Privacy Policy
Welcome to SnappBot. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, and share information when you use our platform at snappbot.com and our related services.
By using SnappBot, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our services.
1. Who We Are
SnappBot is a multi-channel auto-reply platform that allows business owners (merchants) to automate replies to customer messages on Facebook Messenger, Instagram DM, WhatsApp, Telegram, and web chat. We act as a data processor on behalf of our merchants when handling customer message data.
Contact us at: chengshengwu.william@gmail.com
2. Information We Collect
We collect the following types of information:
- Account information: When you register as a merchant, we collect your full name and email address.
- Channel connection data: We collect platform-specific credentials when you connect channels (e.g. page tokens, bot tokens, phone identifiers). These are stored securely on our servers.
- Message data: When customers message your connected channels, we receive and log the message text and the sender's platform-specific identifier. We collect customer display names when available for identification in your dashboard.
- Auto-reply rules and flows: We store the keyword rules, reply messages, and automated conversation flows you configure in your dashboard.
- Products and orders: If you use the menu/products feature, we store your product catalog (names, prices, categories, descriptions) and customer orders placed through the menu system.
- Booking sessions: If you use the booking feature, we store session dates, time slots, capacities, and booking counts for your bookable products.
- Google Calendar data: If you connect Google Calendar, we store the credentials needed to sync booking availability. We read calendar events to calculate available slots but do not modify or delete your calendar events.
- Business profile: Information you provide about your business (name, address, operating hours, etc.) used to improve AI-generated replies.
- API keys: If you generate API keys for third-party integrations, we store a secure non-reversible version of each key, along with a partial display identifier, name, and permissions. The full key is shown once at creation and never stored in readable form.
- API audit logs: We log API requests made using your API keys, including the action performed and timestamp, for security monitoring purposes.
- Usage data: We store reply counts, activity logs, and statistics to display in your dashboard.
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the SnappBot auto-reply service across all connected channels
- Send automated replies to your customers via Messenger, Instagram, WhatsApp, Telegram, and web chat APIs
- Process and display customer orders from your menu system
- Manage booking sessions and sync availability with your Google Calendar
- Send browser push notifications and email alerts for events that need your attention (e.g. new orders, AI-unsure replies)
- Display activity logs, customer profiles, and statistics in your merchant dashboard
- Authenticate your account, API keys, and maintain your session
- Provide access to your account through the Public API and MCP (Model Context Protocol) integrations
- Send notification emails (e.g. handover alerts, order notifications)
- Respond to your support requests and communications
- Detect abuse and enforce rate limits on API usage
- Improve and maintain our platform
We do not use your data for advertising purposes, and we do not sell your data to third parties.
4. Channel Platform Data
SnappBot integrates with the following messaging platforms:
We do not store user profile data beyond what is necessary to send automated replies and display customer information in your dashboard. Message data is retained based on your plan tier and is periodically purged.
5. API and Third-Party Integrations
SnappBot provides a Public API that allows merchants to access their account data programmatically. This includes integration with AI assistants via MCP (Model Context Protocol).
- API key security: API keys are securely stored and cannot be recovered after creation. The full key is shown only once. Keys can be scoped to read-only or full access, and merchants can revoke keys at any time.
- Rate limiting: API requests are rate-limited to prevent abuse.
- Audit logging: All API requests are logged for security monitoring. Audit logs are periodically purged.
- MCP server: The SnappBot MCP server runs locally on the merchant's computer and connects directly to the SnappBot API using the merchant's API key. No data passes through third parties.
Merchants are responsible for keeping their API keys secure. SnappBot is not liable for unauthorized access resulting from compromised API keys.
6. Data Storage and Security
Your data is stored securely with strict data isolation. Each merchant account can only access their own data โ no merchant can view another merchant's information.
Channel credentials are stored securely and are never exposed to the browser, other merchants, or third parties. API keys cannot be recovered or viewed after creation.
Your data may be transferred to and processed on servers located outside Malaysia (including the United States and other jurisdictions where our service providers operate). By using SnappBot, you consent to this transfer. We ensure that appropriate safeguards are in place with our service providers.
While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We encourage you to use a strong password and keep your credentials and API keys confidential.
7. Data Sharing and Third Parties
We share your data with the following third-party service providers who help us operate our platform:
- Cloud infrastructure providers โ database hosting, server hosting, and frontend hosting
- Stripe โ payment processing for subscriptions. We do not store your card details; Stripe handles all payment data securely.
- Billplz โ payment processing for customer orders (Malaysian payment gateway). Order payments are processed by Billplz; we store the transaction reference but not card or bank details.
- Google Calendar API โ When connected by the merchant, we read calendar events to calculate booking availability.
- Email delivery provider โ transactional email delivery for notifications (e.g. handover alerts)
- AI providers โ When the AI reply feature is enabled, customer message text is sent to the merchant's chosen AI provider to generate replies. Supported providers include Anthropic (anthropic.com), OpenAI (openai.com), DeepSeek (deepseek.com), xAI (x.ai), Google Gemini (ai.google), and Mistral (mistral.ai). Merchants select and configure their own AI provider and API key (BYOK โ Bring Your Own Key).
- Meta / Facebook โ Messenger, Instagram, and WhatsApp APIs for sending and receiving messages
- Telegram โ Bot API for sending and receiving messages
We do not share your data with any other third parties without your explicit consent, except where required by law.
8. Data Retention
- Account data (name, email): Retained for as long as your account is active. Deleted within 30 days of account closure.
- Message activity logs: Retained based on your plan tier and automatically purged on schedule. Higher-tier plans retain logs longer. You may request immediate deletion at any time.
- Reply rules, flows, products, orders, and booking sessions: Retained until you delete them or close your account.
- Google Calendar connection: Deleted immediately when you disconnect Google Calendar from your dashboard.
- Channel credentials: Deleted immediately when you disconnect a channel.
- API keys: Retained until revoked by the merchant or upon account closure.
- API audit logs: Automatically purged on a periodic schedule.
- Customer data: Customer records are retained while your account is active and deleted upon account closure.
9. Account Suspension and Freeze
SnappBot administrators may freeze or suspend a merchant account in the event of suspected abuse, security incidents, or Terms of Service violations. When an account is frozen:
- The bot stops replying to customer messages on all channels
- All API keys are blocked from making requests
- Dashboard access shows a suspension notice
- Your data remains intact and is not deleted
Frozen accounts can be restored by contacting support. If you believe your account was frozen in error, please email us at chengshengwu.william@gmail.com.
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data. If you are located in Malaysia, your rights under the Personal Data Protection Act 2010 (PDPA) apply. If you are located in the European Economic Area, your rights under the General Data Protection Regulation (GDPR) apply.
- Right to access: Request a copy of the data we hold about you
- Right to correction: Request that we correct inaccurate data
- Right to deletion: Request that we delete your account and associated data
- Right to portability: Request an export of your data
- Right to withdraw consent: Disconnect any channel (Facebook, Instagram, WhatsApp, Telegram, Google Calendar) at any time from your dashboard
To exercise any of these rights, contact us at chengshengwu.william@gmail.com. We will respond within 14 business days.
11. Children's Privacy
SnappBot is intended for use by business owners and is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
12. Cookies
Our platform uses essential session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or analytics cookies. You can disable cookies in your browser settings, but this may affect your ability to use the platform.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of SnappBot after changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: