Privacy Policy

1. General Provisions

This Privacy Policy defines the procedure for processing and protecting personal data of users of the integration service with Meta platforms (WhatsApp, Instagram). Use of the service implies unconditional consent of the user to this Policy and the conditions for processing personal information specified therein.

The Meta Integration Service (hereinafter referred to as the "Service") provides technical integration between customer management platforms and Meta communication channels (WhatsApp Business, Instagram).

2. Data Collected

2.1. Data Provided by User

When connecting communication channels, we process the following data:

• Access tokens from Meta (Facebook) for access to WhatsApp Business Account and Instagram accounts
• Channel identifiers (WhatsApp Business Account ID, Phone Number ID, Instagram Account ID, Page ID)
• Channel metadata (phone numbers, names, verification statuses)
• Connection session data (OAuth state, connection statuses)

2.2. Data Received from Meta

When processing incoming messages via webhooks from Meta, we receive:

• Message content from users
• Message metadata (sender ID, send time, message type)
• Delivery and read status data

This data is immediately transmitted to the customer management platform (DSK Platform) and is not stored in the Service longer than necessary for processing.

3. Data Processing Purposes

Personal data is processed for the following purposes:

• Ensuring the functioning of integration with Meta channels (WhatsApp, Instagram)
• Transmitting messages between users and the customer management platform
• Managing channel connections and their statuses
• Ensuring security and preventing fraud
• Compliance with legal requirements

4. Data Storage and Protection

4.1. Encryption

All access tokens from Meta are stored in encrypted form using the Fernet algorithm (symmetric encryption). The encryption key is stored separately from the data and is not shared with third parties.

4.2. Retention Periods

• Access tokens are stored until the channel is disconnected or the token expires
• Webhook logs are stored for 30 days to ensure idempotent processing
• Connection session data is deleted after the connection process is completed

4.3. Technical Security Measures

• Use of HTTPS for all connections
• Webhook verification via HMAC signatures
• JWT tokens for service-to-service authentication
• Regular access token refresh
• Data isolation between client instances

5. Data Transfer to Third Parties

The Service transfers data only to the following recipients:

• Customer Management Platform (DSK Platform) — for processing messages and managing communications. Transfer is carried out through secure API endpoints using JWT authentication.
• Meta (Facebook) — for sending messages via Graph API. Data transfer is governed by Meta's privacy policies.

Data is not transferred to other third parties, is not used for marketing purposes, and is not sold.

6. User Rights

Users have the right to:

• Receive information about stored data
• Request correction of inaccurate data
• Request deletion of data (channel disconnection)
• Withdraw consent to data processing (by disconnecting the channel in platform settings)

To exercise these rights, contact the administrator of your customer management platform.

7. Cookies and Tracking

The Service uses only minimally necessary technical cookies to ensure the functioning of channel connection pages. We do not use analytical cookies and do not track user behavior for marketing purposes.

8. Changes to Privacy Policy

We reserve the right to make changes to this Privacy Policy. We will notify you of significant changes. We recommend reviewing this page periodically.

9. Contact Information

For questions related to personal data processing, contact the administrator of your customer management platform or support service.