1. Who We Are
This Privacy Policy describes how Phonext (“we”, “us”, “our”) collects, uses and protects personal data when you visit our website https://phonext.app or use our software-as-a-service platform and internal CRM/helpdesk (the “Service” or “App”).
The Service is operated by DAOLIO SOLUTION LTD, a company established in the United Kingdom (“Data Controller” for the purposes of applicable data protection laws).
If you have any questions about this policy or how we handle personal data, you can contact us at:
- Email: info@phonext.co.uk
- Website: https://phonext.app
2. Scope of this Policy
This Privacy Policy applies to all visitors of our public website and all authorized users of the Phonext CRM/helpdesk platform, including our internal support agents, administrators and any other staff members who access the Service.
Some of the data we process may also be subject to the privacy policies of our customers or partners. When we process personal data on behalf of our business customers, they may act as independent data controllers for some of the information stored in our platform.
3. Personal Data We Collect
We only collect personal data that is necessary to operate our CRM platform, provide support, comply with legal obligations and improve our services. Depending on how you interact with us, we may process the following categories of data:
3.1. Account and Workspace Information
- Name and surname
- Business email address and login credentials (hashed password)
- Role or function inside your organization (e.g. agent, admin)
- Tenant / workspace identification and assigned branches
3.2. CRM and Contact Data
- Contact information stored by our users about their customers, such as names, phone numbers (in E.164 format), email addresses and internal notes.
- Conversation history and message content exchanged through channels integrated into our platform (e.g. WhatsApp, Instagram).
- Metadata related to conversations, such as timestamps, message IDs, status (sent, delivered, read), and assigned agents.
3.3. Meta / Facebook / Instagram Platform Data
Our platform integrates with the Meta APIs (including the Instagram Graph API and WhatsApp Business Platform) to allow our internal agents to manage conversations in a single inbox. Depending on the permissions granted, we may process:
-
Instagram Business profile data for the connected
professional account, such as:
- Instagram Business ID
- Username and display name
- Profile picture URL
-
Instagram Business messages sent and received
through our CRM:
- Message content, attachments and technical message identifiers
- Sender and recipient identifiers (for example, PSIDs provided by Meta)
-
WhatsApp Business data, when connected:
- WhatsApp phone number ID, registered business phone number and templates information
- Messages exchanged via WhatsApp Business API (content, attachments, timestamps and message IDs)
We store this data only to deliver the CRM/helpdesk features (centralized inbox, conversation history, lead/contact management and internal performance tracking). We do not sell Meta Platform Data or use it to build personal profiles unrelated to the use of our Service.
3.4. Technical and Usage Data
- IP address, browser type and operating system
- Log data about access times, pages viewed and actions taken
- Device identifiers and approximate location (based on IP) for security and abuse prevention
3.5. Cookies and Similar Technologies
We use cookies and similar technologies to remember your preferences, keep you logged in, improve performance and perform basic analytics. For more details, please see the Cookie Policy section below.
4. How We Use Personal Data
We use personal data for the following purposes:
- To provide and operate the Service – including creating and managing accounts, authenticating users, displaying conversation threads and routing messages to the correct agents.
- To integrate messaging channels – such as WhatsApp and Instagram – in order to receive and send messages through our CRM dashboard via Meta’s APIs.
- To improve and customize the Service – for example, analyzing aggregated usage data to understand which features are most used and improving user experience and performance.
- To ensure security and prevent abuse – such as monitoring suspicious activity, protecting against fraud and enforcing our terms.
- To comply with legal obligations – including record-keeping, responding to legal requests and meeting applicable regulatory requirements.
- To communicate with you – for example, sending service-related emails, notices about changes to this policy or important security updates.
5. Legal Bases for Processing (where applicable)
Where EU or UK data protection laws apply (for example, under the GDPR or UK GDPR), we rely on one or more of the following legal bases:
- Performance of a contract – when processing is necessary to provide the Service you requested.
- Legitimate interests – such as improving our Service, ensuring its security and preventing misuse, provided that such interests are not overridden by your rights and interests.
- Legal obligations – where processing is required to comply with applicable law.
- Consent – only where required by law (for example, certain cookies or optional communications), and you are free to withdraw your consent at any time.
6. How We Use Meta, Instagram and WhatsApp Data
Our integration with Meta’s APIs (including Instagram Business and WhatsApp Business Platform) is designed so that our internal agents can manage customer conversations in one place. Specifically:
-
We use instagram_business_basic (when granted) to
fetch basic profile metadata (ID, username, name and profile
picture) of the connected Instagram Business account in order to:
- Label the correct Instagram profile in our UI (e.g. show avatar and @username in the sidebar).
- Help agents understand from which business profile they are replying.
-
We use instagram_business_manage_messages (when
granted) to:
- Receive Instagram messages via webhooks.
- Store those messages in our CRM as conversation threads with contacts.
- Allow our agents to send replies through our dashboard, with messages being delivered to the user’s Instagram inbox via Meta’s APIs.
- We use whatsapp_business_messaging (when configured) to send and receive messages from a WhatsApp Business Account number, store them in our CRM, and expose them to agents for support purposes.
We do not use Meta Platform Data to build profiles about individuals for advertising outside our Service, nor do we sell this data to third parties. Any aggregated or anonymised statistics we derive are used internally to improve the performance and quality of our tools.
7. How We Share Personal Data
We do not sell personal data. We may share personal data only with the following categories of recipients:
- Service providers and data processors – such as hosting providers, cloud infrastructure, email service providers, analytics tools and customer support tools, strictly for the purposes of operating and improving our Service.
- Meta Platforms – when you connect Instagram or WhatsApp Business, we send and receive data via Meta’s APIs as necessary to deliver messaging functionality.
- Professional advisors – such as lawyers, accountants or auditors, under duties of confidentiality.
- Public authorities – where required by law, court order or to protect our legal rights, users or the public.
When we engage third-party providers, we require them to process personal data only on our instructions and in compliance with this Privacy Policy and applicable data protection laws.
8. International Data Transfers
Because we use cloud infrastructure and global service providers, personal data may be stored or processed in countries outside your own country of residence, including outside the UK or European Economic Area (EEA).
When we transfer personal data to countries that do not provide an adequate level of protection, we implement appropriate safeguards as required by law, such as standard contractual clauses or equivalent legal mechanisms.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Criteria used to determine retention periods include:
- The duration of your contract or active use of the Service.
- Whether there is an ongoing legal obligation to retain certain data.
- Whether there is a need to keep data for security, fraud-prevention or audit purposes.
10. Security
We take reasonable technical and organizational measures to protect personal data against loss, theft, misuse and unauthorized access or disclosure. These measures include, for example, access controls, encryption in transit where appropriate and regular monitoring of our systems.
However, no system can be completely secure, and we cannot guarantee absolute security of information transmitted to or through our Service.
11. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to access your personal data we hold about you.
- Right to request correction of inaccurate or incomplete data.
- Right to request deletion of your data, in certain circumstances.
- Right to object to or request restriction of processing in certain cases.
- Right to data portability, where applicable by law.
- Right to withdraw consent at any time, where processing is based on consent.
To exercise these rights, please contact us at info@phonext.co.uk. We may need to verify your identity before responding to your request.
You also have the right to lodge a complaint with your local data protection authority if you believe that your rights have been infringed.
12. Children’s Privacy
Our Service is intended for use by businesses and their staff. It is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. When we make material changes, we will update the “Effective date” at the top of this page and, where appropriate, notify you through the Service or by email.
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
Cookie Policy
1. What Are Cookies
Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognize your device, remember your preferences and help us understand how you use our site.
2. How We Use Cookies
We use cookies for the following purposes:
- Strictly necessary cookies – required for the website and app to function (e.g. keeping you logged in, security features).
- Preference cookies – to remember your settings such as language or UI preferences.
- Analytics cookies – to understand how visitors use our website and Service, so we can improve performance and user experience. Data collected is usually aggregated and does not identify you directly.
3. Third-Party Cookies
We may use third-party service providers that set cookies on our site (for example, analytics or performance tools). These providers may collect information about your online activities over time and across different websites. We do not control these third-party cookies, and their use is governed by the privacy policies of the respective providers.
4. Managing Cookies
You can manage or disable cookies through your browser settings. Most browsers allow you to:
- See which cookies are stored on your device.
- Delete all or specific cookies.
- Block cookies from specific websites.
- Block all cookies from being set.
Please note that disabling cookies may affect the functionality of this and many other websites, and certain features of our Service may not operate correctly without cookies.
5. More Information
If you have any questions about our use of cookies or this Cookie Policy, you can contact us at info@phonext.co.uk .