Direct Chat Conversation (“we”, “us”, or “our”) is a WhatsApp Business Messaging Platform operated by MT Blaze, accessible at https://directconverse.mtblaze.com. We provide businesses with tools to manage WhatsApp marketing campaigns, automate customer support through intelligent chatbots, manage contacts and customer relationships, and integrate messaging workflows via APIs and webhooks.
This Privacy Policy describes how we collect, use, store, share, and protect personal information in connection with our platform and related services.
Scope of This Policy
This Policy applies to:
Vendors / Subscribers – businesses and individuals who register for and use the Direct Chat Conversation platform.
Team Members / Agents – employees or contractors added to a vendor account to assist with messaging and support tasks.
End Customers – individuals who are messaged by vendors through our platform via WhatsApp.
Visitors – anyone who browses our website without creating an account.
Note for Vendors: When you use our platform to communicate with your own customers, you act as a data controller for your customers’ personal data. We act as your data processor. You are responsible for ensuring you have a lawful basis for collecting and messaging your contacts.
Information We Collect
3.1 Account & Registration Data
When you create a vendor account we collect:
Full name, email address, and password (hashed)
Business name and contact details
Subscription plan and billing information (payment is processed by our payment provider; we do not store raw card numbers)
WhatsApp Business Account (WABA) credentials and phone numbers linked via Meta’s Embedded Signup
3.2 Contact Data Uploaded by Vendors
Vendors may import or manually add their customers’ contact information, which may include:
Name and WhatsApp phone number
Email address and any other fields imported via XLSX files
Custom fields defined by the vendor (e.g., purchase history, location, preferences)
Contact grouping / segmentation labels
3.3 Messaging & Campaign Data
Content of messages sent and received through the platform
Campaign names, schedules, and targeting criteria
Message delivery status, read receipts, and engagement metrics
Media files (images, videos, audio, documents) exchanged in chats or campaigns
Bot flow configurations, trigger words, and automated reply content
Interactive button and list responses from end customers
3.4 Technical & Usage Data
IP address, browser type and version, operating system
Pages visited, features used, and time spent on the platform
Device identifiers and session tokens
API request logs and webhook event records
Error logs and crash reports
3.5 AI & Bot Data (FlowiseAI Integration)
If a vendor enables the AI Chatbot feature via FlowiseAI, conversation data (including customer messages and AI-generated responses) may be processed by the integrated AI engine to generate intelligent replies. This data is governed by both this Policy and FlowiseAI’s applicable terms.
3.6 Data We Do Not Collect
We do not collect sensitive personal data such as health, biometric, or financial account information unless explicitly provided within a message by the user.
We do not collect data from end customers directly; all end-customer data reaches our servers through the vendor’s use of the platform.
How We Use Your Information
We use the information we collect for the following purposes:
4.1 Platform Operation
Providing, maintaining, and improving the Direct Chat Conversation platform
Processing and routing WhatsApp messages on behalf of vendors
Executing campaigns, bot flows, and automated responses
Enabling team member access and permission management
Generating QR codes linked to vendor WhatsApp numbers
4.2 Account Management
Creating and maintaining vendor and agent accounts
Processing subscription payments and plan upgrades
Monitoring platform performance, uptime, and reliability
Providing vendors with real-time campaign and message performance dashboards
Identifying and fixing bugs, errors, and security vulnerabilities
Developing new features based on aggregated usage patterns
4.4 Communication
Responding to support requests and inquiries
Sending product updates, new feature announcements, and policy changes (with opt-out option)
Notifying users of suspicious account activity or security issues
4.5 Legal & Compliance
Complying with applicable laws, including the Kenya Data Protection Act, 2019
Enforcing our Terms of Service and Acceptable Use Policy
Detecting and preventing fraud, abuse, or illegal activity
Responding to lawful requests from government authorities
Legal Bases for Processing
We process personal data only where we have a lawful basis under applicable law, including the Kenya Data Protection Act, 2019 and, where applicable, the EU General Data Protection Regulation (GDPR).
Our legal bases include:
Contract performance: Processing necessary to provide our services under our agreement with vendors.
Legitimate interests: Improving our platform, preventing fraud, securing our systems, and conducting analytics, where such interests do not override data subjects’ rights.
Consent: Where you have explicitly opted in (e.g., marketing communications). You may withdraw consent at any time.
Legal obligation: Compliance with applicable laws and regulatory requirements.
Sharing and Disclosure of Information
We do not sell your personal data. We may share information only in the following circumstances:
6.1 Service Providers (Data Processors)
We engage trusted third-party vendors to help us operate the platform, including:
Cloud hosting and infrastructure providers
Payment processors (for subscription billing)
Email delivery services (for transactional and notification emails)
Analytics and monitoring tools
AI services (FlowiseAI, for vendors who enable AI chatbots)
All service providers are contractually obligated to process data only on our instructions and to maintain appropriate security standards.
6.2 Meta / WhatsApp
Our platform operates through the WhatsApp Cloud API provided by Meta Platforms, Inc. Message content, phone numbers, and delivery metadata are transmitted through Meta’s infrastructure in accordance with Meta’s Privacy Policy and the WhatsApp Business Platform Terms of Service.
6.3 Other Vendors on the Platform
Vendor accounts are isolated. We do not share one vendor’s contact data or campaign data with another vendor.
6.4 Legal Disclosures
We may disclose information if required to do so by law or in response to valid legal processes such as court orders, subpoenas, or requests from regulatory authorities, in particular the Office of the Data Protection Commissioner (ODPC) of Kenya.
6.5 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred as part of that transaction. We will provide notice before your personal data becomes subject to a different privacy policy.
6.6 With Your Consent
We may share information for any other purpose with your explicit consent.
WhatsApp Cloud API & Meta
Direct Chat Conversation is powered by the WhatsApp Cloud API, a product of Meta Platforms, Inc. As a result, all messages sent and received through our platform are routed through Meta’s servers. By using our platform, you acknowledge that:
Vendors are responsible for complying with WhatsApp’s Business Messaging Policy, including obtaining appropriate consent from their contacts before sending marketing messages.
Template messages must be approved by Meta before use. We facilitate template submission on your behalf but cannot guarantee Meta’s approval decisions.
WhatsApp Cloud API messaging charges apply separately and are billed by Meta based on their platform pricing.
Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law.
Account data: Retained for the duration of the active subscription, plus up to 90 days after account closure to allow for account recovery or dispute resolution.
Contact and campaign data: Retained while a vendor account is active. Upon account deletion, contact records are purged within 30 days.
Message history: Retained for up to 12 months from the date of the message, or as configured by the vendor within available settings.
Billing records: Retained for 7 years in accordance with Kenyan tax and accounting laws.
Technical/security logs: Retained for up to 90 days for security monitoring and debugging purposes.
You may request deletion of your data at any time (see Section 10). Note that some data may be retained to comply with legal obligations even after a deletion request.
Data Security
We implement industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include:
Encryption in transit: All data transmitted between your browser/app and our servers is encrypted using TLS (HTTPS).
Encryption at rest: Sensitive data stored in our databases is encrypted at rest.
Password security: User passwords are hashed using a strong one-way hashing algorithm; we never store plaintext passwords.
Access controls: Role-based access controls (RBAC) limit platform access to authorised team members and agents based on their assigned permissions.
Session management: Secure, time-limited session tokens with automatic expiry.
Regular security assessments: We conduct periodic reviews of our infrastructure and codebase to identify and remediate vulnerabilities.
Vendor isolation: Each vendor’s data is logically separated to prevent cross-account access.
Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. In the event of a data breach that poses a risk to your rights, we will notify affected parties and the relevant authority as required by law.
Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Restriction: Request that we limit how we process your data in certain circumstances.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us at the details provided in Section 16. We will respond to verified requests within 21 days in accordance with the Kenya Data Protection Act, 2019.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at www.odpc.go.ke.
Note for End Customers (WhatsApp Contacts)
If you have received messages from a business using our platform and wish to stop receiving them, you may reply “STOP” or “UNSUBSCRIBE” to the vendor’s WhatsApp number, or contact the vendor directly. You may also contact us at the details in Section 16, and we will forward your request to the relevant vendor.
Children’s Privacy
Our platform is intended for business use and is not directed at individuals under the age of 18 years. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.
Vendors are responsible for ensuring they do not use our platform to send unsolicited messages to minors.
International Data Transfers
Our platform is hosted and primarily operates within infrastructure accessible globally. By using our services, you acknowledge that your data may be transferred to and processed in countries other than your country of residence, including countries where data protection laws may differ.
In particular, the WhatsApp Cloud API routes messages through Meta’s global infrastructure, which may involve servers located in the United States and other jurisdictions.
Where we transfer personal data internationally, we take appropriate safeguards to ensure an adequate level of protection, including reliance on standard contractual clauses or equivalent mechanisms.
Cookies & Tracking Technologies
We use cookies and similar technologies on our website and platform for the following purposes:
Essential cookies: Required for authentication, session management, and CSRF protection (e.g., the meta-csrf-token). These cannot be disabled without impairing platform functionality.
Preference cookies: Remember your settings and preferences across sessions.
Analytics cookies: Help us understand how users interact with the platform so we can improve performance and usability. Analytics data is aggregated and does not identify individual users.
You may control or delete cookies through your browser settings. Note that disabling essential cookies may prevent you from logging in or using core platform features.
Third-Party Links & Integrations
Our platform may contain links to third-party websites, and vendors may integrate our API with external services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with our platform, including:
Meta / WhatsApp – for messaging infrastructure
FlowiseAI – for AI-powered chatbot features
Payment processors – for billing and subscription management
Any external services connected via our APIs or webhooks by vendors
We are not responsible for the privacy practices or content of third-party services.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
Update the “Last Updated” date at the top of this Policy
Display a notice on our platform dashboard or homepage
Where required by law, notify registered vendors by email
Your continued use of the platform after the effective date of a revised Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.
Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please reach out to us through any of the following channels: