Privacy & Cookie Policy

Effective: June 17, 2026 · Last updated: June 17, 2026

This Privacy and Cookie Policy explains how Connectoo collects, uses, stores, and protects information when you use our platform, website, or mobile app. We have written this in plain language. If you have questions, email [email protected] — we are happy to help.

Our Privacy Commitments

  • We never sell your personal data or your customers' data to anyone.
  • We do not use your WhatsApp messages, call recordings, SMS, or CRM content to train AI or machine learning models.
  • We collect only what we need and use it only for the purposes described here.
  • We give you meaningful control over your data, including the ability to export or delete it.

1. Who We Are & Scope of This Policy

Connectoo operates the communication platform available at connectoo.ai and through our mobile application. In this Policy, "we," "us," and "our" refer to Connectoo. "You" refers to anyone who visits our website or uses our Service, whether as an account holder, a team member using a Connectoo account, or simply a visitor browsing our site.

This Policy covers personal information we collect about you in your capacity as a Connectoo user or prospective customer. It does not cover what Connectoo customers do with their own end-customers' data using our platform — that is addressed in our Terms of Service and any applicable Data Processing Agreement we sign with business customers.

This Policy does not extend to third-party websites or services that our platform links to. We recommend reading the privacy policies of any third-party service you connect or navigate to.

2. Key Terms

TermWhat it means in this Policy
"Personal data"Any information that identifies or could identify a living person, either on its own or when combined with other data we hold.
"Processing"Anything we do with personal data — collecting, storing, using, sharing, deleting, and so on.
"Controller"The party that decides why and how personal data is processed. For data about you as our customer, we are the Controller.
"Processor"A party that processes data on behalf of a Controller. When you use Connectoo to manage your customers' data, we act as your Processor for that data.
"GDPR"The EU General Data Protection Regulation (2016/679) and its UK equivalent, which set out rights and obligations for personal data processing in Europe.
"Service"The Connectoo platform, including the website, mobile app, and all features.
"Your Data"Content, contacts, messages, and other information you input into the Service, as distinguished from information about you as a user.

3. What We Collect

Information you give us directly

When you sign up, subscribe, or contact us, you share information like your name, work email address, phone number, company name, and billing details. We also collect any information you choose to include when you contact our support team or respond to our surveys.

Information generated by your use of the platform

When you use Connectoo, we collect data about how you interact with the platform — which features you use, when you log in, device type, browser, operating system, and your IP address. We use this to operate and improve the Service, and to detect issues.

WhatsApp and messaging data

When you connect a WhatsApp Business account, we receive and store WhatsApp messages, contact details, media files, and conversation metadata through Meta's official WhatsApp Business API. This is the data that powers your shared inbox.

VoIP call data

When you place or receive business calls through Connectoo — in your web browser or our mobile app — we generate and store call metadata: the phone numbers involved, call direction, duration, timestamp, and outcome. Calls are made over the internet (VoIP), so this metadata comes from calls handled inside the platform. We do not read, sync, or upload your phone’s native SIM call log. Placing and receiving calls requires microphone access in the browser or app.

SMS data

SMS is sent and received through your Connectoo VoIP numbers inside the platform and mobile app. We store those SMS threads so they appear on the customer’s timeline alongside calls and WhatsApp. We do not read, sync, or track SMS from your personal phone.

Device contacts (mobile app)

If you grant the mobile app permission to access your device contacts, we use it only so you can start a call or message a contact from within the app. We do not continuously sync or upload your entire address book.

Push notifications

With your permission, the mobile app sends push notifications — for example, for an incoming call or a new message. You can turn notifications off in your device settings at any time.

Information from third-party sign-in

If you register using Google or another identity provider, we receive basic profile data — typically your name, email address, and profile picture — from that provider, consistent with the permissions you grant at sign-in.

Verification documents

In some circumstances (for example, to verify your WhatsApp Business account, activate a regulated phone number, or comply with a regulatory requirement), we may request supporting documents. We handle these with strict access controls and use them only for the stated purpose.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide the Service: operating your account, delivering the features you subscribe to, handling your VoIP calls and SMS, syncing your WhatsApp conversations, running your configured automation workflows, and processing your payments.
  • To communicate with you: sending account notifications, security alerts, billing receipts, and responses to support enquiries. If you have opted in (or where permitted by law), we may also send product updates and marketing communications — you can opt out any time.
  • To improve the platform: analyzing how features are used helps us prioritize improvements and fix problems. This analysis is done at an aggregate level and does not involve reading the content of your conversations.
  • To keep the platform secure: detecting and preventing fraud, abuse, unauthorized access, and other harmful activity.
  • To meet legal obligations: responding to lawful requests from regulatory authorities and meeting our compliance responsibilities under applicable law.

We do not use the content of your WhatsApp messages, call recordings, SMS, or CRM data to train machine learning models or for any purpose unrelated to operating your account.

6. WhatsApp Data

How we access it

We connect to WhatsApp exclusively through the official WhatsApp Business API provided by Meta Platforms, Inc. We do not use unofficial or third-party WhatsApp access methods.

What we store

We store WhatsApp messages, media files, contact information, and conversation metadata on our servers to power your shared inbox and CRM features. This data is accessible only to team members you have authorized within your Connectoo account.

How long we keep it

We keep WhatsApp data for as long as your account is active. When your account closes, it is deleted within 30 days unless you have configured a longer retention period under your plan (where available) or unless we are legally required to keep it for longer.

Deletion requests

You can request deletion of your WhatsApp data at any time by emailing [email protected]. We will process the request within 30 days.

Meta's terms

Your use of WhatsApp through Connectoo also means Meta's WhatsApp Business Terms and Privacy Policy apply to that data. We comply with Meta's data handling requirements for Business API partners.

7. Call Data & Recordings

Call metadata

When you make or receive calls through Connectoo, we store metadata about each call — the numbers involved, direction, duration, timestamp, and outcome — to populate your CRM and communication timeline. Because Connectoo handles calls over VoIP, this metadata comes from calls placed through the platform, not from reading your device’s SIM call log.

Call recording — opt-in only

Call recording is turned off by default. It is available on paid plans and must be enabled by an account administrator. Once enabled, Connectoo records the VoIP call audio and stores it on our servers in encrypted form.

Your legal responsibility for recording

Laws on call recording differ by country and, in many places, by state or province. Some require only one party to the call to consent; others require all parties. It is entirely your responsibility to understand and follow the recording laws that apply wherever you and your call participants are located. Connectoo provides pre-call announcement tools to help — but these are tools, not legal guarantees.

Security of recordings

Recordings are encrypted in transit and at rest. Only account users you designate can access them. We provide configurable auto-deletion policies so recordings are not kept longer than your organization needs.

No AI training

We do not use recording content to train machine learning systems or for any purpose beyond those described here.

8. When We Share Your Data

We do not sell your personal data. The situations in which we share information are:

Service providers we work with

We use third-party companies to help us run Connectoo — for things like cloud hosting, telephony/SMS carriers, payment processing, email delivery, and customer support tooling. These companies can only use your data to perform services for us, and they are contractually required to keep it secure and confidential.

Integrations you connect

When you connect an external CRM, analytics tool, or other third-party application to Connectoo, you are directing us to share relevant data with that platform. You control which integrations are active.

Legal requirements

We may be required to disclose personal data in response to a valid court order, subpoena, regulatory investigation, or other legal process. Where permitted by law, we will notify you before complying with such a request.

Business changes

If Connectoo is acquired, merges with another company, or sells a significant part of its assets, your information may transfer to the acquiring entity. We will give you advance notice of any such change that affects how your data is handled.

Group companies

We may share data with other entities within the Connectoo corporate group where needed to operate the Service, under the same data protection standards.

Aggregated, non-identifiable data

We may share aggregate usage statistics — numbers and trends that cannot identify any individual — with partners, investors, or publicly, to discuss platform performance.

9. International Data Transfers

Our infrastructure is hosted in India and the United States. Some of the third-party service providers we work with are located in other countries. If you are in the European Economic Area (EEA) or United Kingdom, this means your personal data may be transferred outside of those regions.

Whenever we transfer EEA or UK personal data internationally, we ensure a lawful transfer mechanism is in place — typically the Standard Contractual Clauses approved by the European Commission, or another mechanism recognized under applicable law. The Appendix at the end of this Policy describes the technical details of our data transfer arrangements in more detail.

10. How Long We Keep Your Data

We keep your personal data for as long as your account is open or as long as we need it to provide the Service. When we no longer need it, we delete or anonymize it. Specific retention periods that apply in different scenarios:

  • Active accounts: account, usage, and communication data is retained while your subscription is active.
  • After account closure: we retain your data for 30 days to allow you to export it, then delete it from active systems. Some records (such as billing history) may be retained longer where required by financial regulations.
  • Call recordings: retained for the duration you set in your account settings. Accounts without a custom retention setting default to platform-level limits.
  • Legal holds: if we are involved in litigation or a regulatory investigation that requires us to preserve data, we will retain relevant information until the matter is resolved.

11. How We Protect Your Data

We use a layered approach to security that includes:

  • Encryption of all data in transit using TLS (version 1.2 or higher);
  • Encryption of stored data, including call recordings, using AES-256;
  • Role-based access controls so that only authorized personnel can access data;
  • Detailed audit logs of access and changes to sensitive data;
  • Periodic internal security reviews and third-party penetration testing;
  • Automated backup procedures and tested disaster recovery plans.

No security system is infallible. While we do everything reasonable to protect your data, we cannot promise that an unauthorized third party will never circumvent our measures. If you notice something suspicious related to your account, please tell us immediately.

If a confirmed data breach occurs that is likely to affect your rights or freedoms, we will notify you in line with our obligations under applicable law — without unnecessary delay.

12. Your Rights Over Your Data

Depending on where you are located, you may have some or all of the following rights. To exercise any of them, email us at [email protected]. We will respond within 30 days (or the timeframe required by your local law).

Access

Ask us what personal data we hold about you and get a copy of it.

Correction

Ask us to fix any personal data we hold that is inaccurate or incomplete.

Deletion

Ask us to erase your personal data. We will do so unless we have a legal obligation to keep some or all of it.

Portability

Ask for your data in a portable, machine-readable format so you can move it to another provider.

Objection

Object to us processing your data for direct marketing or where our legal basis is legitimate interests.

Restriction

Ask us to pause processing of your data in certain circumstances, for example while we investigate a dispute.

Withdraw consent

Where processing is based on consent, you can withdraw it at any time. This does not undo processing that already happened.

Lodge a complaint

If you are unsatisfied with how we handle your data, you have the right to file a complaint with your local data protection authority.

When you exercise these rights, we may need to verify your identity. We will never charge a fee for a straightforward access request, but we may charge a reasonable fee for requests that are manifestly unfounded or excessive.

13. Children

Connectoo is a business communication tool designed for adults. We do not knowingly collect personal data from anyone under 18. If you believe a child has created a Connectoo account or submitted personal data through our platform, please contact us at [email protected] and we will delete it promptly.

14. Email & Social Media Connections

You may choose to connect an email inbox or social media account to your Connectoo account to bring communications into a unified view. When you do:

  • We access only the data needed to deliver the feature you have enabled;
  • We do not store full email bodies or attachments unless a specific feature you activate requires it;
  • We request the minimum permissions necessary (typically read-only access);
  • You can disconnect any integration at any time from your account settings, after which we will stop accessing that account and delete any data stored from it within 30 days.

Social login widgets (such as "Sign in with Google") are governed by the privacy practices of the relevant provider. We encourage you to review their privacy settings.

15. Cookies & Tracking Technologies

We use cookies and similar technologies (like local storage and pixel tags) to help the Service function, understand how it is being used, and occasionally deliver relevant communications.

TypeWhat it doesCan you disable it?
EssentialRequired for logging in, navigating the platform, and keeping your session active. Without these, the Service does not work.No — these are necessary for basic functionality.
AnalyticsHelp us understand which pages and features are used most and how people move through the platform. Data is aggregated and does not identify individuals (we use tools like Google Analytics).Yes — through your browser settings or our cookie banner.
PreferenceRemember your settings (such as language or notification preferences) so you do not have to reset them each session.Yes — though disabling these may reduce convenience.
MarketingUsed on our marketing website (not inside the product) to understand the effectiveness of our advertising campaigns.Yes — via our cookie preferences tool or browser settings.

You can manage cookies through your browser settings at any time.

16. End Users & Third-Party Data

If you are a person whose information appears in a Connectoo customer's account (for example, a contact in someone else's CRM), the Connectoo customer — not us — is the controller of your personal data in that context. Your privacy rights should be directed to that customer.

Connectoo acts as a processor of that data, following the instructions of our customer. We do not have an independent relationship with end users of our customers’ systems and are not responsible for how those customers collect or use personal data.

17. Policy Updates

We may update this Policy from time to time as our product evolves, our business changes, or the law requires. When we make a material change, we will post the updated Policy on this page, update the "Last updated" date at the top, and send you an email notification at least 10 days before the changes take effect.

If you continue using the Service after a change takes effect, that means you accept the updated Policy. If you do not agree, you may stop using the Service and request account deletion.

18. Contact & Complaints

If you have a question about this Policy, want to exercise a data right, or have a concern about how we handle your data, please reach out:

Get in touch

Email: [email protected]

Website: connectoo.ai/contact

We aim to respond to all enquiries within 5 business days and to complete data rights requests within 30 days.

If you are in the EEA or UK and feel we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.

Appendix — International Data Transfer Details (GDPR)

This section describes the data transfer arrangement for EEA and UK customers, forming part of the Standard Contractual Clauses referenced in Section 9. For these purposes, Connectoo is the data importer and the customer is the data exporter.

Who is affected

Connectoo customers (account holders and their team members) and, where relevant, the end-users of those customers' Connectoo accounts.

Why the data is transferred

To deliver the Connectoo communication and CRM platform services that the customer has subscribed to, including hosting, processing, and displaying communication data.

What categories of data are transferred

Subscription & account data — names, contact details, billing information, and identity verification records for authorized account users.

Usage & communication data — information generated through the use of the platform, including telephone numbers, message metadata, call metadata (date, time, duration, direction), and logs used to operate the Service and prevent abuse. This category does not include the content of WhatsApp messages or call recordings for the purpose of this appendix; that content is governed by the service agreement and Data Processing Agreement signed with each business customer.

Who receives the data

Connectoo employees and contractors with a legitimate operational need; sub-processors engaged by Connectoo to provide infrastructure, telephony, payment, or support services (all bound by appropriate data processing agreements); and regulators or law enforcement where legally required.

Sensitive categories

We do not intentionally process special categories of sensitive personal data (such as health, biometric, or financial data) as part of standard Service delivery.

Data protection contact

For data protection matters: [email protected]