Privacy Policy

Last updated: June 2026

1. Introduction

IZG Solutions (Pty) Ltd ("we", "us", or "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African legislation.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, engage our services, or interact with our WhatsApp chatbot platform.

2. Information We Collect

A) Information from Business Clients (our direct customers)

  • Business name, contact person name, email address, and phone number
  • WhatsApp Business Account credentials and phone number IDs
  • Billing and payment information
  • Chatbot configuration and conversation flow content

B) Information from End-Customers (people who message our clients' chatbots on WhatsApp)

  • WhatsApp phone number (wa_id)
  • Message content sent to and received from the chatbot
  • Message timestamps and delivery status
  • Session state (which stage of the conversation they are in)

We do not collect names, profile photos, or any other personal details from end-customers beyond what is included in WhatsApp message payloads.

C) Information from Website Visitors

  • Name and surname
  • Email address
  • Phone number
  • Business name and industry
  • Message content submitted via our contact form
  • Technical data such as IP address, browser type, and device information
  • Cookie and usage data (see our Cookie Policy below)

3. How We Use Your Information

We use your personal information to:

  • Respond to your enquiries and provide requested services
  • Prepare quotations and service agreements
  • Communicate with you about projects and deliverables
  • Operate and maintain our WhatsApp chatbot platform on behalf of business clients
  • Improve our website and services
  • Comply with legal obligations

We will not use your personal information for purposes other than those stated above without your consent.

4. WhatsApp and Meta Platform Data

IZG Solutions operates a WhatsApp chatbot platform that uses Meta's WhatsApp Business Cloud API. Through this integration, we access the following Meta platform permissions:

  • whatsapp_business_messaging: to send and receive WhatsApp messages on behalf of connected client businesses
  • whatsapp_business_management: to manage WhatsApp Business Account details, phone number registration, and message templates

How we use Meta Platform Data:

  • Receive inbound messages from end-customers and route them to the correct client chatbot
  • Send automated responses on behalf of client businesses
  • Store conversation history for session continuity and client reporting
  • Manage message templates and phone number configuration

Restrictions on use:

  • Meta Platform Data is not used for advertising, profiling, or selling to third parties
  • Data is used solely for the core WhatsApp chatbot functionality described above
  • We do not use Meta data to build user profiles or target advertising

5. Data Processor and Controller Roles

For personal information collected from our business clients (account data, billing, contact details), IZG Solutions acts as the Responsible Party (data controller) under POPIA.

For personal information of end-customers who interact with our clients' WhatsApp chatbots (phone numbers, message content, session data), IZG Solutions acts as an Operator (data processor) on behalf of the client, who remains the Responsible Party for their customers' data.

6. Legal Basis for Processing

We process your personal information based on:

  • Your consent (e.g., submitting a contact form)
  • Contractual necessity (e.g., delivering services you have engaged us for)
  • Legitimate interest (e.g., improving our website, operating the chatbot platform)
  • Legal obligation (e.g., tax and business records)

7. Third-Party Service Providers (Sub-Processors)

We do not sell, rent, or trade your personal information to third parties. We use the following third-party service providers to operate our platform:

Sub-processorPurposeLocation
Meta Platforms, Inc.WhatsApp Business Cloud API, sending and receiving messagesUnited States
Supabase, Inc.Cloud database, stores sessions, messages, and customer recordsEU (Ireland)
Vercel, Inc.Application hosting and serverless functionsUnited States

All third-party processors are contractually bound to process data only on our instructions and in accordance with applicable data protection laws.

We may also share your information with professional advisors (e.g., accountants, legal counsel) and regulatory authorities where required by law.

8. International Data Transfers

Your data may be transferred to and processed in countries outside South Africa, including the United States and the European Union, where our sub-processors (Meta, Supabase, Vercel) operate.

We ensure these transfers comply with POPIA section 72 by:

  • Transferring data only to countries with adequate data protection laws, or
  • Ensuring binding agreements are in place that provide POPIA-equivalent protection

Despite the transfer, we remain responsible for the protection of your personal information in accordance with this policy.

9. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are as follows:

Data typeRetention period
Client account and billing dataDuration of contract + 12 months
WhatsApp conversation content (messages)6 months (rolling)
Session data (conversation state)30 days after session ends
End-customer phone numbersDuration of client contract
API and system logs30 days
Contact form submissions12 months

10. Data Breach Notification

In the event of a security compromise involving personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible after becoming aware of the compromise
  • Notify affected data subjects as soon as reasonably possible if there are reasonable grounds to believe their personal information has been accessed by an unauthorised person

This is in accordance with POPIA section 22.

11. Your Rights

Under POPIA, you have the right to:

  • Request access to your personal information
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to the processing of your personal information
  • Withdraw consent at any time
  • Lodge a complaint with the Information Regulator

To exercise any of these rights, contact us at info@izgsolutions.co.za.

12. Security

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, or destruction. However, no method of transmission over the internet is 100% secure.

13. Cookies

Our website uses cookies to improve your browsing experience. See our cookie consent banner for details on what cookies we use and how to manage your preferences. We use:

  • Essential cookies: Required for the website to function
  • Analytics cookies: Help us understand how visitors use our site (only with your consent)

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

IZG Solutions (Pty) Ltd

3320 Thornton Place, Blue Valley Golf Estate, Centurion, 0157

Email: info@izgsolutions.co.za