PingRepli Privacy Policy

This Privacy Policy describes how PingRepli, a platform operated by IdThrivo Technology Sdn Bhd (1210868-T) ("PingRepli", "we", "us", or "our"), collects, uses, stores, shares, protects, and deletes personal information when you access or use our websites, applications, AI customer service tools, chat widgets, WhatsApp integrations, Meta integrations, APIs, dashboards, and related services (collectively, the "Services").

This Privacy Policy is intended to be publicly available and accessible for users, customers, end users, and platform review purposes, including Meta and WhatsApp Business Platform review.

By using the Services, you acknowledge that your information will be collected, processed, and used in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Services.

1. Key Definitions

Personal Data means information that identifies, relates to, describes, or could reasonably be linked to an individual.

Customer means a business, organization, or individual account holder that uses PingRepli to manage customer conversations, AI replies, chat widgets, WhatsApp messages, leads, workflows, and related services.

End User means any person who communicates with a Customer through PingRepli-powered channels, including WhatsApp, web chat widgets, public chat pages, lead forms, microsites, or other connected messaging channels.

Meta Platform Data means information received from or processed through Meta products or services, including WhatsApp, Facebook, Instagram, Meta Business tools, Meta app permissions, webhooks, identifiers, tokens, messaging events, and related metadata.

2. Our Role

PingRepli may act as a data controller for personal data we collect directly for our own business operations, including account registration, billing, security, platform analytics, support, and legal compliance.

When a Customer uses PingRepli to communicate with End Users, including through WhatsApp or Meta integrations, PingRepli generally acts as a data processor or service provider on behalf of that Customer. In that case, the Customer is responsible for determining the lawful basis for collecting and using End User data, providing required notices, and obtaining required consent.

3. Information We Collect

3.1 Account and Business Details

• Name, email address, phone number, and login details
• Business name, company profile, industry, and website URL
• Team member names, roles, permissions, and access settings
• Subscription, billing, invoice, and payment-related records
• Support requests, onboarding details, and configuration data

3.2 Messaging and Conversation Data

When Customers enable web chat, WhatsApp, Meta, or other messaging integrations, PingRepli may process data required to deliver, automate, route, and manage communications. This may include:

• Message text, conversation history, and chat transcripts
• Names, phone numbers, email addresses, and contact details
• WhatsApp IDs, phone number IDs, business account IDs, and webhook events
• Message timestamps, delivery status, read status, and failure events
• Media files, attachments, images, documents, and audio where supported
• Lead capture answers, tags, notes, handoff events, and assignment records
• Automation rules, chatbot settings, workflow steps, and AI response logs

Customers are responsible for ensuring they have the right to collect and use End User data and to send messages through WhatsApp, Meta, or any other connected channel.

3.3 Meta and WhatsApp Integration Data

If a Customer connects PingRepli with WhatsApp Business Platform, Meta Business tools, Facebook, Instagram, or related Meta services, we may process:

• Meta app permissions granted by the Customer
• WhatsApp Business Account information
• Phone number IDs and display phone numbers
• Webhook verification data and messaging webhook events
• Access tokens or integration credentials required to operate the integration
• Template message metadata, status events, and delivery reports
• Customer support, account review, and troubleshooting information

We use Meta Platform Data only to provide and improve the Services, operate integrations requested by the Customer, secure the platform, troubleshoot issues, comply with applicable law, and meet platform obligations.

3.4 Knowledge Base and AI Training Content

Customers may upload or connect content used to configure AI replies, such as FAQ documents, website content, business descriptions, product information, service details, and conversation workflows.

• Uploaded documents and text files
• Website content crawled or submitted by the Customer
• FAQ pairs, business information, and chatbot instructions
• Vector embeddings or search indexes generated from Customer content

3.5 Technical, Usage, and Security Data

• IP address, browser type, device type, and operating system
• General location inferred from IP address
• Login events, session records, and authentication logs
• API usage, webhook logs, error logs, and system diagnostics
• Feature usage, page views, dashboard activity, and analytics events
• Cookie and tracking technology data

4. How We Use Information

We use information for the following purposes:

• To create, manage, secure, and authenticate user accounts
• To operate AI customer service agents, chat widgets, and dashboards
• To send, receive, route, automate, and manage WhatsApp or other messages
• To process leads, handoff requests, assignments, notes, and inbox history
• To generate AI replies based on Customer-provided knowledge and settings
• To provide customer support, troubleshooting, and service notifications
• To manage subscriptions, billing, invoices, and usage limits
• To monitor platform performance, reliability, security, and abuse prevention
• To comply with legal, regulatory, contractual, and platform requirements
• To improve the Services, user experience, and platform features

5. WhatsApp Consent, Opt-In, and Opt-Out

Customers using PingRepli with WhatsApp are responsible for obtaining valid opt-in or consent before sending business-initiated messages, marketing messages, template messages, or broadcasts, where required by WhatsApp rules and applicable law.

Customer opt-in notices should clearly state:

• The business name that will contact the End User
• That the End User is agreeing to receive messages from that business
• The type of messages the End User may receive
• That message and data charges may apply, where relevant
• How the End User may opt out or stop receiving messages

End Users may opt out by following instructions provided by the Customer, replying with common opt-out words such as "STOP" where supported, blocking the business on WhatsApp, or contacting the relevant Customer directly.

PingRepli may assist Customers by providing tools for opt-out, tagging, conversation management, and suppression, but Customers remain responsible for honoring opt-out requests and complying with WhatsApp Business Messaging Policy, WhatsApp Business Terms, Meta Platform Terms, and applicable laws.

6. Artificial Intelligence and Automation

PingRepli uses AI and automation to support customer service, lead capture, workflow routing, and business replies. AI features may include:

• Message classification and intent recognition
• Automated replies and suggested responses
• Retrieval from Customer-specific knowledge bases
• Lead qualification, tagging, and workflow automation
• Conversation analytics and service improvement insights

AI-generated responses may be incomplete, inaccurate, or unsuitable for a specific situation. Customers are responsible for reviewing, configuring, supervising, and controlling how AI replies are used in their business.

We do not sell Personal Data. We do not use one Customer's identifiable conversation data or knowledge base content to train another Customer's chatbot. Where feasible, data used to improve platform reliability is aggregated or de-identified.

7. Legal Basis for Processing

Depending on the context and applicable law, we process Personal Data under one or more of the following bases:

• Performance of a contract with the Customer or user
• Consent, where required for specific communications or features
• Legitimate business interests, including security and service improvement
• Compliance with legal, regulatory, tax, accounting, and platform obligations
• Customer instructions when we act as a processor or service provider

8. Sharing and Disclosure

PingRepli does not sell Personal Data. We may share or disclose data only where necessary for the following purposes:

• With infrastructure, hosting, database, storage, analytics, email, logging, or security providers that help us operate the Services
• With payment processors for subscription, billing, invoice, and payment management
• With Meta, WhatsApp, Facebook, Instagram, or other messaging platforms where required to provide connected messaging services
• With AI service providers or model infrastructure providers where required to generate responses or embeddings
• With support, professional, legal, accounting, or compliance providers under appropriate obligations
• In connection with a merger, acquisition, financing, restructuring, or sale of business assets
• When required by law, legal process, government request, or to protect rights, safety, security, and platform integrity
• With consent or at the direction of the Customer or user

9. International Data Transfers

PingRepli may process and store information in Malaysia and other countries where our service providers, infrastructure providers, payment processors, messaging platforms, or AI providers operate. Where required, we use reasonable contractual, technical, and organizational measures to protect transferred data.

10. Information Security

We apply reasonable technical and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. These may include encryption in transit, access controls, authentication controls, audit logs, monitoring, secure infrastructure practices, and internal security procedures.

No digital system is completely secure. Customers are responsible for keeping their login credentials, API keys, Meta tokens, and account access secure.

11. Data Retention

We retain information only as long as reasonably necessary to provide the Services, meet legal obligations, resolve disputes, enforce agreements, protect security, and support business operations.

• Account data is retained while the account remains active.
• Conversation data is retained according to Customer settings, product configuration, legal requirements, or operational needs.
• Billing, invoice, tax, and accounting records may be retained for the period required by law.
• Security logs and audit records may be retained to detect fraud, abuse, unauthorized access, and platform misuse.
• Deleted data may remain in backups for a limited period before it is overwritten or securely deleted.

12. Data Deletion Requests

You may request deletion of Personal Data by contacting us at support@pingrepli.com.

If you are an End User who communicated with a Customer through PingRepli, you should first contact the relevant Customer because the Customer controls how your conversation data is used. Where required and technically feasible, we will assist the Customer in responding to deletion requests.

If you used PingRepli through Meta, WhatsApp, Facebook, Instagram, or a related integration, you may also request deletion of data associated with that integration by contacting us with enough information to identify the relevant account, business, phone number, or conversation. We may need to verify your identity before processing the request.

We may retain limited information where required by law, accounting obligations, fraud prevention, security, dispute resolution, or legitimate business purposes.

13. Your Privacy Rights

Subject to applicable law, you may have the right to request access, correction, deletion, restriction, portability, withdrawal of consent, or objection to processing of your Personal Data.

Malaysian users may have rights under the Personal Data Protection Act 2010, including rights to access and correct personal data and to withdraw consent where applicable.

To exercise your rights, contact us at support@pingrepli.com.

14. Cookies and Tracking

PingRepli uses cookies and similar technologies to support login, authentication, security, analytics, preferences, performance, and product improvement. You may control cookies through your browser settings, but disabling certain cookies may affect the functionality of the Services.

15. Children's Privacy

PingRepli is designed for business and commercial use. It is not intended for children under 16 years old, and we do not knowingly collect Personal Data from children.

16. Third-Party Platforms

The Services may integrate with third-party platforms, including WhatsApp, Meta, Facebook, Instagram, email providers, payment processors, CRMs, analytics tools, AI providers, and hosting providers. These third-party services may process data under their own terms and privacy policies.

We are not responsible for the privacy practices, availability, security, or content of third-party platforms. Customers are responsible for reviewing and complying with the terms, policies, and requirements of any third-party platform they connect to PingRepli.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, platform requirements, or business practices. When we make updates, we will revise the "Last updated" date above. Continued use of the Services after updates means you accept the updated Privacy Policy.