Privacy Policy
Last updated: 2026-03-01
1. Who We Are
Coast Code Concepts OÜ ("we," "us," "our") operates ToolName ("the Service"), a unified inbox for Meta platforms including Facebook Messenger, Comments, Instagram DMs, and WhatsApp Business.
- Country of Registration: Estonia
- Privacy Contact: privacy@app.chatsfix.it
2. What Data We Collect
We collect and process the following categories of personal data:
- Account Data: Name, email, profile picture (from OAuth provider).
- Connected Page Data: Facebook Page name, ID, and page-scoped access token (encrypted with AES-256-GCM).
- Message Data: Messages received via connected Meta platforms, stored to display in your unified inbox.
- Usage Data: Feature usage, analytics events (only with your consent).
- Payment Data: Processed by Stripe. We never store card numbers.
3. How We Use Your Data
We use your data exclusively to provide the Service:
- Authenticating you and managing your account.
- Connecting to Meta APIs on your behalf to fetch and send messages.
- Displaying conversations in your unified inbox.
- Processing payments and managing your subscription.
- Sending transactional emails (welcome, trial reminders, security alerts).
- Improving the Service through anonymized, consented analytics.
4. Data Processors
We share data with the following third-party processors under GDPR Article 28:
| Processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting & CDN | US (EU data region available) |
| Supabase Inc. | Database hosting | EU (Frankfurt) |
| Stripe Inc. | Payment processing | US/EU |
| Resend Inc. | Transactional email | US |
| Anthropic PBC | AI processing | US |
| Sentry (Functional Software) | Error monitoring | US |
| Cloudflare Inc. | CDN & security | US/EU |
| BetterStack (Better Uptime) | Uptime monitoring | EU |
| Doppler Inc. | Secrets management | US |
| Meta Platforms, Inc. | Messaging platform APIs | US/EU |
5. Data Storage & Security
- Database hosted on Supabase in EU (Frankfurt).
- All Meta access tokens encrypted with AES-256-GCM before storage.
- HTTPS enforced on all connections (HSTS enabled).
- Row-Level Security (RLS) ensures workspace data isolation.
- No secrets stored in environment files; managed via Doppler.
6. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict processing.
- Data portability (receive your data in a structured format).
- Object to processing.
- Withdraw consent at any time.
To exercise any of these rights, email privacy@app.chatsfix.it. We respond within 30 days.
7. Cookies & Analytics
We use essential cookies for authentication (session tokens). Analytics cookies are only activated after you give explicit consent via our cookie banner. You can withdraw consent at any time in your account settings.
8. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion.
- Message data: retained while the connected page is active, deleted within 30 days of page disconnection.
- Analytics data: retained for 90 days, then automatically purged.
- Payment records: retained as required by tax law (typically 7 years).
9. Contact
For privacy inquiries: privacy@app.chatsfix.it
For general support: support@app.chatsfix.it
This is a summary privacy policy for ToolName. The full, detailed privacy policy is available at chatsfix.it/privacy.