Privacy Policy

Safravo Inc. (“Safravo,” “we,” “us,” or “our”) operates theSafravocustomer communication platform. This Privacy Policy describes how we collect, use, disclose, and protect information about individuals who visit our website, create an account, or use our services (collectively, the “Service”).

This policy applies to:

• Visitors to safravo.com and related websites
• Customers and their authorized users who access our platform
• End users who interact with our customers through messaging channels
• Prospective customers who contact our sales or support teams

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

Safravo Inc. is the data controller for personal data we collect about website visitors, account holders, and prospective customers. For personal data processed on behalf of our customers (i.e., end-user conversation data), Safravo acts as a data processor, and the customer is the data controller.

Our registered address and contact information are listed in Section 15. We have designated a Data Protection Officer (DPO) who can be reached at dpo@safravo.com.

3.1 Account & Registration Data

When you create an account, we collect:

• Name, work email address, and phone number
• Company name, size, and industry
• Billing information (processed securely by our payment provider; we do not store card numbers)
• Account credentials (passwords stored in hashed form)

3.2 Usage & Platform Data

As you use the Service, we automatically collect:

• Log data: IP address, browser type, pages visited, timestamps
• Device information: device type, operating system, screen resolution
• Feature usage: which tools, workflows, and integrations you use
• Performance data: load times, errors, and crashes

3.3 Customer Data (Processor Role)

When our customers use the Service, they may upload or generate Customer Data, which may include personal data about their end users (e.g., names, phone numbers, email addresses, and conversation content). We process this data solely on behalf of and under the instructions of our customers.

3.4 Communications Data

If you contact us for support, sales, or via forms, we collect your name, email, and any information you provide in your message.

3.5 Marketing Data

With your consent, we may collect information about your marketing preferences and interactions with our emails, such as opens and clicks.

We use personal data for the following purposes:

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases to process your personal data:

We do not sell your personal data. We may share data in the following limited circumstances:

6.1 Service Providers (Sub-processors)

We engage trusted third-party vendors to help operate the Service, including cloud infrastructure, payment processing, analytics, email delivery, and customer support tools. All sub-processors are contractually obligated to protect data and process it only on our instructions. Our full sub-processor list is available at safravo.com/sub-processors.

6.2 Third-Party Messaging Platforms

When you connect channels such as WhatsApp Business or Facebook Messenger, conversation data is transmitted through APIs provided by those third parties (e.g., Meta). Their privacy policies also apply to data transmitted through their platforms.

6.3 Legal Requirements

We may disclose data if required by law, court order, or governmental authority, or if we reasonably believe disclosure is necessary to protect our rights, the safety of users, or to prevent fraud or illegal activity.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, data may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our website before such a transfer and inform you of any choices you may have.

6.5 Aggregated / Anonymized Data

We may share aggregated, anonymized data that does not identify any individual for research, benchmarking, or business analytics purposes.

Safravo Inc. is headquartered in Nairobi, Kenya, and may process data in other countries where our service providers operate. If we transfer personal data from the EEA or UK to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards.

You may request a copy of the applicable transfer mechanisms by contacting us at dpo@safravo.com.

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

Upon account deletion, Customer Data is purged within 30 days, except where retention is required by applicable law.

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Key measures include:

• Encryption in transit using TLS 1.2 or higher on all data connections
• Encryption at rest using AES-256 for stored data
• Role-based access controls limiting data access to authorized personnel
• Regular penetration testing and security audits by independent third parties
• Incident response procedures and breach notification protocols
• SOC 2 Type II compliance (in progress)

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@safravo.com.

We use cookies and similar tracking technologies on our website and platform. These include:

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect Service functionality.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@safravo.com. We will respond within 30 days. We may need to verify your identity before processing requests.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at privacy@safravo.com.

The Service may contain links to third-party websites, integrations, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform. We are not responsible for the privacy practices or content of third-party services.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:

• Sending an email to your registered address at least 30 days before the changes take effect
• Displaying a prominent banner within the Service
• Updating the "Last updated" date at the top of this page

Your continued use of the Service after the effective date of the revised policy constitutes your acceptance. If you disagree with the changes, please stop using the Service and delete your account.

For questions, concerns, or to exercise your data rights, please contact us: