Legal

Privacy Policy

Last updated: 20 April 2025

At Daybora, your privacy is not an afterthought — it is a core part of how we build our product. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and what rights you have over it. Please read it carefully.

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Data Sharing & Third Parties
  5. WhatsApp & Meta
  6. Payment Data
  7. Data Retention
  8. Security
  9. Your Rights
  10. Cookies
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us

1. Who We Are

Daybora is a product of Twoone-tech Ltd, an international technology company. Daybora provides an AI-powered WhatsApp sales automation platform that allows merchants to automate customer conversations, product showcasing, order management, and payment collection.

For the purposes of this Policy, "Daybora," "we," "us," or "our" refers to Twoone-tech Ltd and its Daybora platform. "You" refers to any person using our website, platform, or services — whether as a merchant (business account holder) or as an end customer interacting with a merchant's AI agent via WhatsApp.

For privacy inquiries, contact us at: support@daybora.com

2. Data We Collect

2.1 Data You Provide Directly (Merchants)

  • Account information: Business name, email address, phone number, and password when you register.
  • Business profile: Business description, logo, product catalog, pricing, and FAQs you upload to train your AI agent.
  • Documents: PDFs, images, and spreadsheets you upload to the knowledge base.
  • Payment gateway credentials: API keys for Paystack, Flutterwave, Monnify, Nomba, or OPay (stored encrypted).
  • WhatsApp Business API credentials: Your WABA (WhatsApp Business Account) details needed to connect your number.
  • Support communications: Messages you send to our support team.

2.2 Data Collected Automatically

  • Usage data: Pages visited, features used, time spent, click patterns, and error logs.
  • Device data: IP address, browser type, operating system, and device identifiers.
  • Transaction data: Order records, payment statuses, and conversation logs generated through your storefront.

2.3 Data About Your Customers (End Users)

When a customer messages your AI-powered WhatsApp number, we process their:

  • WhatsApp display name and phone number
  • Conversation messages (to generate AI responses)
  • Order details and preferences

As a merchant using Daybora, you are the data controller for your customers' data, and we act as your data processor. You are responsible for ensuring your customers are aware that their conversations are handled by an AI system.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • To provide our service: Creating and managing your account, powering your AI sales agent, processing orders and payments.
  • To personalise your experience: Training your AI agent on your specific products, pricing, and business context.
  • To improve our platform: Analysing usage patterns to fix bugs, improve AI accuracy, and develop new features.
  • To send service communications: Account alerts, security notifications, product updates, and billing information.
  • To ensure security: Detecting fraudulent activity, unauthorised access, and abuse of our platform.
  • To comply with the law: Meeting legal obligations, resolving disputes, and enforcing our terms.

We do not sell your personal data. We do not use your data for third-party advertising networks.

4. Data Sharing & Third Parties

We share your data only in the following circumstances:

  • Service providers: Trusted sub-processors who help us deliver the platform (e.g. cloud hosting providers, email delivery services, analytics tools). These providers are bound by data processing agreements and may not use your data for their own purposes.
  • Payment gateways: When a payment is processed, relevant order data is shared with your chosen gateway (Paystack, Flutterwave, Monnify, Nomba, OPay). These processors operate under their own privacy policies and regulatory licences.
  • Meta / WhatsApp:Conversation data passes through Meta's WhatsApp Business API infrastructure. See Section 5 for details.
  • Legal requirements: We may disclose data when required by law, court order, or regulatory authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. WhatsApp & Meta

Daybora integrates with the WhatsApp Business API, which is operated by Meta Platforms, Inc. All messages sent and received through your AI agent pass through Meta's infrastructure and are subject to Meta's WhatsApp Privacy Policy.

Key points to understand:

  • WhatsApp Business messages are not end-to-end encrypted in the same way as personal WhatsApp messages.
  • Meta may have access to message metadata (timestamps, phone numbers) as part of API delivery.
  • Merchants must comply with WhatsApp's Business Policy and obtain proper consent before messaging customers.
  • Daybora does not send unsolicited marketing messages. All outbound messages are triggered by customer-initiated conversations unless you configure opt-in notification campaigns in accordance with WhatsApp rules.

6. Payment Data

Daybora does not store, process, or hold any payment card (credit/debit) details. All payment transactions are handled directly by your chosen licensed payment gateway (Paystack, Flutterwave, Monnify, Nomba, or OPay).

When a customer pays through a Daybora-powered storefront:

  • A payment link is generated by the gateway API.
  • The customer completes payment on the gateway's secure page.
  • The gateway routes funds directly to your registered bank account.
  • Daybora receives only a payment status notification (success/failure) — not card or bank account details.

We are your software partner, not a payment processor. We are not licensed to hold funds on your behalf and we do not.

7. Data Retention

  • Account data: Retained for the lifetime of your account plus 90 days after deletion, to allow account recovery.
  • Conversation logs: Retained for up to 12 months to support AI training and dispute resolution, unless you request earlier deletion.
  • Order records: Retained for 7 years to meet financial record-keeping obligations under Nigerian law.
  • Uploaded documents: Deleted within 30 days of account closure or upon your explicit request.
  • Usage analytics: Retained in anonymised form for up to 36 months.

8. Security

We take the security of your data seriously. Our measures include:

  • TLS/HTTPS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest (API keys, credentials)
  • Role-based access control — only authorised personnel can access merchant data
  • Regular security reviews and penetration testing
  • Incident response procedures with notification obligations

However, no system is 100% secure. You are responsible for maintaining the security of your account credentials. Please use a strong password and do not share your login details.

9. Your Rights

You have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data (subject to legal retention obligations).
  • Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to processing of your data for certain purposes.
  • Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, email us at support@daybora.com with the subject line "Data Rights Request." We will respond within 30 days.

10. Cookies

Our website and dashboard use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication and platform functionality.
  • Analytics cookies: Help us understand how the platform is used so we can improve it. We use anonymised analytics only.
  • Preference cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the authenticated merchant dashboard.

11. Children's Privacy

Daybora is a business-to-business platform intended for merchants and adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately at support@daybora.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on our website at least 14 days before the changes take effect. Your continued use of Daybora after the effective date constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

Daybora — a Twoone-tech Ltd product

📧 support@daybora.com

🌐 daybora.com

Read our Terms of Service →