Privacy Policy

This Privacy Policy applies to business customers, administrators, team members, website visitors, and end users whose conversations are processed through connected channels.

For customer conversations and contact data that a business manages in Kuitan, the business is responsible for deciding why and how that data is processed. Kuitan processes that data on the business's behalf to provide the Service, unless applicable law requires a different role for a specific activity.

Each business customer is responsible for obtaining any required consent, providing appropriate notices to its own customers, and using Kuitan in compliance with applicable privacy, consumer protection, marketing, and platform rules.

2.1 Information from Businesses (Our Customers)

• Account information: Name, email address, organization name, and password when you register.
• Payment information: Billing details processed through our payment providers.
• Channel credentials: Access tokens and page identifiers for connected platforms (LINE, Facebook, Instagram), stored securely and used solely to enable messaging on your behalf.

2.2 Information from End Users (Your Customers)

When your customers send messages through connected platforms, we process:

• Profile information: Name and profile picture as provided by the messaging platform.
• Message content: Text, images, videos, audio, files, stickers, and locations sent through the conversation.
• Platform identifiers: User IDs assigned by the messaging platform (e.g., Facebook PSID, LINE User ID).

2.3 Automatically Collected Information

• Usage data: Pages visited, features used, timestamps, and interaction patterns.
• Device information: Browser type, operating system, and IP address.

• To provide, operate, and maintain the Service, including receiving and sending messages across connected platforms.
• To display customer names and profile pictures in the chat inbox for identification purposes.
• To send typing indicators and read receipts to improve the communication experience.
• To generate analytics and reports (e.g., response times, chat volume) for our business customers.
• To send customer satisfaction (CSAT) surveys on behalf of the business after a conversation is closed.
• To process broadcast messages sent by the business to their customers.
• To improve and develop our Service.
• To communicate with you about your account, updates, and support.

When you connect Facebook Messenger or Instagram DM, Kuitan may receive data from Meta APIs only as needed to provide messaging features you request.

• We use Meta-derived data to authenticate connected Pages or Instagram Business Accounts, receive incoming messages, send replies, show conversation context, and maintain connection health.
• We do not sell Meta platform data, use it to build advertising profiles, or use it for unrelated marketing purposes.
• We do not transfer Meta platform data to third parties except to service providers that help us operate the Service, to Meta or connected platforms as required to provide the integration, when required by law, or with your authorization.
• Access tokens and channel credentials are restricted, encrypted, and used only for the connected account and organization.

We do not sell, rent, or trade personal information to third parties. We may share information only in the following cases:

• With messaging platforms: To send and receive messages on your behalf (e.g., Facebook Graph API, LINE Messaging API).
• With cloud infrastructure providers: For data storage and processing (e.g., Cloudflare R2 for file storage).
• As required by law: To comply with legal obligations, regulations, or valid legal processes.

• Data is stored on secure cloud infrastructure with encryption in transit (TLS/SSL) and at rest.
• Channel credentials (access tokens, app secrets) are stored in encrypted JSON fields in our database.
• Webhook payloads are validated using cryptographic signatures (HMAC-SHA256) to ensure authenticity.
• File attachments are stored in Cloudflare R2 with time-limited access URLs.
• We implement role-based access controls to restrict data access within organizations.

• Conversation data and messages are retained for as long as the business account is active.
• File attachments may expire after a configured retention period (default: 7 days for chat attachments).
• Channel credentials and access tokens are deleted or disabled when a channel is disconnected, unless we must retain limited records for security, fraud prevention, billing, or legal reasons.
• Operational logs, backups, billing records, and security records may be retained for a limited period according to our internal retention, legal, and audit requirements.
• Upon verified account deletion, associated active product data will be removed or anonymized within 30 days where technically and legally feasible.

We may use cookies, local storage, pixels, and similar technologies to keep the website and Service working, remember preferences, secure sessions, understand usage, and improve product experience.

• Essential technologies: Required for login, security, routing, and core platform functionality.
• Analytics technologies: Help us understand aggregate website or product usage so we can improve the Service.
• Marketing technologies: May be used to measure campaign performance or show relevant content where permitted.

Where required by law, we will request consent before using non-essential analytics or marketing technologies. You can control cookies through your browser settings and any cookie controls we provide.

Kuitan and our service providers may process data in countries other than your country of residence. Where required, we use reasonable safeguards designed to protect personal data during such transfers.

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your personal data.
• Request correction of inaccurate data.
• Request deletion of your data.
• Withdraw consent for data processing.
• Lodge a complaint with a data protection authority.

To exercise these rights, contact us at the email below or see our Data Deletion Instructions.

Our Service integrates with third-party messaging platforms including Meta (Facebook Messenger, Instagram) and LINE. Your use of these platforms is governed by their respective privacy policies:

• Meta Privacy Policy
• LINE Privacy Policy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date.

If you have questions about this Privacy Policy, please contact us: