Privacy Policy

Overview

ATVA provides storefront, ecommerce checkout, admin, customer account, notification, and WhatsApp Business chatbot tools for companies that use the platform. This policy explains what information ATVA processes, how it is used, and how people can request access, correction, or deletion of their information.

Information We Collect

• Customer contact details, including name, email address, phone number, delivery address, and order notes
• Order and cart details, including selected products, quantities, prices, delivery options, payment option labels, and order status
• Customer account details, including authentication identifiers, email verification state, wishlist, and order history
• Staff account details, including name, email address, role, permissions, invitation status, and admin activity needed to operate the platform
• WhatsApp chatbot data, including phone number, inbound message text, selected company key, cart state, checkout answers, staff link state, message identifiers, and delivery status logs
• Technical data, including IP address, browser or device information, request metadata, logs, security events, and cookies or local storage used for sessions and preferences

How We Use Information

• Provide storefront browsing, product search, cart, checkout, order creation, and customer account features
• Operate WhatsApp Business chatbot conversations for catalog browsing, checkout assistance, staff authentication, admin reads, and permitted admin actions
• Authenticate customers and staff, enforce role-based permissions, prevent unauthorized access, and protect tenant data
• Send operational messages, order updates, staff invitations, verification emails, and admin notifications
• Maintain security, troubleshoot failures, deduplicate webhook deliveries, detect misuse, and improve platform reliability
• Comply with legal, tax, accounting, security, and platform obligations

WhatsApp Business Messaging

When a person messages a connected business through WhatsApp, ATVA receives webhook events from Meta and processes the message so the chatbot can answer, show catalog options, build a cart, collect checkout details, or authenticate authorized staff. ATVA does not use WhatsApp messages for advertising. Staff secret codes are stored as hashes, and admin actions require permission checks before data is read or changed.

Sharing and Service Providers

ATVA shares information only when needed to provide the service, operate infrastructure, process communications, comply with law, or protect rights and security. Service providers may include Firebase and Google Cloud for hosting, authentication, database, logs, and backend services; Meta and WhatsApp Business Platform for WhatsApp messaging; email providers for transactional email; and payment or delivery tools configured by each business. ATVA does not sell personal information.

Data Retention

ATVA keeps personal information only as long as needed for the purposes described in this policy, including order fulfillment, account access, audit trails, security, legal obligations, dispute resolution, and platform operations. WhatsApp sessions, message receipts, staff links, carts, orders, and logs may be retained for operational and security purposes unless deletion is requested and no legal or legitimate operational reason requires retention.

Security

ATVA uses access controls, role-based permissions, hashed staff WhatsApp secret codes, webhook signature validation, tenant scoping, HTTPS, and operational logging to protect information. No online system can be guaranteed to be completely secure, but ATVA designs the platform to limit access to authorized users and authorized business contexts.

Your Choices and Rights

Depending on location, people may have rights to request access, correction, deletion, restriction, portability, or objection to certain processing. Customers can contact the business they purchased from or contact ATVA directly. Staff can contact their company owner or ATVA for account and permission questions.

International Processing

ATVA and its service providers may process information in countries where infrastructure, support, or business operations are located. When required, ATVA relies on appropriate legal and contractual safeguards for cross-border processing.

Children

ATVA is not intended for children under 13, and the platform does not knowingly collect personal information from children. If a child provided information through a storefront or WhatsApp conversation, contact ATVA so it can be reviewed and deleted where appropriate.

Changes to This Policy

ATVA may update this policy when the platform, legal requirements, or service providers change. The effective date above shows when this version became active.