrixsys.com
- Email: info@zentrixsys.com
- Phone / WhatsApp: +91 95665 06397
2 Information We Collect
We collect information in the following ways:
- Account registration: name, email address, phone number, business name.
- WhatsApp Business API setup: Phone Number ID, Access Token (stored encrypted).
- Customer/guest data: names and WhatsApp phone numbers of your customers, as processed through the Service on your behalf.
- Conversation data: message content, timestamps, and AI-generated responses relating to your customers' WhatsApp conversations.
- Billing data: invoice records, subscription plan details (card data is handled by Razorpay — we never store raw card numbers).
- Usage data: pages visited, API calls made, error logs, and approximate IP addresses for security purposes.
3 How We Use Your Information
- To create and manage your ZenChat account and organisation.
- To process and deliver WhatsApp messages on your behalf via the Meta WhatsApp Business API.
- To power the AI chatbot using your conversation context.
- To generate invoices and process subscription payments.
- To send transactional emails (password reset, email verification, invoice receipts).
- To monitor service health, debug issues, and prevent abuse.
- To comply with applicable laws and platform policies.
4 Third-Party Services
We use the following third-party services. Each has its own privacy policy:
| Service | Purpose | Data Shared |
|---|---|---|
| Meta (WhatsApp Business API) | Sending & receiving WhatsApp messages | Phone numbers, message content |
| OpenAI / AI provider | AI chatbot responses | Conversation text (no personal identifiers) |
| Resend | Transactional email delivery | Email address, email body |
| Razorpay | Payment processing | Billing name, email, invoice amount |
| Render.com | Cloud hosting & infrastructure | All application data (stored on their servers) |
| PostgreSQL (Neon/RDS) | Database | All structured data |
5 WhatsApp Opt-In & Opt-Out
We comply with Meta's WhatsApp Business Platform policies regarding messaging consent:
- Customers who initiate a conversation with your business via WhatsApp are considered to have provided implicit opt-in consent.
- Staff can record an explicit opt-out for any customer. Opted-out customers will not receive outbound WhatsApp messages from ZenChat.
- Opt-in and opt-out timestamps are stored per customer record for audit purposes.
- If a customer sends a message to your business number after opting out, their status may be restored automatically.
6 Cookies & Local Storage
ZenChat uses browser storage for the following purposes:
- Session authentication (sessionStorage): your JWT access token and user profile are stored in sessionStorage, which is cleared when you close the browser tab. This is essential for the platform to function.
- Cookie consent preference (localStorage): we store your consent choice (
zc_cookie_consent) so the banner is not shown on every visit. - No advertising cookies: we do not use third-party advertising or tracking cookies.
7 Data Retention
- Account data: retained for the duration of your subscription and up to 90 days after account deletion.
- Conversation & message data: retained for 12 months by default; configurable per plan.
- Invoice records: retained for 7 years for accounting and legal compliance (Indian Companies Act).
- Audit logs: retained for 90 days.
- OTP / verification tokens: automatically purged after expiry (10 minutes for OTP, 24 hours for email verification).
8 Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you.
- Correction: ask us to correct inaccurate data.
- Deletion: request deletion of your account and associated data (subject to legal retention obligations).
- Portability: receive your data in a machine-readable format.
- Objection: object to processing for marketing purposes.
To exercise any of these rights, email us at info@zentrixsys.com. We will respond within 30 days.
9 Data Security
- All data is transmitted over TLS (HTTPS). HTTP connections are not accepted in production.
- Passwords are hashed using PBKDF2-SHA256 with a random salt — we never store plaintext passwords.
- JWT tokens are short-lived (15 minutes access / 7 days refresh) and stored in sessionStorage, not cookies.
- WhatsApp Access Tokens are stored in the database and never logged in plaintext.
- Strict Content Security Policy (CSP) headers are applied to all responses to mitigate XSS attacks.
- Rate limiting is applied to all authentication endpoints to prevent brute-force attacks.
10 Children's Privacy
ZenChat is a B2B platform intended for use by businesses and their staff. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has submitted information to us, please contact us immediately.
11 Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We will notify registered users of material changes via email or an in-app notice. Continued use of ZenChat after changes constitutes acceptance of the updated policy.
12 Contact & Grievance Officer
For any questions, complaints, or requests regarding this Privacy Policy or your data:
- Email: info@zentrixsys.com
- WhatsApp: +91 95665 06397
- Address: ZentrixSys, Coimbatore, Tamil Nadu, India — 641 001
We aim to respond to all privacy-related inquiries within 30 business days.
Also read our Terms & Conditions for details on acceptable use, payments, and service limitations.
Terms & Conditions