Privacy Policy

Last updated: March 2026

1. Introduction

TNT The Next Tech Ltd, trading as ChatDaddy ("we", "us", "our"), operates the websites chatdaddy.tech and app.chatdaddy.tech, along with related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, phone number, company name, and billing details when you register or subscribe.
• Communication data: messages, files, and media you send or receive through the Service, including WhatsApp Business API messages.
• Support requests: information you provide when contacting our support team.
• Payment information: credit card details and billing addresses processed through our third-party payment processors.

2.2 Information Collected Automatically

• Usage data: pages visited, features used, actions taken, timestamps, and session duration.
• Device data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Log data: server logs, error reports, and API call metadata.
• Cookies and similar technologies: as described in Section 8 below.

2.3 Information from Third Parties

• WhatsApp / Meta: data provided via the WhatsApp Business API in connection with your account.
• OAuth providers: profile information from Google, Microsoft, or other identity providers you use to sign in.
• Analytics providers: aggregated usage and performance data.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service.
• Process transactions and send related billing information.
• Send transactional notifications (e.g., account confirmations, technical notices, security alerts).
• Respond to your support requests and inquiries.
• Monitor usage patterns and analyse trends to improve user experience.
• Detect, investigate, and prevent fraudulent or unauthorised activity.
• Comply with legal obligations and enforce our terms.
• Send marketing communications where you have opted in (you may opt out at any time).

4. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation ("GDPR") applies, we rely on the following legal bases:

Purpose	Legal Basis
Providing the Service and fulfilling our contract with you	Performance of a contract (Art. 6(1)(b))
Processing payments	Performance of a contract (Art. 6(1)(b))
Marketing communications	Consent (Art. 6(1)(a))
Analytics and service improvement	Legitimate interests (Art. 6(1)(f))
Legal compliance	Legal obligation (Art. 6(1)(c))
Security and fraud prevention	Legitimate interests (Art. 6(1)(f))

5. Data Storage and Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Access controls, multi-factor authentication, and role-based permissions for internal systems.
• Regular security assessments and penetration testing.
• Secure cloud infrastructure hosted by reputable providers with SOC 2 and ISO 27001 certifications.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected:

• Account data: retained for the duration of your account and up to 30 days after deletion, unless longer retention is required by law.
• Message data: retained in accordance with your workspace settings and applicable WhatsApp Business API policies.
• Billing records: retained for up to 7 years to comply with tax and accounting obligations.
• Log and analytics data: retained for up to 12 months.

7. Third-Party Services

We share personal data with the following categories of third parties, only to the extent necessary:

• Cloud infrastructure providers (e.g., AWS, Google Cloud) for hosting and data storage.
• Payment processors (e.g., Stripe) for transaction processing.
• Analytics services (e.g., Google Analytics, Mixpanel) for usage analysis.
• Communication APIs (e.g., Meta / WhatsApp Business API) for messaging functionality.
• Customer support tools for managing support requests.
• Legal and regulatory authorities when required by law.

We require all third-party service providers to process personal data in accordance with applicable data protection laws and our instructions.

8. Cookies and Tracking

We use the following types of cookies:

• Strictly necessary cookies: required for the Service to function (e.g., session management, authentication).
• Performance cookies: help us understand how visitors interact with the Service.
• Functional cookies: remember your preferences and settings.
• Marketing cookies: used to deliver relevant advertisements (only with your consent).

You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect Service functionality.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data ("right to be forgotten").
• Restriction: request restriction of processing in certain circumstances.
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time.
• Lodge a complaint: file a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@chatdaddy.tech. We will respond within 30 days.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognised transfer mechanisms.

11. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

TNT The Next Tech Ltd (trading as ChatDaddy)
Email: support@chatdaddy.tech
Website: chatdaddy.tech