PRIVACY POLICY
Effective Date: Upon use of services
Company: ABBA (Always Building Better Automation)
1. Overview
This Privacy Policy explains how ABBA collects, uses, stores, and protects data when you use our automation services.
Who this applies to:
- Businesses (clinics, service providers, etc.) who are our clients
- End users (customers, patients, etc.) who interact with our clients' automated systems
Our role: ABBA acts as a data processor on behalf of our clients. We handle data solely to deliver the services our clients have requested. Our clients remain the data owners and are responsible for how they use and manage their customer data.
2. What Data We Collect
We collect and process the following types of data:
From Clients (Businesses):
- Business name, contact information, and billing details
- WhatsApp numbers, Facebook page IDs, Instagram accounts, and other channel identifiers
- Configuration details, messaging templates, and workflow instructions
- Staff login credentials and access permissions
From End Users (via Client Channels):
- Messages sent to and from the client's WhatsApp, Facebook, or Instagram accounts
- Phone numbers, names, and contact details provided during conversations
- Appointment requests, service inquiries, and other interaction content
- Metadata such as timestamps, message delivery status, and session data
Technical Data:
- IP addresses, device types, and browser information (for platform access)
- System logs, error reports, and performance metrics
We do not collect sensitive personal information (e.g., health records, financial data, biometric data) unless it is voluntarily provided by end users during conversations with our clients. Such data remains subject to the client's own privacy obligations.
3. How We Use Data
ABBA uses data solely to deliver and improve our services:
Service Delivery:
- Operating automated messaging workflows
- Routing conversations to appropriate staff members
- Generating appointment confirmations and follow-ups
- Providing AI-assisted responses based on client-configured instructions
Support & Maintenance:
- Troubleshooting technical issues
- Setting up and configuring client accounts
- Responding to support requests
Reporting:
- Creating summaries and analytics for clients (e.g., message volumes, response times)
- Generating internal performance metrics to improve platform reliability
We do not use client data for:
- Marketing or advertising
- Training shared AI models
- Selling or sharing with third parties outside of service delivery
- Cross-client analysis or benchmarking
4. Data Ownership
Clients own their data. All business information, customer conversations, patient records, and interaction history generated through ABBA belong to the client.
ABBA does not claim ownership of client data. We process it only as instructed and as necessary to deliver the service.
5. Data Isolation & Security
Each client operates in a logically isolated workspace. Data is segregated by unique workspace identifiers, ensuring no cross-client access.
We do not:
- Share one client's data with another client
- Pool data across clients for analysis or model training
- Allow clients to access other clients' data
Security measures include:
- Encrypted data transmission (HTTPS/TLS)
- Secure access controls and authentication
- Regular security reviews and updates
- Restricted staff access (only authorized personnel for support and setup)
While we implement industry-standard protections, no system is entirely immune to risk. Clients are responsible for securing their own credentials and managing staff access appropriately.
6. AI & Data Usage
ABBA uses AI to assist with message handling, intent detection, and automated responses.
Important clarifications:
- AI responses are generated session-based and configuration-driven, using instructions provided by the client
- We do not train AI models on your customer conversations
- We do not use one client's data to improve services for other clients
- AI models rely on pre-trained language capabilities and client-specific configurations, not on learning from live conversations
If general platform improvements require data analysis, we will anonymize and aggregate data in ways that remove all identifying information.
7. Access Controls
Authorized ABBA staff may access client systems and data only for the following purposes:
- Initial setup and configuration
- Troubleshooting and debugging
- Responding to support requests
- Security monitoring and incident response
Access is logged and limited to personnel with legitimate operational needs. We do not access data for casual browsing or unauthorized purposes.
8. Third-Party Services
ABBA relies on third-party platforms to deliver services:
Messaging Platforms:
- WhatsApp Business API (Meta)
- Facebook Messenger (Meta)
- Instagram Direct Messages (Meta)
Infrastructure Providers:
- Cloud hosting and database services
- Communication APIs (e.g., Twilio for SMS/WhatsApp)
These providers process data solely to enable service delivery. They are not authorized to use client data for their own purposes beyond infrastructure support. Clients should review the privacy policies of these third parties, as their terms also apply.
9. Data Retention & Deletion
During Active Service: Data is retained as long as necessary to provide services and fulfill reporting obligations.
Upon Termination:
- Services are disabled within a reasonable timeframe (typically 7–14 days)
- Clients may request a data export before deletion
- Data is permanently deleted or anonymized after a retention period of up to 90 days unless longer retention is required by law or agreed upon in writing
We do not retain data indefinitely after termination unless explicitly requested by the client or required for legal compliance.
10. Client Rights
As a client, you have the right to:
- Access: Request copies of data we hold on your behalf
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your data (subject to legal and operational constraints)
- Portability: Export your data in a usable format upon request
To exercise these rights, contact us at [email protected].
For end users (customers/patients): If you have questions about how your data is used, please contact the business you interacted with. They are the data controller and responsible for responding to your privacy requests.
11. International Data Transfers
ABBA operates using cloud infrastructure that may store and process data in multiple regions. If you are located in a jurisdiction with data protection laws (e.g., GDPR, Australian Privacy Principles), we take steps to ensure data is handled in accordance with applicable legal frameworks.
However, by using ABBA, you acknowledge that data may be transferred to and processed in regions where data protection standards differ from your own.
12. Changes to This Policy
ABBA may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.
We will notify clients of material changes via email or in-platform notification. Continued use of the service after changes take effect constitutes acceptance of the updated policy.