Privacy Policy

Targetly AI is committed to your privacy and data security. This policy outlines how we collect, process, and protect your data in strict compliance with Meta Developer Policies and Global Data Protection Standards.

1. Data We Collect & Integrations

To provide our AI unified omnichannel inbox and automation services, Targetly AI collects data explicitly authorized by you through official APIs. We strictly request only the permissions necessary to operate our platform.

A. Core Identity & Business Management (Meta)

  • public_profile: Used to retrieve basic profile information (such as name and profile picture) to identify users interacting with your business.
  • business_management: Used to securely read and manage your Meta Business Manager assets, enabling you to link and organize your Facebook Pages, Instagram Accounts, and WhatsApp accounts within your Targetly AI workspace.

B. Facebook Pages Permissions

  • pages_show_list: Allows you to view and select which of your authorized Facebook Pages you wish to connect to the Targetly AI platform.
  • pages_manage_metadata: Required to subscribe your pages to our Webhooks. This enables real-time syncing so incoming messages appear instantly in your unified inbox.
  • pages_read_engagement: Allows our platform to read user engagement (like comments) on your Page to provide full context to your support agents or AI engine.
  • pages_messaging: The core permission used to fetch incoming Facebook Messenger conversations and allow your agents (or AI) to reply directly from our dashboard.
  • Human Agent (Feature Tag): We utilize the Human Agent tag to allow conversations to seamlessly transition from our AI bot to a live human agent within the standard messaging window permitted by Meta.

C. Instagram Graph API Permissions

  • instagram_basic & instagram_business_basic: Used to read your connected Instagram Business/Creator account profile info.
  • instagram_manage_messages & instagram_business_manage_messages: Essential for routing incoming Instagram Direct Messages (DMs) to your unified inbox and enabling you or your AI to send replies back to your followers securely.

D. WhatsApp Business API Permissions

  • whatsapp_business_management: Used to help you manage your WhatsApp business profile, phone numbers, and submit message templates directly from our platform.
  • whatsapp_business_messaging: Used to process incoming and outgoing messages, media files, and delivery receipts to enable real-time communication via WhatsApp Cloud API.

E. Additional Omnichannel Integrations & APIs

Beyond Meta platforms, Targetly AI allows you to connect various communication channels. Data processed through these channels is handled with the same strict security standards:

  • SMS: When you integrate an SMS channel via providers like Twilio or Bandwidth, we process incoming and outgoing text messages and phone numbers to display them in your inbox.
  • Email: When you connect with Gmail, Outlook, or other email providers via SMTP/IMAP, we process email content, attachments, and metadata (sender/receiver addresses) to allow you to manage support tickets.
  • Telegram & Line: By providing your Telegram Bot Token or integrating a Line channel, we process messages and user IDs from these apps to sync conversations to your Targetly AI dashboard.
  • Custom API: If you build a custom channel using our API, we process the webhooks and payloads you configure and send to our servers.
  • TikTok (Beta): When you connect your TikTok account, we process interactions and messages from your followers.
  • Voice (Beta): When you integrate voice solutions like Twilio Voice, we process call logs, connection metadata, and voice/transcription data where applicable.
Security Notice: Targetly AI uses official OAuth and system user tokens for authentication across all integrations. We never ask for, collect, or store your personal login credentials (passwords) for any platform.

2. How We Use Your Data & Legal Basis

Your data is processed strictly to operate and provide Targetly AI services to your business. Our legal basis for processing this data is Contractual Necessity (to deliver the services you subscribed to) and our Legitimate Interest in providing a secure and efficient platform.

We use the data to:

  • Centralize your customer communications from all channels (social media, email, SMS) into one secure dashboard.
  • Process incoming inquiries through our AI Employee engine to automate intelligent responses based on your knowledge base.
Important: We never sell, license, rent, or share your personal data or your customers' data with third parties. We do not use Platform Data for discrimination, eligibility determinations, or surveillance.

3. Third-Party Data Processors

To provide a high-quality, omnichannel service, we work with trusted third-party service providers (Data Processors). We have strict Data Processing Agreements (DPAs) in place with them to ensure your data remains secure. These include:

  • DigitalOcean: For secure cloud infrastructure, servers, and database hosting.
  • OpenAI: For AI-powered response generation and language processing. (Note: Data sent to OpenAI via API is used strictly for generating your specific responses and is not used to train their public AI models).
  • Communication Providers: Twilio, Bandwidth (for SMS and Voice processing), and Resend (for transactional email delivery).
  • Integrated Platforms: Google (Gmail), Microsoft (Outlook), Telegram, Line, and TikTok, strictly to the extent necessary to facilitate the messages you authorize through your connected accounts.

4. Data Infrastructure & Security (Multi-Tenant Architecture)

Targetly AI operates on a secure, enterprise-grade infrastructure. We act as a "Tech Provider" under our API agreements.

  • Server Location: Targetly AI is hosted on a dedicated DigitalOcean server located in Frankfurt, Germany.
  • Multi-Tenant Architecture & Data Isolation: While all our clients are hosted on our secure unified server infrastructure, we enforce strict logical separation of data. Your data is partitioned at the database level and protected by advanced Role-Based Access Controls (RBAC), ensuring that your workspace data is completely isolated and inaccessible to any other clients on the platform.
  • Encryption: All data is encrypted in transit using modern TLS protocols and encrypted at rest.

5. Cookies Policy

We believe in minimal tracking. Targetly AI uses essential cookies only. These cookies are strictly necessary for user authentication, maintaining secure login sessions, and ensuring platform functionality. We do not use any third-party tracking, profiling, or advertising cookies on our dashboard.

6. GDPR Compliance & European Users

Because our server infrastructure is located in Frankfurt, Germany, and we serve global clients, for users and their end-customers located in the European Economic Area (EEA), our data processing complies fully with the General Data Protection Regulation (GDPR).

7. Data Retention, Export & Deletion

We adhere to strict data retention policies in accordance with global privacy laws and our Terms of Service:

  • Active Accounts: We retain your messaging history across all connected channels for as long as your account is active.
  • Data Export: You can export your customer data and conversation history at any time before terminating your account.
  • Account Termination: Upon account termination, your data remains on the server for a grace period of 30 days. After 30 days, all your data is permanently deleted.

Data Deletion & DPO Contact

You have full rights to request the immediate deletion of your data or your end-users' data at any time. For data deletion requests, privacy concerns, or to contact our Data Protection Officer (DPO), please reach out to: