Privacy Policy

When you create an account with MCP Chats, we collect:

• Account Information: Name, email address, phone number, company name, job title, and business details
• Billing Information: Payment card details, billing address, and transaction history (processed securely through third-party payment processors)
• Authentication Data: Username, password (encrypted), and multi-factor authentication credentials
• Communication Data: Messages, support tickets, feedback, and correspondence with our team
• Integration Credentials: API keys, OAuth tokens, and connection credentials for third-party services (e.g., Shopify, WhatsApp Business API, Microsoft Outlook, Slack, etc.)

We automatically collect technical and usage data including:

• Device Information: IP address, browser type and version, operating system, device identifiers, and hardware specifications
• Usage Data: Pages visited, features used, time spent, click patterns, navigation paths, and interaction with AI agents
• Performance Metrics: Response times, error logs, API calls, conversation flows, and agent performance analytics
• Location Data: General geographic location based on IP address (not precise GPS coordinates unless explicitly permitted)
• Cookies and Tracking Technologies: Session cookies, preference cookies, analytics cookies, and similar technologies (see Section 11)

When you use our AI agent solutions, we may process:

• Customer Interaction Data: Chat conversations, WhatsApp messages, email threads, customer inquiries, and support tickets
• Business Process Data: Workflow information, task details, order data, inventory information, scheduling data, and operational metrics
• Third-Party Platform Data: Data accessed through integrations with platforms such as Shopify, Microsoft Outlook/365, WhatsApp Business Platform (provided by Meta), CRM systems, and other connected tools you authorize (for example: customer profile information, order history, messaging identifiers and content, calendar data, and support history)

If you connect a WhatsApp Business Account to MCPChats, we may process the following data obtained via Meta’s WhatsApp Business Platform APIs:

• WhatsApp Business phone number
• WhatsApp Business Account ID
• Message content sent by customers to the business
• Message metadata (timestamps, delivery status)
• Approved WhatsApp message templates
• Technical identifiers required to send and receive messages

This data is processed solely to enable customer support conversations, transactional notifications (such as order updates), and customer-initiated commerce interactions on behalf of the merchant.

We use your information to:

• Provide, maintain, and improve our AI agent solutions and automation services
• Facilitate integrations with third-party platforms (Shopify, WhatsApp, Microsoft Outlook, etc.)
• Process transactions, manage billing, and generate invoices
• Authenticate users and maintain account security
• Enable communication between your business and customers through our AI agents
• Analyze and optimize business process workflows

We use your contact information to:

• Send service updates, security alerts, and system notifications
• Provide customer support and respond to inquiries
• Share product updates, new features, and relevant educational content
• Send billing statements and payment reminders
• Request feedback and conduct user research (with your consent)

We analyze technical and usage data to:

• Improve the stability, reliability, and responsiveness of our platform and AI agents
• Develop new features and automation capabilities at a product level (not by building behavioral profiles of individual end users)
• Identify and fix technical issues and bugs
• Enhance user experience and interface design based on aggregated patterns
• Generate aggregated analytics and industry insights (never identifying individual users or specific conversations)

We do not use your or your customers' message content (including chats, emails, or WhatsApp conversations) to train generalized AI models for resale or for advertising purposes.

We process your information to:

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and other policies
• Detect, prevent, and address fraud, security threats, and abuse
• Protect the rights, property, and safety of MCP Chats, our users, and the public
• Respond to legal requests from law enforcement and regulatory authorities

MCP Chats implements industry-leading security measures including:

• Encryption: AES-256 encryption for data at rest and TLS 1.3+ for data in transit
• Access Controls: Role-based access control (RBAC), multi-factor authentication, and principle of least privilege
• Network Security: Firewalls, intrusion detection systems, DDoS protection, and regular penetration testing
• Infrastructure Security: Secure cloud hosting with SOC 2 Type II certified providers, regular security audits, and vulnerability assessments
• Data Segregation: Logical separation of customer data with strict isolation between tenants
• Monitoring: 24/7 security monitoring, automated threat detection, and incident response protocols

We employ strict policies ensuring:

• Background checks for all employees with data access
• Mandatory security training and confidentiality agreements
• Access logging and regular audits of data access patterns
• Immediate revocation of access upon employee departure

In the event of a data breach affecting your personal information, we commit to:

• Notifying affected users within 72 hours of discovery
• Providing detailed information about the nature and scope of the breach
• Offering remediation steps and support
• Notifying relevant regulatory authorities as required by applicable laws (GDPR, CCPA, etc.)

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We will never monetize your data without your explicit consent.

We share data with trusted third-party service providers who assist in delivering our services:

• Cloud Infrastructure: AWS, Google Cloud Platform, or Microsoft Azure for hosting and storage
• Payment Processing: Stripe, PayPal, or similar PCI-DSS compliant payment processors
• Communication Services: Email delivery services, SMS providers, and notification systems
• Analytics Providers: Privacy-focused analytics tools for usage monitoring and optimization
• Customer Support: Helpdesk and ticketing systems to manage support requests

All service providers are bound by strict data processing agreements (DPAs) and are required to maintain adequate security measures and use your data only for specified purposes.

With your authorization, we connect with:

• Shopify: To access store data, orders, products, and customer information for AI agent functionality
• WhatsApp Business Platform (Meta): To send and receive WhatsApp messages on your behalf, including processing your customers' WhatsApp profile information, phone numbers, message content, attachments, and delivery/read status, in accordance with Meta's terms and policies
• Microsoft Outlook/365: To manage emails, calendars, and contacts through our automation agents
• CRM Systems: Salesforce, HubSpot, and other platforms you choose to integrate
• Other Business Tools: Slack, Zapier, webhooks, and custom API integrations

These integrations access only the data you explicitly authorize and are necessary for service functionality.

We may disclose your information when:

• Required by law, court order, subpoena, or legal process
• Necessary to protect our rights, property, or safety, or that of our users or the public
• Involved in a merger, acquisition, bankruptcy, or sale of assets (with notice to affected users)
• Requested by law enforcement or regulatory authorities with proper legal authorization

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Industry benchmarks and trends
• Product usage statistics
• Research and development insights
• Marketing and promotional materials

We retain your data for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for up to 90 days after account closure
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• Communication Logs: Retained for up to 2 years for customer support and quality assurance
• Business Process Data: Retained according to your subscription plan settings, with options for immediate deletion or archival
• Analytics Data: Aggregated and anonymized data may be retained indefinitely

For WhatsApp messages and related metadata, data is retained only for as long as necessary to provide the service, comply with legal obligations, or resolve disputes. Merchants may request deletion of WhatsApp-related data at any time by contacting us.

You can request deletion of your data at any time. Upon request, we will:

• Delete your account and associated personal information within 30 days
• Remove data from active systems and backups within 90 days
• Provide confirmation of deletion upon completion
• Coordinate deletion of data received from Meta products (such as the WhatsApp Business Platform) where technically feasible and required by Meta's policies, while recognizing that copies retained by Meta itself are governed by Meta's own terms and privacy policies
• Retain only data required for legal compliance (e.g., financial records for tax purposes)

You have the right to:

• Access: Request a copy of your personal data we hold
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Data Portability: Export your data in a structured, machine-readable format
• Objection: Object to processing of your data for specific purposes
• Restriction: Request temporary restriction of data processing
• Withdraw Consent: Revoke consent for data processing at any time

To exercise any of these rights:

• Log into your MCP Chats dashboard and access account settings
• Contact our privacy team at privacy@mcpchats.com
• Submit a written request to our data protection officer (contact details in Section 13)

We will respond to all requests within 30 days as required by applicable privacy laws.

You can opt out of marketing communications:

• By clicking "unsubscribe" in any marketing email
• By updating email preferences in your account settings
• By contacting support at support@mcpchats.com

Note: You cannot opt out of essential service communications (e.g., security alerts, billing notifications).

MCP Chats operates globally and may store and process data in the United States, European Union, and other jurisdictions where we or our service providers maintain facilities.

When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU Commission-approved data transfer agreements
• Data Processing Agreements: Compliant with GDPR Article 28 requirements
• Adequacy Decisions: Transfers to countries with adequate privacy protections recognized by regulatory authorities
• Additional Safeguards: Encryption, access controls, and monitoring to protect data in transit and at rest

We comply with applicable international data transfer frameworks and regulations to ensure your data receives consistent protection regardless of where it is processed.

• Essential Cookies: Required for authentication, security, and basic functionality
• Preference Cookies: Remember your settings, language, and customization choices
• Analytics Cookies: Help us understand usage patterns and improve our services
• Performance Cookies: Monitor system performance and optimize loading times

We use privacy-focused analytics services that do not track individual users across websites. We do not use advertising cookies or share data with advertising networks.

You can control cookies through:

• Your browser settings (instructions available at aboutcookies.org)
• Our cookie consent banner (for EU users)
• Opt-out tools provided by analytics services

Note: Disabling essential cookies may affect service functionality.

Our AI agents process customer interactions, business data, and communications to provide intelligent automation. This processing is necessary for service delivery and is performed with appropriate safeguards:

• Transparency: Clear labeling of AI-generated responses
• Human Oversight: Options for human review and intervention
• Accuracy Measures: Continuous monitoring and improvement of AI performance
• Data Minimization: Processing only data necessary for the specific task

We do not use automated decision-making that produces legal effects or similarly significant effects on individuals without human oversight and the ability to contest decisions.

We do not use your or your customers' personal data, business data, or message content (including conversations handled by our AI agents) to train generalized AI models that are sold, shared for advertising, or used to build behavioral profiles across customers.

Any internal testing and improvement of our AI systems relies on synthetic data, separately-licensed datasets, configuration metadata, and high-level, aggregated metrics that cannot reasonably be used to identify an individual person or a specific business conversation.

MCPChats uses artificial intelligence services to assist merchants in responding to customer messages and retrieving relevant business information (such as orders or products).

Message content may be processed by AI service providers strictly for the purpose of generating responses requested by customers. We do not use message content to train public AI models, and AI processing is limited to fulfilling the requested interaction.

For privacy-related questions, requests, or concerns:

• Email: privacy@mcpchats.com
• Support: support@mcpchats.com

DATAPULS AI SERVICES PRIVATE LIMITED acts as the data controller for personal data processed through MCP Chats.

DATAPULS AI SERVICES PRIVATE LIMITED (MCPCHATS)
Attn: Privacy Department
EG60 Inderpuri New Delhi, Delhi
India

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices or services
• New legal or regulatory requirements
• Improved privacy protections or security measures
• User feedback and industry best practices

When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email at least 30 days before changes take effect
• We will display a prominent notice on our platform
• We will maintain an archive of previous policy versions

Your continued use of MCP Chats services after policy updates constitutes acceptance of the revised terms. If you do not agree with the changes, you may close your account and discontinue use of our services.

MCP Chats uses Meta-provided business APIs (such as the WhatsApp Business Platform) to deliver certain services, but MCP Chats is an independent company and is not owned, controlled, or operated by Meta Platforms, Inc. or its affiliates. Your use of Meta products (including WhatsApp, Facebook, and Instagram) is also governed by Meta's own terms and privacy policies.

When you or your customers interact with our services through Meta products (for example, via a WhatsApp conversation with one of our AI agents), we may receive and process, on your behalf:

• Account and Profile Details: WhatsApp display name, phone number, profile image URL, and other basic account identifiers made available through the API
• Message Content: Text messages, media attachments (such as images, files, and voice notes), templates, and quick-reply selections
• Technical and Delivery Information: Timestamps, message IDs, delivery and read receipts, and device or app metadata exposed by the relevant Meta API

We process this information as a processor on behalf of our business customers in order to operate and improve the services they configure with MCP Chats.

We use data received from WhatsApp and other Meta products strictly to:

• Deliver, route, and personalize conversations between your business and your customers
• Trigger workflows you configure (for example, order lookups, support ticket creation, or scheduling flows)
• Maintain security, fraud detection, and abuse prevention for your account and our platform
• Generate aggregated analytics for your business (for example, conversation volumes, response times, and high-level performance metrics)

We do not sell WhatsApp or other Meta-derived data, and we do not use it to build advertising profiles for third parties. We do not use WhatsApp or other Meta-derived message content to train generalized AI models; any improvement of our systems in this context is based only on high-level, aggregated metrics that cannot reasonably identify individual people or conversations.

MCP Chats does not send unsolicited, promotional, or marketing messages on WhatsApp. All messages are either customer-initiated or transactional in nature and sent in compliance with WhatsApp Business Messaging policies.

To deliver messages, data necessarily flows through Meta's infrastructure and is processed by Meta in accordance with its own policies. MCP Chats does not control Meta's independent use of data as a separate controller. We may also share limited WhatsApp-related data with carefully selected infrastructure and service providers (for example, cloud hosting, logging, and monitoring providers) solely to support the operation, security, and reliability of the WhatsApp and Meta integrations.

All such providers are bound by contractual obligations to protect the data, use it only for specified purposes, and implement appropriate security measures, as described in Section 5.

Individuals who interact with our customers via WhatsApp or other Meta products can:

• Stop receiving messages by using the native blocking or opt-out mechanisms provided by WhatsApp or the relevant Meta product
• Contact the underlying business (our customer) or MCP Chats at privacy@mcpchats.com to request access, correction, or deletion of data we process on that business's behalf
• Exercise any additional rights available under applicable law (such as GDPR or CCPA), which we will honor in coordination with the relevant business customer

For detailed information about how Meta processes personal data, please refer to the Meta Privacy Policy and, for WhatsApp specifically, the WhatsApp Privacy Policy.