Tobachat, part of Ciro Byte Solutions (Dutch Chamber of Commerce no. 81089058), helps businesses communicate with their customers via WhatsApp. In doing so we process personal data, carefully and in accordance with the GDPR. Below we explain what data we process, why, and what rights you have.
1. Our role
It's useful to distinguish between two situations:
- For you as a customer we are the controller for your account data — think of your name, billing details, login and contract.
- For the messages and contacts of your customers we are the processor. You decide what happens with that data; we only process it on your instructions through our software. On request we sign a data processing agreement (DPA) for this.
Did you receive a WhatsApp message via Tobachat? Then we are not the sender — one of our customers is. For questions about that message, please contact that business directly.
2. What data do we process?
- From you as a customer: contact details (name, email, phone number, company name), billing details and technical data such as logs and IP address.
- From your customers (as processor): the content of WhatsApp messages, phone numbers and profile names, and metadata such as timestamps and delivery status.
3. What do we use it for?
- To give you access to the dashboard and to deliver messages via WhatsApp.
- For invoicing and our administration (a legal obligation).
- To prevent abuse and improve the platform.
- To enable the technical connection with Meta.
We do not make automated decisions that have a significant impact on you.
4. Who do we share data with?
Only with parties needed to deliver the service, and with proper agreements in place:
- Meta / WhatsApp Ireland Ltd. — for delivering messages via the WhatsApp network.
- Supabase — for secure data storage and login (EU region).
We never sell your data. We are sometimes legally required to share data with a competent authority — for example the police, the public prosecutor or the Dutch Tax Authority — when a valid and legally binding request obliges us to do so. You can read how we handle this in our legal requests policy.
5. Data outside the EU
Using WhatsApp may involve data being transferred to Meta's global infrastructure. That transfer takes place with appropriate safeguards as required by the GDPR. By using Tobachat you accept this as part of the WhatsApp service.
6. How long do we keep data?
- Account data: for as long as you are a customer, plus seven years for tax purposes.
- Chat history: for as long as you keep it in your dashboard — you can always delete messages yourself. After the contract ends we delete it within a reasonable period.
7. Security
We take appropriate technical and organizational measures to protect your data against misuse and unauthorized access, including encryption and access management. No method of transmission or storage is completely secure, but we continuously improve our security.
8. Your rights
You have the right to access, correct, delete, restrict and transfer your data. Email your request to [email protected] or use the data deletion page. Not satisfied with how we handle this? You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Cookies
We only use functional and strictly necessary cookies. No tracking, no advertising networks.