Privacy Policy

Table of Contents

1. Information We Collect
2. How We Use Your Information
3. AI Processing & Third-Party Data Sharing
4. How We Use Your Data to Improve Our Services
5. Third-Party Services
6. Data Security
7. Data Breach Notification
8. Cookies & Tracking Technologies
9. Data Retention
10. Your Rights
11. Legal Basis for Processing
12. Children's Privacy
13. International Data Transfers
14. Changes to This Privacy Policy
15. Contact Information

Information We Collect

We collect several categories of information depending on how you interact with FetchOps:

Account Information: When you create an account, we collect your name, email address, and optionally your company name. If you register via Google or GitHub, we receive your profile information and email address from those providers. Passwords, when provided, are stored as irreversible cryptographic hashes and are never stored in readable form.

WhatsApp Data: When you connect a WhatsApp number, we collect your phone number and store message content exchanged through your connected WhatsApp account. This includes incoming customer messages, AI-generated replies, and any manual messages you send through the platform. All message content is encrypted at rest using AES-256-GCM encryption before storage.

AI Configuration Data: We store your AI templates, system prompts, keyword rules, conversation memory settings, and AI model preferences. If you optionally provide your own AI provider API keys, those keys are encrypted at rest with AES-256-GCM encryption using a separate encryption key from other data categories.

Billing Data: When you subscribe to a paid plan or purchase top-up tokens, payment processing is handled entirely by Stripe. We store your Stripe customer identifier, subscription status, and billing cycle dates. We do not store credit card numbers, bank account details, or other payment method information on our servers.

Technical Data: When you visit our website, we automatically collect device type, browser type, operating system, anonymized IP address, pages visited, referral source, and approximate geographic location.

Contact Form Submissions: If you contact us through our website, we collect your name, email address, and message content.

How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Authenticating your account, connecting your WhatsApp number, processing messages through AI models, managing your subscription, and tracking token usage
• AI-Powered Responses: Sending your conversation content to third-party AI providers to generate automated replies on your behalf
• Conversation Context: Storing and retrieving message history to provide AI models with conversation context, and summarizing long conversations to maintain relevant context within token limits
• Billing and Payments: Processing subscription charges, managing token balances, and providing invoices through Stripe
• Service Improvement: Using aggregated and anonymized usage data to improve service quality, optimize AI performance, develop new features, and enhance platform reliability
• Security and Abuse Prevention: Enforcing rate limits, detecting unauthorized access, and protecting the integrity of the platform
• Communication: Responding to your inquiries, sending service-related notifications, and providing support
• Legal Compliance: Meeting applicable legal, regulatory, and tax obligations

AI Processing & Third-Party Data Sharing

FetchOps uses third-party AI language model providers to generate automated responses on your behalf. By default, FetchOps selects and manages the AI providers used to process your messages. You do not need to provide your own API keys to use the service.

When an AI-powered reply is generated, the following data is sent to the AI provider: the conversation history for the relevant chat, your configured system prompt and AI template settings, and the incoming customer message. This data is necessary for the AI model to generate contextually relevant responses.

The AI providers we may use include Anthropic (Claude), OpenAI (GPT), Google (Gemini), and OpenRouter. FetchOps may change, add, or remove available AI providers at its discretion to ensure optimal service quality.

If you optionally configure your own AI provider API keys (available as a paid add-on), your messages are sent directly to the provider associated with your key. You are responsible for reviewing and accepting that provider's terms and privacy policy.

When conversation summarization is enabled, older messages in a conversation are compressed into a summary by sending them to an AI provider. This reduces token usage while preserving conversation context.

Each AI provider processes data according to its own privacy policy and data retention practices. FetchOps does not control how AI providers handle data once it is transmitted to them. We encourage you to review the privacy policies of the AI providers used by the service.

How We Use Your Data to Improve Our Services

FetchOps may use aggregated and anonymized usage data to improve service quality, optimize AI performance, and develop new features. This includes analyzing usage patterns, response quality metrics, token consumption trends, and platform performance data.

FetchOps may analyze conversation metadata and patterns — such as message volume, response times, and feature usage — for service optimization. This analysis is performed on aggregated data and is not used to identify individual users or read specific conversation content.

FetchOps may use technical and operational metrics, including error rates, system performance data, and infrastructure utilization, for product development and reliability improvements.

You retain full ownership of your content. By using the service, you grant FetchOps a license to process your content as necessary for service delivery and improvement, as described in our Terms of Service.

Third-Party Services

We share data with the following categories of third-party service providers as necessary to operate the service:

• AI Language Model Providers (Anthropic, OpenAI, Google, OpenRouter): Receive conversation content and system prompts to generate AI-powered responses
• Payment Processor (Stripe): Handles all payment processing, subscription management, and invoicing. Stripe receives your payment method details directly — FetchOps never stores this information
• Authentication Providers (Google, GitHub): If you choose to sign in via OAuth, these providers verify your identity and share your profile information and verified email address with FetchOps
• Cloud Storage Providers: Session data and device credentials may be stored on S3-compatible cloud storage infrastructure
• Hosting and Infrastructure: Our servers and databases are hosted on cloud infrastructure providers
• Analytics Providers: Our website uses analytics services to measure traffic and usage patterns using anonymized data

Data Security

We implement multiple layers of security to protect your data:

Encryption at Rest: All conversation content, AI-generated replies, conversation summaries, WhatsApp session credentials, temporary message buffers, and AI provider API keys are encrypted using AES-256-GCM encryption before storage. Each data category uses its own independently derived encryption key, so that a compromise of one key does not expose data protected by another.

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). Data sent to third-party AI providers is also transmitted over encrypted connections.

Password Security: Passwords are hashed using bcrypt with a high computational cost factor and are never stored in readable form.

Access Controls: Authentication uses short-lived tokens that expire and rotate automatically. All API endpoints are protected by rate limiting to prevent brute-force attacks and abuse.

Infrastructure Security: Our platform enforces security headers including Content Security Policy, HTTP Strict Transport Security, and content type restrictions on all responses.

Data Breach Notification

In the event of a confirmed data breach that affects your personal data, FetchOps will notify affected users within 72 hours of becoming aware of the breach. Notification will be sent to the email address associated with your account.

Breach notifications will include: the nature and scope of the breach, the categories of data affected, the steps FetchOps has taken or plans to take in response, and recommended actions you should take to protect yourself.

FetchOps will also notify relevant supervisory authorities and regulatory bodies as required by applicable data protection laws, including GDPR and applicable US state breach notification statutes.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and gather analytical data.

Essential cookies are required for basic site functionality such as navigation and security. These cannot be disabled.

Analytics cookies help us understand how visitors interact with our website by collecting anonymous usage data. You can control these through your browser settings.

The FetchOps application (dashboard) does not use cookies for authentication. Instead, authentication tokens are stored in your browser's local storage and transmitted via HTTP headers. These tokens expire automatically and are rotated on each refresh.

Data Retention

We retain your data for the following periods:

• Account Data: Retained for the lifetime of your account. When you request account deletion, your account is deactivated and your data is scheduled for removal in accordance with our deletion procedures
• Conversation History: Stored in encrypted form for as long as your account is active or until you manually clear the conversation context from your dashboard. You can clear conversation history for any individual chat at any time
• WhatsApp Session Data: Temporary session credentials are stored with an automatic expiry of 30 days. Session data is automatically removed when sessions expire or when you disconnect your WhatsApp number
• Billing Records: Transaction history, invoices, and subscription records are retained as required by applicable tax and financial regulations
• Usage Logs: AI usage logs and token transaction records are retained for billing accuracy and audit purposes
• Contact Form Submissions: Retained for as long as necessary to respond to your inquiry. You may request deletion at any time
• Analytics Data: Collected in anonymized form and retained for up to 26 months. This data cannot be used to identify individual users

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data and account
• Object to or restrict processing of your data
• Request portability of your data in a machine-readable format
• Withdraw consent at any time where processing is based on consent
• Clear your conversation history for any or all chats from your dashboard at any time
• Disconnect your WhatsApp number and remove associated session data
• Cancel your subscription and request account deletion

Legal Basis for Processing

FetchOps processes your personal data under the following legal bases, depending on the context of the processing activity:

• Contract Performance: Processing your account data, WhatsApp messages, and AI configurations is necessary to provide the service you have subscribed to
• Legitimate Interest: Processing for security and abuse prevention, service improvement using aggregated data, and infrastructure monitoring is based on our legitimate interest in operating a secure and reliable platform
• Consent: Analytics cookies on our marketing website are placed only with your consent. You may withdraw consent at any time through your browser settings or our cookie preferences
• Legal Obligation: Retaining billing records and transaction history as required by applicable tax and financial regulations

Children's Privacy

FetchOps is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you are under 18, you may not use the service. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

International Data Transfers

FetchOps is operated from the United States. If you access the service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

When your conversation data is processed by third-party AI providers, it may be processed in data centers located in various countries depending on the provider's infrastructure. By using the service, you consent to the transfer of your data to these jurisdictions.

Changes to This Privacy Policy

FetchOps reserves the right to update this Privacy Policy at any time. We will provide at least 30 days notice of material changes by posting the updated policy on our website and notifying you via the email address associated with your account.

Your continued use of the service after the effective date of any changes constitutes acceptance of the revised Privacy Policy. If you do not agree to the updated policy, you must stop using the service before the changes take effect.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]

We aim to respond to all privacy-related inquiries within 30 days.