Privacy
WhatsApp Chatbots

Privacy Policy

This Privacy Policy explains how Groot IT Solutions Limited (“we”, “us”) collects, uses, shares, and protects personal information when you use our WhatsApp-based chatbots and any related web pages (such as payment, PIN, callback, or receipt pages).

Last updated: January 10, 2026

Quick summary

  • We collect only what we need to run the chatbot features you use (e.g. access control, vending, payments, receipts, alerts, support).
  • Payments are processed by payment providers; we typically store references/status and service-related records.
  • We use security measures like webhook signature verification and expiring signed links where applicable.
  • You can request access, correction, or deletion of your data (subject to legal and operational limits).

Table of contents

1) Who we are 2) Scope 3) Information we collect 4) How we use information 5) Legal bases (where applicable) 6) How we share information 7) Data retention 8) Security 9) Your rights 10) International transfers 11) Children’s privacy 12) Changes to this policy 13) Contact us

1) Who we are

Data Controller/Provider: Groot IT Solutions Limited.

Some chatbots are deployed on behalf of an estate, business, or organization (“Client”). In those cases, the Client may be the primary controller of resident/staff/tenant data, and we act as a service provider/processor to operate the chatbot. If you’re unsure who your Client is, contact the organization that invited you to use the chatbot.

2) Scope

This policy applies to personal information processed through:

  • WhatsApp conversations with our chatbots (including interactive buttons/lists and message content).
  • Related web pages used to complete flows (e.g., payment pages, PIN verification/reset pages, callback pages, receipt pages).
  • Operational logs and security events tied to these services.

3) Information we collect

A. Information you provide

  • WhatsApp identifiers (e.g. phone number/wa_id, display name).
  • Conversation content you send to the chatbot (messages, selections, uploaded images/files where supported).
  • Booking/payment details you submit (e.g. dates, names, email, phone) depending on the service.

B. Information we receive from services

  • WhatsApp delivery metadata (timestamps, message status) from Meta’s WhatsApp Business APIs.
  • Payment status and transaction references from payment providers (e.g. Paystack/PayGate) via webhooks/callbacks.
  • Operational identifiers needed to issue receipts, tokens, or access codes.

We do not intentionally collect “special category” sensitive information. Please avoid sending sensitive information in WhatsApp messages.

4) How we use information

  • To deliver the chatbot features you requested (booking, access control, vending, alerts, support).
  • To process and reconcile payments (store references, mark invoices/receipts, issue confirmations).
  • To prevent fraud/abuse (rate limits, webhook verification, logging).
  • To improve service reliability (debugging, monitoring, feature improvements).

6) How we share information

We may share information with:

  • Clients (estates/organizations) operating the chatbot, for operational purposes.
  • Payment providers to process transactions and confirm payment status.
  • Infrastructure providers (hosting, storage, email) to run the service.
  • Authorities where required by law.

7) Data retention

We retain personal information for as long as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by Client and feature.

8) Security

We use practical security controls, such as:

  • Webhook signature verification for payment/notification callbacks where applicable.
  • Expiring, signed receipt links for PDF receipts (so links can time out and can’t be trivially guessed).
  • Short-lived tokens for sensitive flows (e.g. PIN verification/reset pages) where applicable.
  • Access controls to limit who can view operational/admin data.

No system is 100% secure. Please avoid sharing sensitive information in WhatsApp messages.

9) Your rights

Depending on your jurisdiction, you may have rights to:

  • Request access to personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (where applicable).
  • Object to or restrict certain processing.
  • Request a copy/portability of your data (where applicable).
  • Withdraw consent (where processing is based on consent).

If the chatbot is operated for an estate/organization, they may control certain records. We may direct you to the Client for requests involving their admin/operational data.

10) International transfers

Our services may use third-party providers and infrastructure that process data in multiple countries. Where required, we take steps intended to ensure appropriate safeguards for cross-border transfers.

11) Children’s privacy

Our chatbots are generally intended for residents, staff, customers, and authorized users of an estate or service. We do not knowingly collect personal information from children under 13 without appropriate authorization.

12) Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top. If changes are significant, we may provide additional notice where practical.

13) Contact us

If you have questions or requests about this Privacy Policy or your data, contact:

If you are contacting us about a specific chatbot transaction, include any transaction/reference ID you received so we can assist faster.