Privacy Policy

Introduction

Cito ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp Business automation platform and related services.

By using Cito, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not use our services.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name and organization name
• Password (encrypted)
• Phone numbers you provision through our platform
• WhatsApp Business account information

Messaging Data

To provide our automation services, we process:

• Inbound and outbound message content (SMS and WhatsApp)
• Message timestamps and delivery status
• Phone numbers of message recipients (your customers)
• Conversation threads and history
• Media files sent through our platform

Business Information

You may provide business information including:

• Business name, address, and contact details
• Operating hours and availability settings
• Knowledge base entries and FAQ content
• Automated flow configurations
• Welcome messages and response templates

Lead and Contact Data

Through your use of our platform, you may store:

• Customer contact information
• Custom field data you define
• Conversation notes and tags
• Lead status and engagement history

Technical Data

We automatically collect:

• IP address and device information
• Browser type and version
• API usage logs and request metadata
• Error logs and performance data

How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our services
• Process and deliver your messages via SMS and WhatsApp
• Power AI-driven conversation routing and automated responses
• Improve and personalize your experience
• Develop new products, services, and features
• Communicate with you about service updates, security alerts, and support
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

AI and Automated Processing

Cito uses artificial intelligence to provide intelligent message routing, automated responses, and conversation management. When you enable AI features:

• Message content is processed by AI models to understand intent and context
• Your business information (knowledge base, flows) is used to generate relevant responses
• We may use third-party AI providers (OpenAI, Anthropic, Google) to process requests
• AI-generated responses are based on your configuration and business data—we do not train models on your customer conversations

You maintain control over AI behavior through your flow configurations and can disable automated responses at any time.

Information Sharing and Disclosure

We may share your information in the following circumstances:

Service Providers

We work with third-party service providers who assist us in operating our platform:

• Twilio: SMS and voice messaging infrastructure
• WhatsApp (Meta): WhatsApp Business API services
• Supabase: Database hosting and authentication
• AI Providers: OpenAI, Anthropic, or Google for AI processing
• Vercel: Application hosting and analytics

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests by public authorities.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data is encrypted in transit using TLS/SSL
• Data at rest is encrypted in our databases
• API keys are hashed and stored securely
• Access controls and authentication protect your account
• Regular security audits and monitoring
• Row-level security policies ensure data isolation between organizations

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Message content and conversation history: Retained while your account is active
• Account information: Retained until account deletion
• API logs: Retained for 90 days for debugging and security purposes
• Backup data: Retained for 30 days after deletion

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Data Portability: Request your data in a portable format
• Restriction: Request restriction of processing
• Objection: Object to certain processing activities

To exercise these rights, please contact us at privacy@usecito.com.

WhatsApp Business Compliance

As a WhatsApp Business API solution provider, we comply with Meta's WhatsApp Business Policy and Commerce Policy. This includes:

• Obtaining proper consent before sending messages to end users
• Respecting opt-out requests and maintaining suppression lists
• Not storing WhatsApp credentials beyond what's necessary
• Following message template approval processes
• Complying with 24-hour messaging windows and session rules

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

Children's Privacy

Cito is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: