Privacy Policy

Prepared for: Almal Ai — Updated 23 Feb 2026

Introduction

This Privacy Policy applies to Almal Ai (“we”, “our”, “us”) and covers all services, platforms, and integrations operated by xx. This Policy includes compliance requirements for Meta platforms (Facebook, Instagram) and the WhatsApp Cloud API. It explains what personal data xx collects, how that data is used, shared, retained, and deleted, as well as the rights available to users regarding their information.

Age Group Policy

Our Services are intended for individuals aged 13 years and older. We do not knowingly collect, process, or store personal information from children under the age of 13. If we become aware that we have inadvertently received personal data from a child under 13, we will take immediate steps to delete that information from our systems.

Parents or legal guardians who believe that their child may have provided personal information to us may request deletion by contacting us at Dev@Almalai.com

Information We Collect

We collect and process the following categories of information in order tooperate our Services, improve performance, ensure security, and deliver platform‑specific features:

1. Analytics Data

We collect certain technical and usage information automatically when you access our website or services, including:

• IP address
• Device and browser type
• Pages visited, session duration, and referring URLs
• Interaction events and performance metrics

This information is used for security, service optimization, and analytics.

2. User‑Submitted Information

When you voluntarily provide information to us—such as through forms, sign‑ups, support interactions, or platform account linking—we may collect:

• Name
• Email address
• Company or organization name
• Any additional information you choose to submit

3. Meta Platform Data (When Authorized)

If you connect your Facebook or Instagram account, we may access Meta Platform Data within the scopes you authorize.

This may include:

• Page lists, roles, and Page metadata
• Publishing permissions and content you instruct us to publish
• Instagram media, captions, and related metadata
• Insights and analytics provided through Meta’s APIs

We only access data explicitly permitted through Meta’s secure authorization process.

4. WhatsApp Cloud API Data

If you interact with us via WhatsApp, we may process the following data as provided by the WhatsApp Cloud API:

• Your phone number ID
• Our WhatsApp Business Account ID
• Message content you send to us
• Automated replies or content we send to you
• Delivery status, read receipts, timestamps, and message metadata

We do not access message content outside of conversations you initiate with our WhatsApp Business number.

How We Use Data

We use the information we collect to operate, improve, and support our Services. This includes:

• Providing core features, such as messaging, publishing, account linking, and platform integrations.
• Delivering analytics and insights to help users understand performance and engagement.
• Automating workflows and system functions, including content scheduling, reporting, and service personalization.
• Providing user support, troubleshooting issues, and improving service reliability and security.

WhatsApp Data Usage

WhatsApp message handling is governed by the WhatsApp Business Platform policies.

We only process WhatsApp messages in the following ways:

• User‑initiated communication: We may send free‑form responses within the 24‑hour service window after a user messages us.
• Template‑approved communication: Outside the 24‑hour window, only WhatsApp‑approved message templates may be used for further communication.

We do not use WhatsApp data for profiling, cross‑platform advertising, or purposes unrelated to providing our Services.

Meta Platform Data

Meta Platform Data refers to information that may be accessed, received, or processed when a user connects our Services to Meta-owned products and technologies, including but not limited to Facebook, Instagram, and other Meta Business Tools. Access to this data is strictly controlled by the permissions (scopes) granted by the user through Meta’s secure authorization process and is handled in full compliance with applicable privacy laws and Meta’s Platform Terms.

1. Categories of Meta Platform Data We May Access

Depending on the permissions you grant, we may access the following categories of Meta Platform Data:

1.1 Page Lists

Information associated with Facebook Pages that a user administers or manages, which may include:

• Page names, Page IDs, and profile details
• The user’s role and permission level
• Metadata necessary for delivering features such as content publishing, analytics, or messaging workflows

This does not include the personal information of Page followers unless explicitly authorized and required to provide the requested functionality.

1.2 Publishing Permissions

Permissions that allow our systems to:

• Publish content (posts, stories, reels, or media) to Facebook or Instagram on the user’s behalf
• Manage comments, replies, and engagement under the connected Page or account
• Access tools required for scheduling, content automation, or managing user interactions

Publishing actions are only performed within the boundaries of the permissions granted by the account owner or administrator.

1.3 Instagram Media Access

Where authorized, we may access media and related metadata from connected Instagram Business or Creator accounts, including:

• Photos, videos, reels, and stories published by the account
• Captions, timestamps, and associated engagement metrics
• Comment threads or interactions required to provide engagement or analytics tools

We do not receive or collect private media or personal data belonging to other Instagram users.

1.4 Insights and Analytics

We may access aggregated analytics data provided by Meta, such as:

• Audience demographics (where supplied), reach, and engagement statistics
• Performance metrics for posts, ads, and promotional content
• Interaction insights, including comment counts, impressions, and response rates

These insights are provided directly by Meta and do not include identity‑level information unless explicitly authorized.

2. How We Use Meta Platform Data

The Meta Platform Data accessed is used solely for purposes such as:

• Enabling account‑management features
• Publishing content as instructed by the user
• Providing insights, reporting, engagement tools, or analytics
• Improving service performance and user experience
• Supporting integrations chosen by the user

We do not use Meta Platform Data for purposes beyond those disclosed unless additional consent is obtained.

3. User Control and Revocation

You remain in full control of your Meta permissions.

You may revoke our access at any time through your Meta account settings.

4. Data Minimization and Retention

We access and process only the minimum Meta Platform Data required to deliver the requested features.

Meta Platform Data is retained only as long as necessary to provide services or to comply with legal obligations, after which it is securely deleted or anonymized.

5. No Collection of Special‑Category Data

We do notrequest, collect, or store any special‑category data (such as health information, religious beliefs, sexual orientation, political opinions, biometric identifiers, or similar high‑risk data) through Meta integrations.

Users should refrain from transmitting sensitive information through connected Meta channels.

6. Meta as an Independent Controller

Meta Platforms, Inc. and its affiliates remain independent data controllers for all data they process directly within their ecosystem.

Our role is limited to processing Meta Platform Data made available to us according to your granted permissions and applicable law.

WhatsApp Cloud API Data

When you interact with our WhatsApp Business number, we may process data provided through the WhatsApp Cloud API. This may include:

• Messages sent to or from Agentic Workforce (AW)
• Message metadata, such as timestamps, message type, and technical delivery details
• Delivery and read receipts
• Phone number identifiers, such as the WhatsApp phone number ID associated with your device
• Our WhatsApp Business Account ID, as part of API operations

All WhatsApp-related data is processed strictly for the purposes of delivering messaging features, responding to user‑initiated communication, or sending WhatsApp‑approved template messages where applicable.

We process all WhatsApp Cloud API data in full compliance with the WhatsApp Business Platform and Cloud API policies, including limitations on message types, user consent, retention, and data handling requirements.

General Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to provide our Services, or to comply with legal, regulatory, or operational requirements. Our retention practices follow the principles of data minimization, purpose limitation, and secure lifecycle management.

1. Service‑Related Retention

We may retain data such as account details, user‑submitted information, platform integrations, logs, and analytics for as long as a user maintains an active relationship with our Services. Once the data is no longer required for operational purposes, it will be securely deleted or anonymized.

2. Analytics and Technical Logs

Analytics data and system logs (including device data, session information, and security logs) may be retained for limited periods to:

• Monitor system performance
• Detect and prevent security threats
• Improve the reliability and quality of our Services

Logs are automatically purged or anonymized once no longer needed.

3. Meta Platform Data (Facebook & Instagram)

Meta Platform Data obtained through authorized scopes is retained only for as long as the integration remains active.

When access is revoked or a Meta Data Deletion Request is received, all related data is removed in accordance with Meta’s platform requirements and our deletion procedures.

4. User‑Submitted Information

Data such as names, emails, company information, and communication records is retained only for the duration necessary to:

• Deliver requested services
• Provide support
• Maintain accurate account or billing information
• Fulfil legal or contractual obligations
• This information is deleted or anonymized when no longer required.

5. Legal, Fraud Prevention, and Compliance Retention

Certain information may be retained for longer periods if required to:

• Comply with applicable law and regulatory requirements
• Meet tax, audit, or financial record‑keeping obligations
• Detect, investigate, or prevent fraud, abuse, or security incidents

Retention in these cases is limited to the minimum required scope and duration.

6. User‑Requested Deletion

You may request deletion of your personal data at any time. Upon receiving a valid request, we will:

• Remove or anonymize data associated with your account or identity
• Stop further processing unrelated to legal or operational requirements
• Provide confirmation once the request has been completed

Verification may be required to protect your information from unauthorized deletion.

WhatsApp Data Retention

We retain WhatsApp Cloud API data only for as long as is necessary to provide our Services, comply with legal obligations, and support operational requirements. Our retention practices follow the principles of data minimization, limited use, and user‑controlled deletion.

1. Message Content Retention

Message content sent to or from our WhatsApp Business number is stored only for the period required to:

• Deliver the message
• Provide customer support
• Maintain service logs or troubleshooting

Message content is not retained longer than necessary, and is deleted when operationally no longer required.

2. Metadata and Technical Logs

We may retain metadata related to WhatsApp communications—such as timestamps, delivery/read status, technical identifiers, and phone number IDs—for limited periods to ensure:

• Security and fraud prevention
• Service optimization and system performance
• Analytics and operational reporting
• Compliance with legal and audit obligations

Technical logs are purged or anonymized once they are no longer needed.

3. User‑Requested Deletion

You may request deletion of your WhatsApp data at any time by sending “DELETE MY DATA” to our WhatsApp Business number or by contacting devs@Almalai.com

Upon receiving such a request, we will:

• Delete your stored message content
• Remove associated metadata and identifiers from our systems
• Stop any further message processing or outbound templates associated with your number
• Record your opt‑out preferences to prevent future communication

4. Legal Retention Requirements

In some cases, we may retain limited information if required to:

• Comply with financial record‑keeping regulations
• Resolve disputes
• Prevent fraud or abuse
• Meet statutory retention obligations

Any retained data will be restricted, securely stored, and not used for messaging or profiling.

5. Local Storage, Regional Requirements & Security

Where applicable and supported by WhatsApp Cloud API infrastructure, we apply:

• Data minimization
• Secure regional storage
• Strict access controls
• Timely data purging after operational use

We do not store WhatsApp data for advertising or cross‑platform tracking purposes.

Third‑Party Sharing

We may share data with trusted third‑party providers only when necessary to operate and improve our Services. These third parties may include:

• Hosting and infrastructure providers(for secure storage, uptime, and service delivery)
• Analytics providers(for performance monitoring and service improvement)
• Meta platformssuch as Facebook, Instagram, and WhatsApp, but only when you explicitly authorize such integrations

Data is never sold, and we do not share personal information with advertisers or unrelated third parties. All sharing is limited to the minimum information required and follows strict confidentiality and data‑processing agreements.

Security

We implement industry‑standard technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Secure hosting environments with hardened infrastructure
• Access controls and authentication safeguards to restrict data access to authorized personnel only
• Monitoring, logging, and security reviews to prevent misuse, unauthorized access, or data loss

While no system can guarantee absolute security, we continuously improve our protections to safeguard your information.

User Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your data
• Withdraw consent for specific processing activities where applicable

To exercise any of your rights, please contact us at:

📧 Dev@Almalai.com

We will respond within applicable legal timeframes and may require identity verification for security purposes.

Meta & WhatsApp Permissions (Authorized Scopes)

In order to provide integrations with Meta technologies (including Facebook, Instagram, and WhatsApp Business), our platform may request the following authorized permission scopes through Meta’s secure OAuth process:

• pages_show_list – Allows access to the list of Facebook Pages a user manages.
• pages_read_engagement – Allows reading engagement metrics and interactions on connected Pages.
• pages_manage_posts – Allows publishing and managing posts on behalf of a connected Page.
• pages_manage_metadata – Access to Page metadata required for content management, messaging, and performance features.
• business_management – Enables management of Business Manager assets necessary for integrations.
• instagram_basic – Access to basic profile information and media from Instagram Business or Creator accounts.
• instagram_content_publish – Allows publishing content to Instagram on behalf of the connected account.
• instagram_manage_insights – Allows access to Instagram analytics and insights.
• whatsapp_business_messaging – Allows sending and receiving business messages via the WhatsApp Business Platform.

Purpose of These Permissions

These permission scopes are used solely to enable:

• Account linking
• Content publishing
• Insights and analytics
• Messaging features
• Automation functions explicitly requested by the user

User Control

All permissions must be explicitly granted by the user and may be revoked at any time through Meta’s account settings.

Data Deletion Instructions

You may request the deletion of your personal data at any time. Depending on the platforms or services you use, you may exercise your deletion rights through any of the following methods:

1. 1. Meta Platforms (Facebook & Instagram)

To remove your data associated with Facebook or Instagram integrations, please revoke our application’s access from your Meta account settings:

Navigate to Facebook Settings → Business Integrations / Apps and Websites and remove Agentic Workforce (AW).

For Instagram Business accounts, remove AW under Linked Accounts / App Permissions.

Once access is revoked, we automatically cease data processing, and all associated Meta Platform Data stored on our systems will be deleted according to our retention policy.

2. 2. WhatsApp (WhatsApp Business Platform)

If you have interacted with our WhatsApp autonomous agent or business number, you may request deletion by sending the message:

"DELETE MY DATA"

to our official WhatsApp Business number.

Upon receiving this request, we will:

• Close any active service windows
• Remove your chat history, logs, and identifiers from our systems
• Stop further automated or template‑based messages
• Respect your opt‑out for marketing and transactional messaging
3. 3. Email Request

You may submit a deletion request at any time by emailing:

📧 Dev@Almalai.com

Your request should include the phone number, email address, or social media account identifier you used with our services so we can locate your data.

4. 4. Website, Portal, and AI Agent Interactions

If you have interacted with our:

• Website forms
• Customer portal
• AI-powered autonomous agents
• Support systems
• Integrations connected to third‑party platforms

you may request deletion through any of the methods above.

Following verification, we will erase:

• Profile or account data
• Communication logs
• AI conversation transcripts
• Stored preferences or analytics identifiers
• Integration tokens and access permissions
5. 5. Verification

For your protection, we may require identity verification before processing a deletion request. We will only request information necessary to verify your identity and will delete verification data after completing the request.

6. 6. Processing Timeline

We will process deletion requests within applicable legal timeframes and will notify you once your data has been fully removed from our systems.

7. 7. Limits to Deletion

We may retain certain information only when required by:

• Legal compliance
• Fraud prevention
• Transactional or financial record‑keeping laws
• Security or audit obligations

Any such retention will be minimal, securely stored, and not used for marketing or profiling.

Data Deletion Callback (Server Endpoint – Facebook, Instagram & WhatsApp)

We provide multiple mechanisms for users to request the deletion of their personal data across all platforms integrated with our Services. These methods comply with Meta’s Developer Platform requirements, including the mandatory Data Deletion Callback for Facebook and Instagram.

1. Facebook & Instagram (Meta Platforms)

When you remove our application from your Facebook or Instagram account, Meta may trigger an automated Data Deletion Request to our secure callback endpoint. This request contains a signed_request that we must verify using Meta’s HMAC‑SHA256 signing process.

Once the request is validated, we will:

• Identify the app-scoped user_id associated with your Meta account.
• Delete all Facebook/Instagram data we hold that is associated with that user_id.
• Revoke tokens and disconnect linked assets.
• Remove stored insights, analytics, publishing permissions, or associated logs.
• Generate a confirmation code and expose a status URL for your reference.

We return the following response (as required by Meta):

JSON

{

"url": "https://yourdomain.example/deletion-status?code=CONFIRMATION_CODE",

"confirmation_code": "CONFIRMATION_CODE"

}

Show more lines

This process ensures full compliance with Meta’s platform rules and their data deletion protocol for developers. [reportei.com]

You may also manually request deletion by emailing devs@Almalai.com or by removing the integration through your Facebook/Instagram account's Apps and Websites settings.

2. WhatsApp (WhatsApp Business Platform)

WhatsApp does not use Meta’s automated deletion callback system.

To request deletion of WhatsApp interaction data, you may contact us through any of the following methods:

Send “DELETE MY DATA” to our official WhatsApp Business number.

Email us at devs@Almalai.com

Upon receiving your request, we will:

• Erase chat records, message logs, and identifiers stored in our systems.
• Stop all automated or template-based communication.
• Revoke your opt-in for future messaging.

We may request limited verification information to confirm your identity before finalizing the deletion.

3. Website, Portal & AI Agent Data

If you interacted with our website, customer portal, AI-powered autonomous agents, or any integrated service, you may request deletion via any of the methods listed above.

We will delete:

• Account information
• Profile data
• AI interaction transcripts
• Support logs
• Analytics identifiers
• Integration tokens

Only information required by law (e.g., fraud prevention or financial records) may be retained.

4. Verification & Processing Time

For your security, we may require identity verification before fulfilling a request.

Deletion requests will be processed within the legally required timeframes, and you will receive confirmation once completed.