Privacy Policy
Effective Date: 1 June 2026
Last Updated: 1 June 2026
This Privacy Policy explains how Koniwa, a company incorporated in Singapore with UEN T20LL0650F and registered office at 60 PAYA LEBAR ROAD #07-54, PAYA LEBAR SQUARE SINGAPORE 409051 ("Company", "we", "us" or "our"), collects, uses, discloses, stores and protects personal data when you use our website, web application, software, WhatsApp Business integrations, Google integrations, AI features, and related services collectively, the "Services".
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
1. Scope
This Privacy Policy applies to personal data that we collect through:
- our website at https://www.koniwa.com;
- our web application and software services;
- customer support, sales, onboarding, and business communications;
- authorised integrations with third-party platforms, including WhatsApp Business through Meta and Google Calendar; and
- any other interaction you have with us.
This Privacy Policy does not apply to third-party websites, platforms, or services that we do not own or control.
2. Personal Data We Collect
Depending on how you use the Services, we may collect the following categories of personal data.
2.1 Account and Contact Data
This may include:
- name;
- email address;
- profile image;
- timezone;
- account login and authentication details;
- organisation name, role, membership, invitation, and permission information;
- user schedule and availability settings;
- support messages and communications with us.
2.2 Technical and Usage Data
This may include:
- IP address;
- browser type;
- device type;
- operating system;
- device identifiers;
- pages or features accessed;
- time and date of access;
- session data;
- cookie identifiers;
- logs, diagnostics, error details, and performance data.
2.3 Business Profile and Workspace Data
When you configure an organisation or workspace, we may collect and store data such as:
- business name, website, industry, and description;
- locations, addresses, business hours, phone numbers, and email addresses;
- products, services, offerings, event types, and appointment settings;
- FAQs, objections, guardrails, internal knowledge notes, sales documents, and AI agent instructions;
- message templates and channel configuration settings.
Some of this data may include personal data if you or your organisation include it in the content you submit.
2.4 Customer, Prospect, and Conversation Data
When you use the Services to manage conversations, inquiries, or appointments, we may collect and process data about your customers, prospects, or other contacts, including:
- display name, first name, last name, email address, phone number, country, city, and timezone;
- channel identifiers, provider contact IDs, provider handles, and conversation IDs;
- inbound and outbound message content, captions, attachments, delivery/read/failure status, timestamps, and related metadata;
- inquiry status, qualification values, evidence text, selected offerings, disqualification reasons, and lost reasons.
2.5 WhatsApp Business, Facebook Messenger, and Meta Data
Where you connect WhatsApp Business or Facebook Messenger through Meta, we may collect and process data made available to us by Meta, by you, or through Meta webhooks. Depending on the permissions you grant and the features you use, this may include:
- WhatsApp Business Account ID;
- Meta business ID;
- WhatsApp phone number ID;
- Facebook Page ID, Page name, Page username, Page category, and Page access status;
- display phone number and verified business name;
- access tokens or authorisation tokens, stored in encrypted form where retained;
- webhook subscription status and diagnostics;
- WhatsApp contact identifiers, profile names, phone numbers, message IDs, message content, media IDs, captions, filenames, MIME types, checksums, delivery/read status, and related webhook metadata;
- Facebook Messenger sender identifiers, Page-scoped user IDs, postbacks, message IDs, message content, attachment URLs, media metadata, delivery status, and related webhook metadata;
- WhatsApp message template names, bodies, components, provider template IDs, provider status, quality score category, rejected reason, and related publication metadata.
We do not use Meta Platform Data for unauthorised advertising, profiling, surveillance, discrimination, or purposes that are inconsistent with the permissions granted by you, Meta's platform terms, or this Privacy Policy.
2.6 Google Account and Calendar Data
If you sign in with Google or connect Google Calendar, we may collect and process:
- Google account ID;
- name, email address, and profile information made available through Google OAuth;
- OAuth access tokens, refresh tokens, ID tokens, scopes, token expiry, and connection status;
- calendar IDs, sync tokens, webhook channel IDs, resource IDs, event IDs, event URLs, etags, update timestamps, and related sync metadata;
- free/busy information and calendar event data needed to check availability, create, update, cancel, or sync appointments.
Google Drive and Gmail integrations may appear in the product interface as unavailable or disabled features. We do not process Gmail or Google Drive data unless those integrations are enabled and authorised.
2.7 Appointment Data
When you or your organisation use appointment features, we may collect:
- appointment title, description, start time, end time, meeting link, status, RSVP status, cancellation reason, and reschedule reason;
- host, customer, offering, event type, and related sync information;
- appointment reminders and operational message metadata.
2.8 Uploaded Files, Media, and Imported Documents
If you upload or import files, we may collect and store:
- file name, content type, file size, checksum, storage key, source, and storage status;
- images, videos, audio files, documents, PDFs, DOCX files, XLSX files, PPTX files, and other supported media;
- text extracted from imported documents and converted into markdown for search, knowledge, and AI features.
2.9 AI Processing Data
When you use AI features, we may process relevant business profile data, uploaded documents, website content, knowledge notes, conversation history, message content, captions, inquiry data, and appointment context to generate onboarding content, draft replies, test agents, classify or enrich contact information, search knowledge, and create embeddings.
AI inputs and outputs may be transmitted to AI infrastructure and model providers used by us, including AI gateway and embedding services, only as needed to provide and improve the requested feature.
3. How We Collect Personal Data
We may collect personal data:
- directly from you when you create an account, contact us, submit a form, upload a file, configure a workspace, or use the Services;
- automatically through cookies, logs, authentication systems, and similar technologies;
- from your organisation, if your organisation creates, pays for, manages, or invites you to an account;
- from authorised third-party integrations, including Meta APIs, WhatsApp Business webhooks, Google OAuth, Google Calendar APIs, and Google Maps or Places features;
- from customer, prospect, or lead communications sent to channels connected to the Services;
- from service providers, partners, public websites, or publicly available sources where permitted by law.
4. How We Use Personal Data
We may collect, use, and disclose personal data for the following purposes:
- to provide, operate, maintain, and improve the Services;
- to create and manage user accounts, organisations, memberships, invitations, and permissions;
- to authenticate users through magic links, Google sign-in, and session management;
- to connect, configure, operate, monitor, and disconnect authorised WhatsApp Business, Facebook Messenger, and Google Calendar integrations;
- to receive, store, display, manage, respond to, and transmit messages and media through connected channels;
- to manage contacts, conversations, inquiries, qualification data, appointments, reminders, and customer workflows;
- to import, store, extract, index, search, and share uploaded files and documents;
- to generate AI-assisted onboarding outputs, agent replies, knowledge search results, embeddings, summaries, classifications, and contact enrichment;
- to provide customer support and respond to enquiries;
- to send service-related notices, security alerts, invitations, magic links, account messages, and administrative messages;
- to monitor service performance, troubleshoot issues, and prevent fraud, abuse, security incidents, or unauthorised access;
- to analyse usage and improve product functionality;
- to comply with legal, regulatory, tax, accounting, audit, and contractual obligations;
- to enforce our terms and protect our rights, users, systems, and business;
- to send marketing communications where permitted by law or with your consent.
5. Consent and Legal Basis
Where required under Singapore's Personal Data Protection Act 2012 and other applicable laws, we collect, use, and disclose personal data with your consent, deemed consent, or another lawful basis permitted by applicable law.
You may withdraw consent by contacting us using the details in Section 16. Withdrawal of consent may affect our ability to provide some or all of the Services to you, including connected integrations, messaging, appointment sync, and AI features.
6. How We Share Personal Data
We may disclose personal data to:
- hosting, cloud infrastructure, database, storage, queue, email, security, logging, analytics, communications, customer support, and other service providers;
- AI gateway, model, and embedding service providers where needed to provide AI-assisted features;
- Meta, where necessary to operate authorised WhatsApp Business or Facebook Messenger integrations, exchange signup or login codes, manage webhook subscriptions, send messages, download inbound media, sync templates, or comply with Meta platform requirements;
- Google, where necessary to authenticate users, operate authorised Google Calendar integrations, use Google Maps or Places features, or comply with Google platform requirements;
- your organisation and authorised organisation administrators, if your account is created, paid for, invited by, or managed by that organisation;
- recipients and channel participants where needed to send messages, appointments, media, or service communications;
- professional advisers such as lawyers, auditors, insurers, and accountants;
- regulators, law enforcement agencies, courts, public authorities, or other parties where required or permitted by law;
- counterparties in a merger, acquisition, financing, restructuring, asset sale, or similar corporate transaction.
We do not sell personal data. We do not disclose Meta Platform Data to data brokers or use it for unauthorised advertising, profiling, surveillance, or discriminatory purposes.
7. International Transfers
We are based in Singapore, but our service providers, infrastructure, partners, integration providers, AI providers, and users may be located in other countries. Where personal data is transferred outside Singapore, we will take steps required by applicable law to ensure that the transferred personal data receives a standard of protection comparable to that under Singapore law.
8. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
For WhatsApp Business and other Meta Platform Data, we retain the data only for as long as necessary to provide the authorised feature, maintain the integration, comply with legal obligations, resolve disputes, enforce agreements, or meet Meta platform requirements.
For Google Calendar data, we retain provider account and sync data only for as long as necessary to maintain the authorised integration, sync appointments, comply with legal obligations, resolve disputes, or enforce agreements.
When personal data is no longer required, we will delete, anonymise, or securely dispose of it in accordance with our internal data retention practices.
9. Security
We use reasonable administrative, technical, and organisational measures to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.
These measures may include access controls, encryption, secure authentication, token encryption, webhook signature verification, logging, monitoring, vulnerability management, internal policies, and staff access restrictions.
No method of transmission or storage is completely secure. We cannot guarantee absolute security of personal data.
10. Cookies and Similar Technologies
We may use cookies, SDKs, local storage, logs, and similar technologies to:
- keep you signed in;
- remember preferences;
- operate and secure the Services;
- support authorised third-party signup and integration flows;
- measure performance;
- understand usage patterns;
- improve the Services.
For example, we use authentication cookies for sessions, preference cookies for interface state, the Facebook SDK for WhatsApp Embedded Signup, and Google Maps or Places scripts for address autocomplete where configured.
You may control cookies through your browser settings. Some features may not work properly if cookies are disabled.
11. Access, Correction, Withdrawal, and Deletion Requests
You may contact us to:
- request access to personal data we hold about you;
- request correction of inaccurate or incomplete personal data;
- withdraw consent for our use or disclosure of your personal data;
- request deletion of your personal data, subject to legal, contractual, operational, security, and technical limitations.
We may need to verify your identity before processing a request. We will respond to requests as soon as reasonably practicable and in accordance with applicable law.
12. Meta User Data Deletion Instructions
You may request deletion of data received through Meta, WhatsApp Business, or Facebook Messenger integrations by contacting us at:
Email: privacy@koniwa.com
Subject: Meta App Data Deletion Request
Please include:
- your name;
- the email address linked to your account;
- the organisation or workspace connected to the integration;
- the WhatsApp Business Account, Facebook Page, Meta business account, or WhatsApp phone number connected to our Services, where applicable;
- a short description of the data you want deleted.
After receiving your request, we will verify your identity and process the deletion request where required by applicable law and Meta platform requirements. We may retain limited information where necessary for legal, security, fraud-prevention, dispute-resolution, accounting, or compliance purposes.
You may also remove our app or integration from your Meta account through your Facebook or Meta account settings under Apps and Websites, Business Integrations, WhatsApp Manager, or equivalent settings made available by Meta. Removing the app may stop future access, but you should still contact us if you want us to delete data already stored in our systems.
13. Marketing Communications
Where permitted by law, we may send you marketing communications about our products, services, events, or updates. You may opt out by using the unsubscribe link in the communication or contacting us.
Where Singapore Do Not Call requirements apply, we will comply with applicable obligations before sending regulated marketing messages to Singapore telephone numbers.
14. Children's Privacy
Our Services are not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data without appropriate consent, we will take reasonable steps to delete it.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last Updated" date. Where required by law, we will notify you of material changes.
16. Contact Us
For questions, requests, or complaints about this Privacy Policy or our handling of personal data, please contact:
Data Protection Officer
Koniwa
Address: 60 PAYA LEBAR ROAD #07-54, PAYA LEBAR SQUARE SINGAPORE (409051)
Email: privacy@koniwa.com