Privacy Policy

Effective Date: 17th of March, 2026

1. Introduction

Omniflow ("we," "us," or "our") provides a specialized Customer Relationship Management (CRM) platform designed for Businesses or Service Providers to manage secure communications with their end-users. This policy outlines how Omniflow processes data on behalf of our Business Users (e.g., Commercial Entities and Professional Service Organizations) when integrating with Meta Platforms (WhatsApp, Facebook, and Instagram).

2. Information We Process

As a data processor, we collect and store information transmitted through Meta's APIs at the direction of the Business User, including:

  • Basic Identity & Contact: Name, phone number, and unique Meta User IDs.
  • Multimedia Content: Text messages, images, PDFs, and files shared during consultations or inquiries.
  • Geographical Data: Location data shared by the end user (customer) to facilitate services.
  • Activity & Intent Data: Preferred language, appointment requests, follow-up schedules, surgery/test bookings, and "Meet a doctor" inquiries.

3. How We Use Data

We process information strictly to fulfill our service obligations to the Business User:

  • Automated Intelligence: Powering chatbots to provide instant, pre-built answers to common queries.
  • Anonymized data will be used to enhance our models and programs.
  • Human Agent Routing: Facilitating the handoff from automated systems to available human agents or staff.
  • Lead Management: Organizing chat data into actionable leads, medical appointments, and surgery follow-ups.
  • Product Optimization: Analyzing anonymized interaction patterns to improve chatbot accuracy and system performance.

4. Data Sharing & Third Parties

We do not sell personal data. Data is shared only under the following conditions:

  • Client Access: Data is fully accessible to the specific organization (Business) for the end-user contact.
  • Internal Distribution: Data may be routed internally within the Business User's departments (e.g., from Reception to a Doctor).
  • Service Providers: Authorized IT and infrastructure partners who maintain our secure environment.
  • Legal Compliance: If required by law or to satisfy legal obligations in accordance with regulations.
  • Platform Disclaimer: Interactions via WhatsApp or Facebook are also subject to Meta Platforms, Inc.'s privacy policies.

5. Data Ownership & Security

The Business User (Service provider) remains with the Data Controller for their customer/patient information. Omniflow acts as the Data Processor.

  • Encryption: All data in transit is protected using Industry-Standard TLS (Transport Layer Security).
  • Storage Security: Data is stored in secure, restricted-access environments with administrative and technical safeguards.
  • Access Control: Strict internal policies ensure only authorized personnel can access sensitive records.

6. Data Retention & Deletion

Retention Policy: We retain data only for as long as the Business User maintains an active subscription or as required for their business records.

User Deletion Requests: Currently, both end-users (customer) and system users (business) cannot delete messages directly within the chat interface.

Request Process: End-users wishing to exercise their "Right to be Forgotten" must contact the respective business/service provider. Omniflow will assist the Business User in fulfilling these deletion requests in compliance with Meta's Data Deletion policies.

Company Deactivation & Permanent Erasure: If a company or business entity is deactivated from the Omniflow platform, all associated data including chat histories, customer leads, and shared files will be permanently deleted from our servers within a period of 14 days (2 weeks) following deactivation.

7. Rights of the Data Subject

Through our platform, Business Users can facilitate the following rights for their customers:

  • Access & Portability: Requesting a copy of stored chat history and records.
  • Correction: Updating inaccurate identity or appointment information.
  • Withdrawal of Consent: Ceasing communication via Meta platforms at any time.

8. Updates to This Policy

We reserve the right to modify this policy to reflect on technological or legal changes.

Notification: Significant updates will be published on our official website: omniflowcrm.com

Review: We encourage Business Users to review this policy periodically.

9. Contact Us

For inquiries regarding data processing or to report a security concern, Email: contact@omniflowcrm.com