Privacy Policy

1. Introduction

Jawab24 ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Facebook and Instagram auto-reply service at jawab24.com.

2. Information We Collect

When you use Jawab24, we collect:

• Facebook and Instagram Account Information: Your name, email, and profile picture when you log in with Facebook.
• Facebook Page and Instagram Account Data: Information about Pages and Instagram accounts you manage, including page name, ID, and access tokens.
• Comments and Messages: Content of comments and messages on your connected Pages to provide auto-reply functionality.
• Business Information: Any business details you provide to customize AI-generated replies.
• E-commerce Catalog Data: When you connect a Shopify, Salla, or Zid store, we receive your product catalog (titles, descriptions, prices, inventory, images, policies) so the AI can answer customer questions with accurate store data.
• E-commerce Customer and Order Data: For order-status, shipment, and abandoned-cart features, we receive customer contact details (name, phone, email) and order data (line items, totals, statuses) from your connected store.

3. How We Use Your Information

We use your information to:

• Provide and maintain our auto-reply service
• Generate intelligent responses to comments and messages
• Improve and personalize our service
• Communicate with you about service updates
• Answer customer questions about your connected store's products, prices, inventory, and policies
• Deliver merchant-configured customer notifications (order updates, shipment tracking, abandoned-cart recovery)

4. Geolocation and Legal Compliance

We may collect and process limited geolocation information, such as IP-derived country or region, for purposes of security, fraud prevention, and compliance with legal and regulatory obligations, including sanctions and payment restrictions. This processing is based on our legitimate interests and, where applicable, our obligation to comply with applicable laws.

5. Data Sharing

We do not sell your personal information. We may share data with:

• OpenAI: Comment/message content is sent to OpenAI to generate replies. This data is processed according to OpenAI's privacy policy.
• Meta (Facebook & Instagram): We interact with Meta's APIs to read and respond to comments and messages on your Facebook Pages and Instagram accounts on your behalf.
• Service Providers: We use cloud hosting providers to operate our service.
• Shopify: When you connect a Shopify store, we exchange data with Shopify's APIs (catalog read, order read, webhook subscriptions) per your authorization scopes. Shopify processes this data under its own privacy policy.
• Salla: When you connect a Salla store, we exchange data with Salla's APIs (products, orders, abandoned carts, webhooks) per your authorization scopes. Salla processes this data under its own privacy policy.
• Zid: When you connect a Zid store, we exchange data with Zid's APIs (products, orders, webhooks) per your authorization scopes. Zid processes this data under its own privacy policy.
• Vonage: We use Vonage to deliver SMS notifications (order updates, abandoned-cart recovery) to your store's customers when this feature is enabled.
• Resend: We use Resend to send transactional emails (account, waitlist, and service notifications). Only the recipient address and the message content needed to send the email are shared.
• Sentry: We use Sentry for error monitoring and performance diagnostics. Sentry may receive limited technical data (error messages and request metadata) so we can detect and fix problems.

6. E-commerce Store Integrations

When you connect a Shopify, Salla, or Zid store, the following applies in addition to the general data-handling sections above:

• Encrypted Tokens: We store your store's access and refresh tokens encrypted at rest (AES-256-GCM). Tokens are decrypted only at the moment of an outbound API call.
• Catalog Sync: Product data is synced into our database to power AI replies. We do not share catalog data with third parties beyond the AI provider used to generate replies.
• Customer Data Minimization: For each customer, we store only what is needed to deliver the configured features (e.g. phone for SMS notifications, social ID for DM mapping). We do not collect payment details, full addresses, or store-side customer profiles.
• Webhook Data: We receive webhook events (orders, products, app uninstall, GDPR) and process them solely to keep the integration current and to deliver merchant-configured notifications.
• Disconnection and Deletion: When you disconnect a store or uninstall the app from the store's admin, we mark the store inactive, stop processing its webhooks, and delete its synced data on request.
• Shopify GDPR Endpoints: For Shopify stores, we honor Shopify's mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact) per Shopify Partner Program requirements.

7. Data Security

We implement industry-standard security measures including encryption, secure servers, and access controls to protect your data. However, no method of transmission over the Internet is 100% secure.

8. Data Hosting and Residency

Your data is hosted on dedicated servers we operate in the European Union (Germany/Finland), protected by encryption and strict access controls. For merchants and their customers in Saudi Arabia, personal data processed under the Personal Data Protection Law (PDPL) is transferred to and stored on these EU servers under appropriate safeguards; by connecting your store and using the Service you consent to this cross-border processing.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. When you request deletion, we delete your personal data from our active systems within 30 days. Residual copies in encrypted backups are purged within the normal backup-rotation cycle (up to 90 days).

10. Children's Data

Jawab24 is a business-to-business service intended for merchants and businesses. It is not directed to children, and we do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, contact us and we will delete it.

11. Your Rights (GDPR & PDPL)

Under the EU General Data Protection Regulation (GDPR) and the Saudi Personal Data Protection Law (PDPL), you — and, where applicable, your store's customers — have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data
• Disconnect your Facebook Pages and Instagram accounts
• Revoke Facebook or Instagram permissions at any time. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se
• Where you or your customers are located in Saudi Arabia, the Personal Data Protection Law (PDPL) governs the processing of personal data described in this policy. You may lodge a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA).

12. Account and Data Deletion

To delete your data, you can either:

• Log into Jawab24 and delete your account from settings
• Remove the Jawab24 app from your Facebook settings
• Contact us at the email below
• Disconnect e-commerce stores from your settings, or uninstall the Jawab24 app from your Shopify, Salla, or Zid admin

13. Changes to This Policy

We process your data based on: (a) your consent when you connect your Facebook/Instagram account, (b) contractual necessity to provide our auto-reply service, and (c) legitimate interests for security, fraud prevention, and service improvement. We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@jawab24.com

15. Corporate Information

Jawab24 is operated by: