Privacy Policy

Last Updated: May 10, 2026

Company: Rockybits Technologies Ltd (RC 8848920)

Address: Lagos State, Nigeria

Website: https://automateit.rockybits.com

Contact Email: info@rockybits.com

1. Introduction

Rockybits Technologies Ltd ("we," "our," or "us") operates the AutomateIt platform ("the Platform"), an AI-powered WhatsApp Business automation service. We are a verified Meta WhatsApp Tech Provider, enabling businesses to deploy AI customer service agents on WhatsApp.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when:

  • A business ("Client") uses our Platform to automate their WhatsApp communications.
  • An end customer ("End User") interacts with a Client's AI agent powered by our Platform.
  • Anyone visits our website at https://automateit.rockybits.com.

We are committed to protecting your privacy and complying with the Nigeria Data Protection Regulation (NDPR), the Meta Platform Terms, the WhatsApp Business Messaging Policy, and applicable international privacy frameworks.

2. Information We Collect

2.1 Information Collected from Clients

When a business signs up for AutomateIt, we collect:

CategoryExamplesPurpose
Account InformationBusiness name, email address, phone number, billing addressAccount creation, billing, support
WhatsApp Business Account DataPhone number ID, WABA ID, access tokensConnecting to WhatsApp Cloud API via Embedded Signup
Business ConfigurationAI system prompts, business policies, product catalogs, operating hoursConfiguring the Client's AI agent
Third-Party Service CredentialsAPI keys for Google Sheets, Paystack, CRM systemsEnabling Business Actions (Phase 3+)
Billing InformationPayment method details (processed by Paystack/Stripe; we do not store full card numbers)Subscription billing
Usage DataMessages sent/received, features used, dashboard activityAnalytics, billing, platform improvements

2.2 Information Collected from End Users

When an end customer interacts with a Client's WhatsApp AI agent, we process:

CategoryExamplesPurpose
Message ContentText messages, media attachments sent to the Client's WhatsApp numberDelivering the AI automation service
MetadataPhone number, message timestamp, delivery statusMessage routing, analytics for the Client
Conversation ContextChat history with the Client's businessEnabling multi-turn conversations and memory features (Phase 4+)

2.3 Information Collected from Website Visitors

CategoryExamplesPurpose
Technical DataIP address, browser type, device information, pages visitedAnalytics, security, performance
Contact InformationName, email, message content (if you use our contact form)Responding to inquiries

3. How We Use Information

3.1 Primary Uses

  • Provide the Service: Route WhatsApp messages, process AI responses, execute Business Actions (e.g., payment link generation, calendar booking), and deliver analytics to Clients.
  • Maintain and Improve the Platform: Monitor performance, fix bugs, train AI models (only with aggregated, anonymized data; individual Client data is never used for model training without explicit consent).
  • Billing and Account Management: Process subscription payments, manage account settings, send service-related communications.
  • Security and Compliance: Detect and prevent fraud, abuse, and unauthorized access; comply with legal obligations; enforce Platform Terms and Meta's policies.
  • Client Support: Respond to inquiries, troubleshoot issues, provide technical assistance.

3.2 WhatsApp-Specific Uses

As a Meta WhatsApp Tech Provider, we process WhatsApp messages solely for:

  • Delivering AI-powered automated responses as configured by the Client.
  • Routing messages between End Users and the Client's designated AI agents.
  • Providing analytics and conversation logs to the Client.
  • Ensuring compliance with the WhatsApp Business Messaging Policy, including opt-out handling and quality monitoring.

We do not:

  • Read, mine, or use message content for advertising purposes.
  • Sell message data to third parties.
  • Initiate conversations with End Users independently of the Client's configuration.

4. How We Share Information

4.1 With the Client (Business)

All End User interactions processed through a Client's WhatsApp number belong to that Client. The Client has access to:

  • Conversation histories with their End Users.
  • Analytics derived from their End Users' interactions.
  • Any data stored in the Client's configured third-party integrations (Google Sheets, CRM, etc.).

4.2 With Meta (WhatsApp)

As a Tech Provider, we share data with Meta as required to operate the WhatsApp Business Platform, including:

  • Message content and metadata for delivery.
  • Template submissions for approval.
  • Quality and compliance data as required by Meta's policies.

All data shared with Meta is governed by Meta's Data Policy and WhatsApp Business Terms of Service.

4.3 With Third-Party Service Providers

We use trusted third-party services to power our Platform:

Service ProviderPurposeData Shared
Meta (WhatsApp Cloud API)Message deliveryMessage content, phone numbers
Paystack / StripePayment processingBilling information
Upstash (Kafka)Event streamingMessage metadata
Anthropic / OpenAI / OllamaAI model inferenceMessage content (for generating replies)
QdrantVector storage (Phase 4+)Embedded conversation summaries
Vercel / Railway / AWSHosting infrastructureAll platform data

4.4 Legal Disclosures

We may disclose information if required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations.
  • Protect the rights, property, or safety of Rockybits Technologies Ltd, our Clients, or the public.
  • Prevent or investigate potential violations of our Terms of Service or Meta's policies.

4.5 Business Transfers

If Rockybits Technologies Ltd is involved in a merger, acquisition, or sale of assets, Client and End User data may be transferred as part of that transaction. We will notify Clients of any such change in ownership or control.

5. Multi-Tenancy & Data Isolation

AutomateIt is a multi-tenant platform serving multiple business Clients simultaneously. We implement strict technical and organizational measures to ensure complete data isolation:

  • Tenant-Scoped Data: All data (messages, configurations, credentials) is tagged with a unique client_id and logically separated.
  • Attribute-Based Access Control (ABAC): Every database query and AI retrieval operation is filtered by client_id. Cross-tenant access is automatically blocked and logged as a security event.
  • Isolated Credential Storage: Client API keys and access tokens are encrypted per tenant in a secure vault.
  • Dedicated Infrastructure (Enterprise): Phase 4–5 Enterprise Clients receive dedicated vector database shards and optional dedicated Kafka topics for enhanced isolation.
  • Zero Cross-Tenant AI Training: Client data from one tenant is never used to train or fine-tune AI models that serve another tenant.

6. Data Retention

6.1 Client Data

  • Account Information: Duration of the Client's account + 90 days after account closure.
  • Message Content and Logs: 90 days (default) or as configured by the Client (30, 90, or 365 days for Phase 4+ Enterprise plans).
  • AI Configuration and Prompts: Duration of the Client's account.
  • Billing Records: 7 years (for legal and tax compliance).

6.2 End User Data

End User data is retained according to the Client's configured retention period. End Users may request data deletion by contacting the Client directly or by emailing us at rockycodess@gmail.com.

6.3 Data Deletion

Upon account closure or data deletion request:

  • Client data is permanently deleted within 30 days.
  • Backups are purged within 90 days.
  • Aggregated, anonymized data may be retained indefinitely.

7. Data Subject Rights

Under the Nigeria Data Protection Regulation (NDPR) and other applicable privacy laws, individuals have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Request limited processing of your data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at info@rockybits.com. We will respond within 30 days. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local data protection authority.

8. End User Opt-Out (WhatsApp)

End Users may stop receiving automated messages from any Client at any time by:

  • Sending STOP, UNSUBSCRIBE, CANCEL, or REMOVE as a WhatsApp message to the Client's number.
  • Our Platform automatically processes these opt-out keywords and blocks further automated messages to that phone number for that Client.
  • Opt-out requests are effective immediately.

9. Security Measures

We implement industry-standard security measures to protect all data:

  • Encryption in Transit: All data transmitted between End Users, Meta, our servers, and third-party services is encrypted using TLS 1.3.
  • Encryption at Rest: All stored data is encrypted using AES-256.
  • Access Controls: Strict role-based access controls; multi-factor authentication for administrative access.
  • Audit Logging: All data access, modifications, and agent actions are logged for security monitoring.
  • Penetration Testing: Regular security assessments and vulnerability testing.

10. International Data Transfers

Our servers are hosted in Nigeria and internationally (via Vercel, Railway, or AWS). Data may be transferred to and processed in countries outside the data subject's country of residence. Where such transfers occur, we implement appropriate safeguards, including standard contractual clauses and data processing agreements with all third-party providers.

11. AI Model Providers & Data Usage

AutomateIt uses multiple AI model providers for natural language processing:

  • Anthropic (Claude): Messages are sent to the API for response generation. Anthropic does not train on business API data by default.
  • OpenAI (GPT): Messages are sent to the API for response generation. OpenAI does not use API-submitted data for training.
  • Ollama (Self-Hosted): When Clients opt for self-hosted models, data never leaves the Platform's infrastructure.

Client data is never sold, shared between Clients, or used to train public AI models without explicit opt-in consent.

12. Deauthorize & Data Deletion Callbacks

As a Meta Tech Provider application, we provide the following endpoints for Facebook/WhatsApp compliance:

  • Deauthorize Callback: https://automateit.rockybits.com/facebook/deauthorize — Triggered when a user revokes our app's permissions. We immediately disconnect the associated WABA and revoke access tokens.
  • Data Deletion Callback: https://automateit.rockybits.com/facebook/datadeletion — Triggered when a user requests data deletion. We process the request within 30 days.

13. Compliance Statement

Rockybits Technologies Ltd operates AutomateIt in compliance with:

  • Nigeria Data Protection Regulation (NDPR) — Nigeria's primary data protection law.
  • Meta Platform Terms — Including WhatsApp Business Messaging Policy and Commerce Policy.
  • Meta Tech Provider Terms — Governing our status as a verified WhatsApp Tech Provider.
  • General Data Protection Regulation (GDPR) — For any data subjects within the European Union.

This privacy policy is effective as of May 10, 2026. It supersedes any prior versions.

Rockybits Technologies Ltd | RC 8848920 | Lagos State, Nigeria | https://automateit.rockybits.com

Ready to put your WhatsApp on Autopilot?

Join 500+ businesses using AutomateIt to drive sales, support customers, and scale operations instantly.

No credit card required to start • Cancel anytime