Back to Home
Security & Compliance

Privacy Policy

Last updated: June 9, 2026

1. General Information & Data Protection Officer

Chatydesk by Ozprix Studios (referred to as "we", "us", or "Chatydesk") values your privacy. This Privacy Policy explains how we collect, process, and protect data when you utilize our WhatsApp CRM platform and related scheduling automation services in compliance with the General Data Protection Regulation (GDPR) and other applicable European laws.

Ozprix Studios is registered in Germany. For any queries regarding this policy, data deletion requests, or your rights, please reach out to our Data Protection Officer at privacy@ozprix.com.

2. Scope of Data Collection

We process data necessary to provide a high-performing, secure CRM. This includes:

  • Account Credentials: Email, encrypted password hashes, and profile name.
  • WhatsApp Integration Tokens: Your Meta Cloud API tokens, phone number IDs, and app secrets. These credentials are encrypted on our server using military-grade AES-256-GCM encryption.
  • CRM Data: Contacts, phone numbers, conversation histories, custom pipeline stages, deals, and notes.
  • Scheduling Configurations: Weekly availability schedule, session price, and booking details.
  • Payment Metadata: Transaction reference IDs (e.g. Stripe checkout IDs) to automate appointment confirmation. We do not store raw credit card numbers.

3. Purposes and Legal Basis of Processing

Under GDPR Article 6, we process data based on:

  • Contractual Performance (Art. 6(1)(b) GDPR): To run the CRM, send automated messages, sync WhatsApp chats, and authorize subscriptions.
  • Legal Obligation (Art. 6(1)(c) GDPR): For compliance with German tax laws, billing audit trials, and VAT declarations.
  • Legitimate Interest (Art. 6(1)(f) GDPR): To analyze server performance, debug error logs, and optimize the scheduling engine to ensure premium uptime.

4. Data Hosting & Third-Party Processors

Your CRM database runs on secure Supabase servers. Data is encrypted in transit and at rest.

We integrate third-party APIs to deliver core functionalities:

  • Meta Inc. (WhatsApp Cloud API) for message transit.
  • Stripe Inc. for subscription billing and booking payments processing.
  • Chatydesk Video Rooms (built on open-source Jitsi Meet) for consultation video rooms.

Data processing agreements (DPAs) are maintained with our cloud infrastructure partners to ensure GDPR compliance.

5. Data Retention

We retain your database records as long as your Chatydesk account remains active. If you delete your account or request data purging, we automatically initiate permanent deletion protocols across active servers and backups within 30 days, except where retention is legally mandated (e.g., invoices).

6. Your Rights

Under the GDPR, you have the right to access your stored data, rectify inaccuracies, request deletion, restrict processing, and export your contact lists. To exercise these rights, please email us or use the Help & Feedback panel in your dashboard.

© 2026 Ozprix Studios. Registered in Germany.