Privacy Policy

This Privacy Policy applies to:

• Visitors and business users of Conversell websites, signup flows, product dashboards, APIs, and support channels.
• End users who send messages or interact with a business that uses Conversell to manage conversations on Instagram, Facebook Messenger, WhatsApp, or other connected channels.

If you only interact with a business through Meta’s apps, Meta’s Privacy Policy also applies to Meta’s own processing. This page explains Conversell’s practices.

We collect the following categories of information, depending on how you interact with us:

• Account and contact data: Name, email, phone number, country, company name, job title, billing and contract details, and authentication identifiers when you register or contract with us.
• Messaging and channel data: Message text and rich media, timestamps, delivery or read receipts where available, channel identifiers, automation logs, and labels or metadata your organization configures in our product for routing or analytics.
• Identifiers from integrated platforms: Technical IDs assigned by Meta or other providers to users, conversations, or pages (for example, Instagram-scoped user IDs where applicable, Messenger-related identifiers, or WhatsApp phone numbers as shared with the connected WhatsApp Business account), strictly as needed to operate the integration.
• Profile elements from platforms: Display name, username, profile image URL, or other profile fields that Meta exposes to the connected business via the relevant APIs, within the limits of permissions you or your organization have authorized.
• Technical and usage data: IP address, approximate location derived from IP, device/browser type, session and audit logs, product usage events, error reports, and security signals.
• Correspondence and feedback: Emails, chat transcripts, call records, survey responses, and satisfaction feedback you send to us.
• Third-party sources: Fraud-prevention signals, business verification data, or referral information from partners where permitted by law.

Our service can be connected to Meta-owned messaging products, including Instagram messaging, Facebook Messenger, and WhatsApp, through Meta for Developers (for example, the Instagram Messaging API, Messenger Platform, and WhatsApp Business Platform), in each case only when a business customer completes Meta’s connection flows and grants our app the required permissions.

• What we receive from Meta: We receive the data Meta sends to our app via authorized webhooks and APIs to operate the customer’s inbox and automations—commonly including message content, participant identifiers, timestamps, conversation references, and permitted profile or engagement metadata. The exact fields depend on the product, permission set, and conversation type.
• Purpose of processing: We use this information solely to provide the contracted service: ingesting, displaying, routing, storing (as configured), analyzing, automating, handoff to human agents, quality measurement, troubleshooting, and security for that customer’s channels.
• Meta’s role: Meta processes data under its own policies and platform terms. Our use of Meta APIs is also subject to the Meta Platform Terms and applicable product policies. We do not use Meta user data to sell personal information as a standalone business model or to build unauthorized advertising profiles unrelated to providing our product.
• End-user transparency: Businesses using Conversell are responsible for providing any required privacy notices, consents, or opt-outs to their end users for their use of messaging channels, in line with Meta’s rules and applicable law.

• When you visit our websites, authenticate, or use our dashboard and APIs.
• When you connect Meta assets (Instagram account, Facebook Page, WhatsApp Business account, etc.) through OAuth or Meta’s linking flows and subscribe webhooks or messaging events.
• When an end user messages a connected business on Instagram, Messenger, or WhatsApp and Meta delivers those events to our infrastructure.
• From emails, chats, or calls with our support and sales teams.
• From cookies and similar technologies on our sites, as described in our cookies notice below.

• Providing the service: Operating inboxes, automations, integrations, exports, and customer-configured workflows.
• Communications: Transactional notices, security alerts, product updates, and—where lawful—marketing, with opt-outs where required.
• Billing and administration: Invoicing, taxes, account management, and contract performance.
• Improvement and reliability: Debugging, performance analytics in aggregate or pseudonymous form where possible, feature development, and A/B testing.
• Security and abuse prevention: Detecting fraud, enforcing rate limits, and protecting accounts and integrations.
• Legal compliance: Responding to lawful requests, preserving records where required, and defending legal claims.

We share personal information only as needed to run the service or comply with law:

• Meta Platforms Technologies and affiliates: When your organization connects Meta products, data flows between Meta and Conversell according to Meta’s APIs and your permission grants. Meta’s handling is governed by Meta’s documentation and policies.
• Subprocessors and infrastructure: Hosting, logging, email delivery, customer support tooling, security vendors, and payment processors, under contracts that require confidentiality and appropriate safeguards.
• Professional advisers: Lawyers, auditors, or insurers when necessary.
• Authorities: Regulators, courts, or law enforcement when we believe disclosure is legally required.
• Business transfers: A successor entity in a merger, acquisition, or asset sale, subject to continued protection of personal information as described here.

We do not sell personal information for monetary consideration. Where U.S. state laws define “sale” or “sharing” broadly (for example, for cross-context behavioral advertising), we describe relevant choices in rights requests below.

We retain information for as long as necessary to provide the service, meet legal, tax, or accounting obligations, resolve disputes, and enforce agreements. Retention periods may depend on product settings (such as workspace retention rules), the need to prove delivery of messages, and backup cycles.

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit for modern connections, logging, vendor review, and staff training. No method of transmission or storage is completely secure; please use strong credentials and notify us of suspected incidents.

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

• EEA/UK/Switzerland: Legal bases may include contract, legitimate interests (balanced against your rights), consent where required, and legal obligations.
• International transfers: Where we transfer data outside your region, we use mechanisms such as Standard Contractual Clauses or other approved safeguards as required.

We use cookies and similar technologies to operate our websites, remember preferences, measure traffic, and improve user experience. You can control cookies through your browser settings. For more detail, see our dedicated Cookies Policy if published at the same site as this Privacy Policy.

We may update this policy to reflect product, legal, or regulatory changes. We will post the revised version on this page and update the “Last updated” date. Where changes are material, we will provide additional notice as appropriate (for example, by email or in-product message).

For privacy questions, requests, or complaints:

• Email: dpo@conversell.ai
• Postal address: Conversell SASU, 5 rue du Helder, 75009 Paris, France