Privacy Policy – Orderly.chat
Orderly.chat ("we," "us," or "our") operates a service bot that integrates with the WhatsApp Business API and Meta's Commerce Catalog on behalf of our merchant customers ("you," "your") under Meta's Platform Terms and applicable laws.
1. Role & Scope
Tech Provider Only. Orderly.chat acts strictly as a Data Processor on behalf of our merchant customers, who are the Data Controllers.
Services Provided:
- Messaging Services – delivering and routing WhatsApp messages.
- Catalog Sync – synchronizing and exposing product catalog data for browsing, ordering, and marketing.
- Order Fulfillment Support – mapping orders to catalog items and enabling inventory updates.
- Analytics & Reporting – message-flow metrics, campaign performance, and order insights.
- Data Partitioning & Client Listing – logical partitioning of each merchant's data for isolation, with an up-to-date client list available on request.
No Own-Use Processing. We never process Platform Data for our own purposes or for third parties other than the contracting merchant.
Consumer Protection Regulations. We comply with the Israeli Consumer Protection Regulations (Advertising and Marketing Directed at Minors), ensuring no marketing message encourages minors to perform prohibited acts and that all content is appropriate to their level of understanding.
2. Full Data Inventory
We process the following WhatsApp-Platform Data only under merchant instruction:
| Data Category | Examples |
|---|---|
| User Identifiers | Phone number; WhatsApp user ID; profile name |
| Message Content & Metadata | Text; media attachments; location shares; timestamps; receipt statuses |
| Commerce Catalog Data | Item IDs, titles, descriptions, prices, inventory; product images; category/tags |
| Order & Fulfillment Details | Selected product IDs/quantities; order timestamps; status updates; delivery windows |
| Analytics & Logging | Message-flow metrics; campaign performance; system logs |
| Technical Metadata | Device/browser info; IP addresses; session IDs; access tokens |
3. Purposes of Processing
All processing is performed at the merchant's direction to:
- Route & deliver messages.
- Enforce access controls (mapping sessions, roles).
- Support conversations & customer service.
- Track delivery/read receipts.
- Synchronize catalogs and enable promotions.
- Create & manage orders, and assist fulfillment.
- Aggregate dashboards for analytics, monitoring & debugging.
- Audit security and optimize performance.
4. Legal Basis for Processing
- Contractual Necessity: To perform our service agreement (message routing, catalog sync, order management).
- Legitimate Interests: Operating, securing, and improving our service (analytics, logging, performance optimization) under strict access controls.
- User Consent: For any marketing or promotional messages beyond essential service notifications, we will obtain explicit opt-in from end users.
5. Service Providers & Subprocessors
- We engage subprocessors for cloud hosting, storage, delivery, security, monitoring, analytics, email notifications, payment processing, and invoicing.
- Binding Agreements: Each signs a Data Processing Agreement to process data only on our instructions, comply with Meta's Terms, and delete or return data on request.
- Transparency: A current list of subprocessors (with purposes, contacts, and DPA links) is available upon request at ops@orderly.chat.
6. Data Retention & Deletion
We retain data only as long as necessary to deliver our services, meet legal/contractual obligations, or comply with Meta's Terms:
| Data Category | Retention Period | Deletion Triggers |
|---|---|---|
| User Identifiers | 90 days after last interaction | End of service; Merchant/Meta/end-user request |
| Message Content & Metadata | 90 days after timestamp | End of service; Merchant/Meta request; No longer needed |
| Media Attachments | 90 days after upload | Same as message content |
| Commerce Catalog Data | While account active + 30 days | Account termination; Merchant/Meta request |
| Order & Fulfillment Details | 7 years | Statutory expiry; Merchant request if law allows |
| Analytics – Raw Logs | 30 days | End of retention period; Merchant/Meta request |
| Analytics – Aggregated | 1 year | End of retention period; Merchant/Meta request |
| Technical Metadata | 30 days | End of service; Merchant/Meta request |
Retention Compliance. All retention periods align with the Registrar of Databases Guidelines No. 7122/2 for direct mail and data-retention practices.
- Deletion on Demand: Upon valid deletion requests (merchant, end user, or Meta), we delete or anonymize data as soon as reasonably possible.
7. Incident Response & Security
- Security Safeguards: Administrative, physical, and technical measures meeting industry standards to prevent unauthorized access, loss, or disclosure.
- Vulnerability Reporting: Accessible channel for reporting security issues, with prompt remediation.
- Incident Process:
- Detection & Triage within 4 hours.
- Notification to merchants and Meta within 24 hours.
- Containment & fixes within 72 hours; full post-mortem in 5 business days.
8. End-User Rights & Requests
- Submission: End users submit access, correction, or deletion requests via their merchant, who then emails ops@orderly.chat with user details and request type.
- Response SLAs:
- Acknowledge within 24 hours.
- Fulfill within 30 days (or faster if required).
- Confirm completion by email.
- Meta-Initiated Requests: Forwarded to the merchant and coordinated per Meta's timelines.
9. International Data Transfers
- Storage & Processing: Ireland (EEA).
- Support Access: Israel (ad hoc for troubleshooting).
- Safeguards: Ireland benefits from an EU adequacy decision. For any future transfers outside adequate jurisdictions, we will implement EU Standard Contractual Clauses.
10. Links to Meta Policies
- Meta Data Policy: https://www.facebook.com/policy.php
- Meta for Developers Platform Terms: https://developers.facebook.com/terms/dfc_platform_terms/
- WhatsApp Business API Terms: https://www.whatsapp.com/legal/business-api-terms
11. Contact & Updates
For privacy inquiries, subprocessors list requests, or to exercise your rights, contact:
Email: ops@orderly.chat
We will update this policy at the same URL and, where required, notify merchants and end users of material changes.
Last updated: July 1, 2025