Privacy Policy
Last updated 2026-06-22. Draft pending legal review.
1. Introduction / Who We Are
OneChat (operating as “FloPro Support”, “we”, “us”, or “our”) provides a multi-tenant customer-support platform that unifies conversations across WhatsApp, email, SMS, an embeddable web chat widget, and voice (inbound and outbound phone calls), with an AI agent and human operator takeover. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the choices and rights available to you.
OneChat is used by businesses (each a “Customer” or “tenant”) to communicate with their own end-customers and contacts. For most data flowing through the platform, we act as a data processor on behalf of our Customer, who is the data controller of their end-customers’ information. Where we determine the purposes and means of processing (for example, account administration and billing), we act as a controller.
2. Data We Collect & Process
On behalf of our Customers, OneChat processes the content and metadata of customer-support conversations. Depending on the channels a Customer enables, this may include:
- Message content across WhatsApp, email, SMS, the web chat widget, and voice.
- Contact identifiers such as phone numbers, email addresses, names, and platform profile names.
- Conversation history and thread metadata.
- Attachments and files exchanged within a conversation.
- Voice call recordings and transcripts.
- Operational metadata (timestamps, delivery status, channel identifiers).
For Customer account holders and operators, we also process account and authentication data (name, email, organization membership), billing records, and usage data needed to run and meter the service.
3. How We Use Data (Including AI Processing)
We use the data described above to deliver, maintain, secure, and improve the service — specifically to route and display conversations to the right operator, generate AI agent replies, search a Customer’s knowledge base, deliver outbound and scheduled messages, meter usage, and provide support.
AI processing. To generate agent replies and to build search embeddings, message content and relevant context may be sent to third-party AI model providers. These providers process the content to return a response or an embedding. We do not sell personal data, and we do not use end-customer conversation content to train our own foundation models.
4. WhatsApp / Meta Platform Data
WhatsApp messages are sent and received through Meta’s WhatsApp Business Platform. Data obtained from or transmitted through Meta’s platforms is handled in accordance with Meta’s Platform Terms, Developer Policies, and the WhatsApp Business Terms. We use Meta/WhatsApp platform data only to operate the messaging features the Customer has enabled, and not for any purpose prohibited by Meta’s policies. A Customer’s use of WhatsApp through OneChat is also subject to Meta’s applicable terms and requires that the Customer obtain any consent required to message its contacts.
5. Sub-processors
We engage trusted third-party providers to deliver the service. Each is bound by contractual obligations to process data only as needed to provide their service. Our current sub-processors include:
- Convex — database and file storage.
- Clerk — authentication and organization management.
- OpenRouter — large-language-model and embedding routing.
- Resend — email delivery.
- Twilio — SMS delivery.
- Google — calendar integration (optional, when enabled).
- DimePay — billing and payment processing.
- Meta — WhatsApp messaging.
- Deepgram and OpenAI — voice processing.
6. Data Retention
We retain data for the life of the Customer relationship, or as otherwise instructed by the Customer (the controller) and as required to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Deletion is available on request — see Section 7.
7. Your Rights & Data Deletion
Depending on your jurisdiction, you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Because we typically process end-customer data on behalf of a Customer, requests from an end-customer are usually directed to the relevant business; we will assist that business in fulfilling them.
You can request deletion of data associated with you at any time. To submit a request, or to check the status of a request, visit our data deletion status page or email privacy@flopro.support. Where a request comes via Meta’s platform (for example, a WhatsApp data-deletion request), we honor it through the same mechanism.
8. Security
We apply administrative, technical, and organizational measures to protect data. Credentials and secrets are encrypted at rest, access is controlled and scoped per tenant, and data is logically isolated between Customers. No method of transmission or storage is perfectly secure, but we work to protect data using industry-standard practices.
9. International Transfers
We and our sub-processors may process and store data in countries other than the one in which you reside. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers of personal data.
10. Children
OneChat is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can take appropriate action.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice.
12. Contact
Questions about this Privacy Policy or our data practices can be sent to privacy@flopro.support.