Privacy Policy

Company Information

Company: AL Abrish Technologies FZCO ("AL Abrish," "we," "us," "our")

This policy explains what we collect, why we collect it, how we use it, who we share it with, and the choices you have. It applies to our website and all services we provide: WhatsApp API subscriptions, website development, software development, consulting, digital marketing, hosting, maintenance, and other IT services. By using our site or services, you agree to this policy.

1. QUICK SUMMARY

• We collect only what we need to deliver services, support you, and meet legal duties.
• We bill annually in advance and keep billing records for tax, fraud prevention, and disputes.
• We do not sell personal data.
• We use reputable vendors for hosting, analytics, payments, communications, and the WhatsApp Business API.
• You can access, correct, delete, or object to certain uses of your data. Email us any time.

2. SCOPE AND ROLES

• Controller: AL Abrish acts as the Controller for data tied to our own website, sales, billing, support, and marketing.
• Processor: When we deliver services for you (for example, WhatsApp Business API messaging or managed campaigns), we process your end-customer data strictly on your documented instructions. In that context, you are the Controller.
• DPA: If you need a Data Processing Addendum, email privacy@alabrishtechnologies.in.

3. WHAT WE COLLECT

A) Information you provide to us

• Account and business details: name, company, job title, email, phone, billing address, tax IDs.
• Project materials: requirements, content, media, domain/DNS details, test accounts, API keys or credentials you choose to share, change requests, approvals.
• Support communications: emails, chats, tickets, and call notes.
• Payment details: we receive payment confirmations, amounts, dates, method, status, and card last 4 digits/expiry from our payment processors. We do not store full card numbers.

B) Information collected automatically

• Logs and device data: IP address, device and browser type, operating system, pages viewed, referring URLs, session IDs, timestamps, crash and error diagnostics.
• Cookies and similar technologies: used for sign-in, security, analytics, remembering preferences, measuring performance, and marketing (if you consent—see "Cookies and Tracking").
• Service telemetry: API usage, queue behavior, delivery receipts, error codes, uptime metrics.

C) Information from third parties (lawful sources)

• Payments and fraud checks from payment processors or banks.
• WhatsApp Business ecosystem signals (template approvals, deliverability, policy feedback) from Meta systems or approved providers.
• Marketing tools and CRMs (for example, whether an email was opened or a link was clicked).
• Public sources such as company websites and professional directories.

We do not intentionally collect sensitive data (such as health, biometric, or precise location). If a project requires handling such data, we will agree safeguards in writing first.

4. WHY WE USE YOUR DATA (LEGAL BASES)

Here's the plain version of what we do with your information.

• Deliver services and projects (contract): set up accounts, build and deploy, operate the WhatsApp API, host and maintain, provide support.
• Billing and renewals (contract/legal obligation): issue invoices, process annual advance payments, manage receipts, taxes, and audits.
• Security and abuse prevention (legitimate interests/legal obligation): detect fraud, prevent spam, rate-limit, investigate misuse.
• Improve and operate (legitimate interests): fix bugs, monitor performance, develop features.
• Communications (contract/consent/legitimate interests): project updates, service notices, policy changes, and—if you opt in—marketing.
• Compliance (legal obligation): maintain records, respond to lawful requests, meet regulatory duties.

Where we rely on consent (for example, some cookies or regional marketing), you can withdraw it at any time.

5. WHATSAPP BUSINESS API SPECIFICS

• Your responsibility: you must have valid opt-in/consent where required for your recipients.
• Our role: we process message content and metadata only to deliver, retry, and troubleshoot messages on your instructions.
• What we process: sender/recipient identifiers, timestamps, template IDs, delivery status, error codes, and message/media content only as needed for delivery.
• Storage: message content and media may be cached for up to 7 days to handle delivery and retries, then removed; metadata used for logs and stats is minimized and kept only as long as necessary (see "Retention").
• Opt-outs: if a recipient opts out or blocks messaging, we record that and stop messaging them for that use case.
• Enforcement: if we detect abuse, illegal content, or policy violations, we may suspend messaging while we investigate.

6. PAYMENTS AND BILLING (ANNUAL, IN ADVANCE)

• We charge before service and once every year for ongoing subscriptions and maintenance.
• Payments are handled by PCI-compliant processors. We do not keep full card data.
• We retain invoices, receipts, payment confirmations, and related metadata for tax, accounting, fraud prevention, and disputes.
• Refunds, chargebacks, and cancellations are governed by our Terms of Service. This privacy policy still applies to any data tied to those processes.

7. COOKIES AND TRACKING

We use cookies and similar technologies for:

• essential functions (security, load balancing, sign-in),
• preferences (language, saved settings),
• analytics (understand usage and improve the site),
• marketing (measure campaigns and audiences, only with your consent where required).

Your choices:

• Manage cookies in your browser settings.
• If we present a consent banner, use it to enable or disable non-essential cookies.
• "Do Not Track" signals are not acted on at this time.

8. WHEN WE SHARE INFORMATION

We share data only when needed and only with parties who must receive it.

A) Service providers (subprocessors)

Examples include:

• Cloud hosting and CDN for availability, security, performance.
• Payment processors for card/bank transactions.
• Email and collaboration tools for communications.
• Analytics tools for site and product metrics.
• Logging/monitoring tools for uptime and troubleshooting.
• Approved providers in the WhatsApp Business ecosystem for message delivery.

We require our vendors to follow strong confidentiality, security, and privacy standards. We can share our current subprocessor list on request.

B) Legal and safety

We may disclose information to comply with laws, respond to lawful requests, enforce agreements, or protect rights, property, and safety.

C) Business changes

If we are involved in a merger, acquisition, or asset sale, data may transfer as part of that transaction. We will provide notice where required.

We do not sell personal data.

9. INTERNATIONAL TRANSFERS

We operate globally and use vendors with infrastructure in multiple countries. When we transfer personal data across borders, we apply safeguards such as Standard Contractual Clauses, data transfer agreements, encryption in transit, and access controls.

10. RETENTION – HOW LONG WE KEEP DATA

We keep data only as long as needed for the purposes described above or as required by law. Typical timeframes:

• Account and contract records: subscription term plus up to 7 years for tax and audit.
• Billing and transaction metadata: 7 years (legal/accounting).
• Website and infrastructure logs: up to 90 days.
• Support tickets and email threads: project duration plus 2 years.
• WhatsApp message metadata: up to 30 days for troubleshooting; aggregated statistics may be retained without identifying individuals.
• WhatsApp media/content cache: up to 7 days, then removed.
• Backups: rolling 30–90 days.
• Marketing suppression lists (opt-outs): retained to honor your choice.

When data is no longer needed, we delete it or de-identify it.

11. SECURITY

We protect data with encryption in transit, hardened infrastructure, least-privilege access, multi-factor authentication for admin accounts, audit logging, and continuous monitoring. We review access regularly, apply patches, and train staff. No system is perfectly secure, but we work hard to keep your data safe. If a breach affects your personal data, we will notify you and regulators when required.

Your part: do not share passwords or API keys in plain text. Limit credentials to what is strictly needed. Rotate keys and use strong authentication where possible.

12. YOUR RIGHTS AND HOW TO USE THEM

Depending on your location (for example UAE PDPL, EU/UK GDPR, India DPDP Act 2023, California CCPA/CPRA), you may have the right to:

• access the data we hold about you,
• correct inaccurate data,
• delete data in certain cases,
• object to or restrict certain processing,
• receive a portable copy of your data,
• withdraw consent where we rely on consent,
• opt out of marketing.

How to make a request:

• Email privacy@alabrishtechnologies.in and tell us what you want to do.
• Include the email or phone number you used with us.
• We will verify your identity and respond within the timeframe required by law in your region.

Marketing choices:

• Email: use the unsubscribe link or email us.
• WhatsApp/SMS: reply with the provided opt-out keyword (for example, STOP or UNSUBSCRIBE) or email us.

Complaints: you can contact us first, or contact your local data protection authority if applicable.

13. DATA WE PROCESS FOR YOU (BUSINESS CLIENTS)

When we act as your Processor, we will:

• process personal data only on your documented instructions,
• ensure confidentiality and implement appropriate security,
• assist you in responding to data subject requests and privacy impact assessments,
• notify you of personal data breaches without undue delay,
• delete or return personal data at the end of the engagement (subject to legal retention),
• provide reasonable assurances or audit cooperation as set out in our DPA.

Your responsibilities as Controller include:

• establishing a lawful basis for your processing,
• collecting valid consent where required,
• providing your own privacy notices to your end users,
• sending us only the minimum personal data necessary,
• honoring data subject rights and opt-outs.

14. CHILDREN

Our services are intended for businesses and professionals. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will delete it.

15. THIRD-PARTY LINKS

Our website may link to other sites. Their privacy practices are their own. Review their policies before sharing personal data with them.

16. AUTOMATED DECISION-MAKING AND PROFILING

We may use automated systems to route messages, detect spam or abuse, prioritize support, or segment audiences for deliverability. These processes do not produce legal or similarly significant effects on individuals. You can request human review where applicable.

17. CHANGES TO THIS POLICY

We will update this policy when necessary. If changes are material, we will notify you (for example, by email or an in-service notice). The effective date at the top shows when it last changed.

18. CONTACT

• Privacy questions or requests: privacy@alabrishtechnologies.in
• Company: AL Abrish Technologies FZCO, Dubai, United Arab Emirates
• Website: https://alabrishtechnologies.com/

19. FINAL NOTES

• We collect what we need to deliver projects and subscriptions billed annually in advance.
• We use reputable vendors and keep your data as short a time as possible.
• We do not sell your personal data.
• If you want to see it, change it, delete it, or stop certain uses—tell us. We'll sort it out.