Privacy Policy

Atmet ("we," "our," or "us") operates a WhatsApp Business automation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our integration with the WhatsApp Business API provided by Meta Platforms, Inc. ("Meta").

By using our Services, you consent to the practices described in this policy.

Account Information: Name, email address, business name, phone number, country, and billing address when you register.

WhatsApp Business Data: We process WhatsApp message data on your behalf through the WhatsApp Business API. This includes customer messages sent to your WhatsApp Business number and automated responses generated by our AI. You (the business) are the data controller for end-customer conversation data; we act as your data processor.

Store Integration Data: When you connect a Salla or Zid store, we access order information, product catalogs, customer data, and shipping statuses necessary to provide automation features.

Usage Data: Log files, IP addresses, browser type, device identifiers, pages visited, session duration, and feature interaction data.

Payment Information: All payments are processed by our third-party payment processor, which serves as our Merchant of Record. We do not collect, store, or have access to full payment card numbers. Our payment processor handles all payment card data under PCI DSS standards.

We use your information to:

•Provide, operate, and improve our WhatsApp automation platform

•Connect your WhatsApp Business number via the Meta Business API

•Integrate with your Salla/Zid store and process automation triggers

•Process subscriptions and billing through our payment processor

•Send transactional and service-related communications

•Monitor for security threats and prevent fraud

•Comply with legal obligations

•Respond to support requests

Our Services operate through the WhatsApp Business API provided by Meta Platforms, Inc. As a Meta Business Solution Provider (BSP), we are required to comply with Meta's Platform Terms, Developer Policies, and WhatsApp Business Terms of Service.

By using our Services:

•Your WhatsApp Business account data is processed subject to Meta's Privacy Policy (https://www.whatsapp.com/legal/privacy-policy)

•Message content processed through the API is subject to Meta's data handling practices

•You must comply with Meta's WhatsApp messaging guidelines and acceptable use policies

•Meta may independently receive and process data related to your use of the WhatsApp Business API

We recommend reviewing Meta's privacy documentation at https://www.facebook.com/privacy/policy/

All subscription payments are processed by our third-party payment processor, which acts as the Merchant of Record for all transactions. This means:

•Our payment processor handles payment processing, invoicing, VAT/tax collection, and payment compliance

•When you subscribe, you are also subject to the payment processor's own terms of service and privacy policy

•Your payment card data is processed under PCI DSS Level 1 compliance by our payment processor

•We receive confirmation of successful payment and your subscription status, but never your full payment card details

•Refund requests related to billing are handled in coordination with our payment processor

We share your information only as follows:

Meta Platforms, Inc.: To provide WhatsApp Business API functionality. Data flows to Meta per their platform terms.

Payment Processor: Your billing and payment information is processed by our Merchant of Record payment provider. We do not share payment data beyond what is necessary to complete your transaction.

Salla / Zid: Store integration data is exchanged with these platforms based on your explicit authorization and the integrations you enable.

Service Providers: We engage trusted third-party providers for cloud infrastructure, analytics, and customer support tooling, who are contractually bound to handle data securely and only for authorized purposes.

Legal Requirements: We may disclose information when required by law, court order, or government authority, or to protect the rights and safety of our users.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

•Account data: Retained for the duration of your subscription and up to 90 days after cancellation, after which it is deleted unless legally required to retain it.

•WhatsApp conversation logs: Retained for 30 days by default. You may configure this period in your dashboard or request earlier deletion.

•Store integration data: Deleted within 30 days of disconnecting the integration or cancelling your subscription.

•Financial/billing records: Retained for 7 years as required by applicable tax and commercial laws. Payment transaction records are additionally subject to the retention policies of our payment processor.

•Anonymized analytics data may be retained indefinitely.

You have the right to:

•**Access** the personal data we hold about you

•**Correct** inaccurate or incomplete data

•**Delete** your data (see our Data Deletion Policy)

•**Export** your data in a portable, machine-readable format

•**Restrict** or object to certain processing activities

•**Withdraw consent** at any time where processing is based on consent

To exercise any of these rights, email us at privacy@atmet.app. We will respond within 30 days. We may need to verify your identity before processing your request.

We implement industry-standard security measures including:

•TLS/HTTPS encryption for all data in transit

•Encryption at rest for stored data

•Role-based access controls and principle of least privilege

•Regular security audits and vulnerability assessments

•Secure development practices

While we take these measures seriously, no system is completely immune to security incidents. We will notify affected users of any material data breach as required by applicable law.

Our services are primarily operated from the Kingdom of Saudi Arabia. Your data may be processed or stored in data centers outside your country of residence. We ensure appropriate safeguards are in place for any international transfers, consistent with applicable data protection laws.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at privacy@atmet.app.

Our platform may contain links to third-party websites or services (including Meta, Salla, Zid, and our payment processor). This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a prominent notice on our platform before the changes take effect. Continued use of our Services after the effective date constitutes acceptance of the updated policy.

For privacy-related inquiries, data requests, or complaints:

Email: privacy@atmet.app

Atmet — Riyadh, Kingdom of Saudi Arabia