Table of Contents
This Privacy Policy applies to the AI Chat SaaS platform available at app.ai-chat.co.za and the AI Chat marketing website at ai-chat.co.za, both operated by AI-CHAT (PTY) LTD (Registration No. 2026/307634/07).
Who We Are
AI-CHAT (PTY) LTD is a private company registered in South Africa (Registration Number: 2026/307634/07). We operate the AI Chat platform, a WhatsApp Business chatbot SaaS solution that enables South African businesses to deploy AI-powered customer service assistants on WhatsApp.
For the purposes of the Protection of Personal Information Act, 2013 (POPIA), AI-CHAT (PTY) LTD is the Responsible Party (data controller) for personal information collected through our platform.
Director and responsible person: Bontle Mabiletsa
Contact: bontle@ai-chat.co.za
Registered address: 17 Shelley Road, Salt River, Cape Town, Western Cape, 7925, South Africa
Information We Collect
2.1 Information from Business Owners (Platform Users)
When a business owner registers and uses the AI Chat platform, we collect:
- Name and email address, used for account creation and authentication
- Business name and contact details
- WhatsApp Business Account credentials and phone number IDs, provided during Meta Embedded Signup
- Business documents, FAQs, and website content uploaded to the knowledge base
- Payment information processed via Stripe (we do not store raw card details)
- Usage data including message counts and subscription status
2.2 Information from End Customers (WhatsApp Users)
When a business's customers interact with an AI Chat-powered chatbot on WhatsApp, we process:
- WhatsApp phone number (wa_id) of the customer
- Message content sent to and received from the chatbot
- Message timestamps and delivery status
We do not collect names, profile photos, or any other personal details from end customers beyond what is included in WhatsApp message payloads.
2.3 Automatically Collected Technical Data
- IP addresses and browser information for security and fraud prevention
- Login timestamps and session data
- API usage logs for debugging and performance monitoring
How We Use Your Information
| Purpose | Legal Basis (POPIA) |
|---|---|
| Creating and managing your account | Contractual necessity |
| Delivering AI chatbot responses to end customers | Contractual necessity and legitimate interest |
| Processing payments via Stripe | Contractual necessity |
| Connecting your WhatsApp Business number via Meta APIs | Contractual necessity and your consent |
| Improving platform performance and debugging | Legitimate interest |
| Sending transactional emails (account and billing) | Contractual necessity |
| Complying with legal obligations | Legal obligation |
We do not sell your personal information to any third party. We do not use your data for advertising purposes.
WhatsApp and Meta Platform Data
AI Chat integrates with the WhatsApp Business Cloud API provided by Meta Platforms, Inc. Our use of Meta Platform Data complies with Meta's Platform Terms and Developer Policies.
4.1 What Meta data we access
- whatsapp_business_messaging: to send and receive WhatsApp messages on behalf of connected business accounts
- whatsapp_business_management: to read phone number IDs and WhatsApp Business Account (WABA) details during connection setup
- public_profile: basic app authentication during the Meta Embedded Signup flow
4.2 How we use Meta Platform Data
Meta Platform Data is used solely to:
- Authenticate and connect a business's WhatsApp Business number to the AI Chat platform
- Send automated AI-generated responses to customers who message the business on WhatsApp
- Display conversation history within the business's AI Chat dashboard
4.3 Restrictions
We do not use Meta Platform Data for advertising, profiling, selling to third parties, or any purpose beyond the core WhatsApp Business chatbot functionality described above.
AI Chat uses a system user access token to access Meta APIs. The WhatsApp Business number connection is established by the business owner through the Meta Embedded Signup flow. End customers' WhatsApp messages are processed solely to generate AI responses on behalf of the business.
Third-Party Service Providers
We share data with the following trusted third-party processors only to the extent necessary to operate the platform:
| Provider | Purpose | Country | Privacy Policy |
|---|---|---|---|
| Meta Platforms, Inc. | WhatsApp Business Cloud API | United States | View |
| OpenAI, LLC | AI language model for generating chatbot responses | United States | View |
| Anthropic, PBC | AI language model (auxiliary) | United States | View |
| Supabase, Inc. | Authentication and cloud database infrastructure | United States | View |
| Stripe, Inc. | Payment processing | United States | View |
| Vercel, Inc. | Marketing website hosting | United States | View |
All third-party processors are contractually bound to process data only on our instructions and in accordance with applicable data protection laws.
Data Storage and Security
Your data is stored on servers located in South Africa and the European Union. We implement the following security measures:
- All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- WhatsApp access tokens are stored in encrypted form in our database
- Access to production systems is restricted to authorised personnel only
- We use Supabase JWT-based authentication for all API requests
- Regular security reviews of our infrastructure and codebase
Despite these measures, no method of electronic storage is 100% secure. If you become aware of any security vulnerability related to our platform, please contact us immediately at bontle@ai-chat.co.za.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of subscription, plus 30 days after cancellation |
| WhatsApp conversation history | 90 days rolling (older messages purged automatically) |
| Knowledge base documents | Until deleted by the business owner |
| Billing and payment records | 7 years (legal requirement) |
| API access logs | 30 days |
Upon account deletion, we will delete or anonymise all personal data within 30 days, except where retention is required by law.
Your Rights Under POPIA
As a data subject under the Protection of Personal Information Act, 2013 (Act No. 4 of 2013), you have the following rights:
- Right to access: request a copy of the personal information we hold about you
- Right to correction: request correction of inaccurate or incomplete information
- Right to deletion: request deletion of your personal information (subject to legal retention obligations)
- Right to object: object to the processing of your personal information
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
- Right to lodge a complaint: with the Information Regulator of South Africa
To exercise any of these rights, email us at bontle@ai-chat.co.za. We will respond within 30 days.
Information Regulator (South Africa)
Website: inforegulator.org.za
Email: inforeg@justice.gov.za
Cookies
The AI Chat platform (app.ai-chat.co.za) uses the following types of cookies and local storage:
- Authentication tokens: stored in browser local storage to keep you logged in. These are essential for platform functionality.
- Session data: temporary session information cleared when you close your browser.
We do not use advertising cookies, tracking pixels, or third-party analytics cookies on the platform. The marketing website (ai-chat.co.za) may use basic analytics to measure page visits.
Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact us:
This Privacy Policy was last updated in May 2026. We reserve the right to update this policy at any time. Material changes will be communicated to registered users via email.