Privacy Policy
Last updated:
Summary
This page explains what data MessengerMate Pro collects, how we use it, and how you can ask us to delete it. We try to use plain language. If anything here is unclear, email privacy@messengermatepro.com and we will rewrite the section.
We are MessengerMate Pro, an AI-powered customer-conversation assistant for Philippine SMEs. We are based in the Philippines.
1. What we collect
While the product is in waitlist (now)
- Email address — when you join the waitlist
- IP address and basic browser metadata — captured by Cloudflare on every request, used only for security and abuse prevention
Once the product launches (planned)
- Meta Page IDs and access tokens — when you connect a Facebook Page, Instagram Business account, or WhatsApp Business number
- Message content — the customer messages your connected accounts receive, and the replies our AI sends
- Account metadata — your business name, contact info, billing details
- Usage analytics — anonymized, aggregated metrics about feature use
We will update this Privacy Policy when those features ship and the data flows become real, not just planned.
2. How we use your data
- Email is used solely to email you when MessengerMate Pro is ready, and to send service notices (e.g. "your account has been deleted as requested"). We do not send marketing emails to waitlist subscribers.
- Meta access tokens will be used only to send and receive messages on your behalf via the Meta Graph API.
- Message content will be processed by our AI (and the LLM provider listed below) to generate Taglish replies. We do not use your message content to train models.
- We do not sell your data. Ever. Not in aggregate, not anonymized, not at all.
- We do not use your data for advertising to you or anyone else.
3. Sub-processors
We share data with these vendors strictly to deliver the service. Each handles only what they need.
- Resend — email delivery (waitlist confirmations, transactional notices)
- Cloudflare — hosting, CDN, bot protection (Turnstile)
- OpenAI — current LLM provider for AI reply generation. We will update this list if we change providers. Message content sent to OpenAI is governed by their API terms (no training on submitted data).
- Meta — message delivery via Messenger / Instagram / WhatsApp Business APIs
When you connect a Meta account, your data also flows through Meta per their terms.
4. How long we keep your data
| Data | Retention |
|---|---|
| Waitlist email | Until you ask us to delete it, or until the product launches and you choose not to convert |
| Connected-account metadata (Page IDs, tokens) | Until you disconnect the account |
| Customer message content | 90 days rolling, then automatically purged. We retain only what is needed to debug and improve replies. |
| Account/billing records | 7 years after account closure (Philippine tax law requirement) |
| Server logs | 30 days |
5. Your rights
Under the Philippine Data Privacy Act of 2012 (RA 10173) and aligned with GDPR principles, you have the right to:
- Access — request a copy of all data we hold about you
- Correct — fix inaccurate data
- Delete — request that we erase your data
- Object — refuse certain processing
- Withdraw consent — at any time, with effect going forward
To exercise any of these, use the Data Deletion Request page or email privacy@messengermatepro.com.
We will respond within 30 days. Most requests are completed in under 7 days.
6. Lawful basis for processing
- Consent — when you join the waitlist or connect a Meta account, you are consenting to the processing described here
- Contract — once you become a paying customer, we process your data to deliver the service you paid for
- Legitimate interest — for security, fraud prevention, and basic service operation
7. Security
- All data is transmitted over HTTPS
- We use Cloudflare's standard security posture (WAF, bot protection, DDoS mitigation)
- Meta access tokens are stored encrypted at rest
- We follow the principle of least privilege internally — only engineers who need access to a system have it
- We will publish post-incident reports for any breach affecting customer data
We are a small team and we take this seriously. We are not making claims of ISO 27001 or SOC 2 compliance — we are not certified, and we will tell you when we are.
8. International transfers
Some of our sub-processors (notably OpenAI, Cloudflare, Resend) operate primarily in the United States. Your data may be transferred to and processed in the US. These vendors use standard contractual clauses or equivalent mechanisms.
9. Children
MessengerMate Pro is a B2B service. It is not intended for use by anyone under 18. We do not knowingly collect data from children. If you believe a child has shared data with us, email privacy@messengermatepro.com and we will delete it.
10. Cookies
The waitlist site uses one functional cookie set by Cloudflare Turnstile to verify you are not a bot when you submit the form. We do not use analytics cookies, advertising cookies, or third-party tracking on the marketing site.
The product app (when launched) will use a session cookie for authentication. We will update this section before that ships.
11. Changes to this policy
When we update this Privacy Policy, we will:
- Update the "Last updated" date at the top of this page
- Email all active customers and waitlist subscribers about material changes (not minor wording fixes)
- Keep an archive of previous versions available on request
12. Contact
- Privacy questions: privacy@messengermatepro.com
- Data deletion requests: /data-deletion
- General contact: hello@messengermatepro.com
You also have the right to lodge a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph).