Privacy Policy

Vocily is a SaaS platform that helps businesses automate customer support and engagement on WhatsApp with an AI assistant. Our clients are businesses that own a WhatsApp Business Account and connect it to Vocily so an AI assistant can handle the conversations their own customers have with them.

This policy explains what data we handle, why, how we protect it, and the choices and rights available to you. It covers both the people who use our dashboard (our clients) and the customers whose WhatsApp messages we process on a client's behalf.

Vocily today focuses on inbound conversations. A customer sends a message to a business's own WhatsApp number; our AI assistant generates a reply based on what that business configured in our dashboard — its knowledge base, connected APIs, and tools — and the reply is sent back through the business's own WhatsApp number. We may, at a client's direction and configuration, also support outbound and template messaging in the future; any such messaging is sent only on the client's behalf, under their configuration, and in line with WhatsApp's policies.

For the WhatsApp accounts and messages our clients connect and authorize, Vocily acts solely as a data processor on the client's behalf and at their direction. The connecting business is the controller of its customers' data and is responsible for having a lawful basis to use Vocily for those conversations.

If you are a customer messaging a business that uses Vocily and you have questions about how your data is used, please contact that business directly, as they decide why and how their customer data is processed.

Account data (from our clients): name, email, login credentials, and workspace settings used to create and secure a Vocily account.

WhatsApp Platform Data (on behalf of our clients), for the accounts a client connects and authorizes:

• WhatsApp Business Account, phone-number, and business-profile details needed to route messages to the correct number and assistant.
• The messages exchanged between the client and their own customers — inbound customer messages (text and media) and the replies generated and sent through the client's number.
• Delivery and status metadata (for example, sent/delivered/read and timestamps) shown to the client in their dashboard.

Configuration data (from our clients): the knowledge base, connected APIs, and tools a client sets up to define how their assistant should respond.

We use this data only to operate the service each client sets up. Today this is inbound: we

• Receive each incoming customer message sent to the client's WhatsApp number.
• Generate a reply using the assistant the client configured — drawing on the knowledge base, APIs, and tools they connected.
• Send that reply back through the client's own WhatsApp number.
• Let the client configure their assistant, assign it to a number, and review their own conversation history and delivery status in our dashboard.

We do not use Platform Data for advertising, profiling for unrelated purposes, or any purpose other than providing the service the client configured. We never sell Platform Data, and we do not share it with third parties for their own purposes.

We rely on a small number of vetted providers strictly to run the service — for example, cloud hosting and infrastructure, and AI model providers used to generate replies. These providers process data only on our instructions, under contractual confidentiality and security obligations, and are not permitted to use it for their own purposes.

We do not sell data or share it for any third party's independent or advertising purposes.

Platform Data is encrypted in transit and at rest. Access is restricted to authorized personnel on a need-to-know basis, scoped to each client's workspace, and protected by authentication and access controls. Inbound webhooks are verified before processing, and we monitor our systems to detect and respond to security issues.

We retain Platform Data only as long as needed to provide the service to the client — for example, to maintain conversation history and delivery status in their dashboard — and for the period the client configures or our agreement requires. When data is no longer needed, or upon a valid deletion request, it is deleted or irreversibly anonymized.

Clients can review and manage their connected accounts and conversation data from the Vocily dashboard, and can disconnect a WhatsApp Business Account at any time.

To request access to, correction of, or deletion of data, email us at founder@vocily.com. We honor verified deletion requests from our clients and will delete the associated Platform Data from our systems, instructing our service providers to do the same, except where we are required to retain it by law.

If you are an end customer, deletion of your data is directed by the business you messaged; we will assist that business in fulfilling such requests.

We may process and store data in countries other than where you are located. Where we transfer data across borders, we use appropriate safeguards consistent with applicable data-protection law.

Vocily is a business tool and is not directed to children. We do not knowingly collect personal data from children.

We may update this policy from time to time. When we make material changes, we will update the date below and, where appropriate, notify clients. Continued use of the service after an update constitutes acceptance of the revised policy.

Questions about this policy or our data practices? Email founder@vocily.com, or reach us through our contact page.