Elabd Technologies
Legal · Privacy

Privacy Policy

How Elabd Technologies handles your data when you use our messaging automation services and Meta API integrations.

Last updated: May 13, 2026

Elabd Technologies — Flat No 2 First Floor Upstairs, Faysal Bank Munawar Plaza, I-10 Markaz, Islamabad, Pakistan.

Table of Contents

  • 1. Introduction
  • 2. Data We Collect
  • 3. How We Use Your Data
  • 4. Meta Platform Data
  • 5. Data Sharing & Third Parties
  • 6. Data Security
  • 7. Data Retention & Deletion
  • 8. Your Rights
  • 9. Contact Us

01 Introduction

Elabd Technologies (“we,” “our,” or “us”) is a registered technology company based at Flat No 2 First Floor Upstairs, Faysal Bank Munawar Plaza, I-10 Markaz, Islamabad, Pakistan. This Privacy Policy explains how we collect, process, store, and protect information when you use our messaging automation services, including our official integrations with Facebook Messenger, Instagram Direct, and WhatsApp Business via the Meta Graph API and Cloud API.

By using our services or authorizing our platform to access your Meta Business accounts, you agree to the practices described in this policy.

02 Data We Collect

We collect only what is necessary to provide our messaging services:

  • Account Information: Name, email address, and business details you provide during registration or onboarding.
  • Meta Platform Data: When you connect your Facebook Page, Instagram Business account, or WhatsApp Business number, we receive access tokens, Page IDs, Instagram Business IDs, WhatsApp phone number IDs, and basic profile information required to send and receive messages on your behalf.
  • Message Data: Inbound and outbound message content processed through our platform for the purpose of displaying in your inbox and enabling automated replies.
  • Knowledge Base Content: Documents, FAQs, product info, and URLs you upload to train the AI to reply in your brand voice.
  • Technical Data: IP addresses, browser type, and access logs collected automatically for security and debugging purposes.

03 How We Use Your Data

Your data is used exclusively to provide and improve our messaging services:

  • Authenticate and authorize your access to Facebook, Instagram, and WhatsApp messaging via Meta's official APIs.
  • Display inbound messages in your client dashboard and enable you to respond.
  • Execute automated replies, comment auto-replies, and message routing rules you have configured.
  • Train your private AI agent on your own knowledge base (no cross-customer training).
  • Maintain service security and investigate suspicious activity.
  • Comply with legal obligations under Pakistani law.

We do NOT sell, rent, or trade your personal data or message content to any third party under any circumstances.

04 Meta Platform Data

Our platform connects to Meta's Graph API and WhatsApp Cloud API using permissions you explicitly grant. The full list of permission scopes we request — and the specific reason for each — is published on our Features page. The primary scopes include:

  • pages_messaging, pages_messaging_subscriptions: To send and receive Facebook Messenger messages on your Page.
  • pages_manage_engagement, pages_read_engagement: To read and reply to comments on your Facebook Page posts and ads.
  • instagram_manage_messages, instagram_manage_comments: To send and receive Instagram DMs and reply to comments on your posts and Reels.
  • whatsapp_business_messaging, whatsapp_business_management: To send and receive WhatsApp messages and manage your WhatsApp Business assets.
  • pages_show_list, instagram_basic, business_management: To list and read the assets you authorise so the dashboard can connect to them.

All Meta API access is governed by Meta's Platform Terms and Data Policy. We operate strictly within these terms. Access tokens are stored in encrypted form and never exposed in our frontend code. If you disconnect a Meta account from Elabd, we revoke our access immediately and purge associated tokens within 24 hours.

05 Data Sharing & Third Parties

We do not share your data with third parties except in the following limited cases:

  • Meta Platforms Inc.: As required to process API calls for messaging services you have authorized.
  • Hosting & Infrastructure Providers: Our servers and database (Supabase) are hosted on compliant infrastructure. Realtime delivery is powered by Pusher. These providers have no access to your message content beyond what is required to deliver the service, and are bound by data processing agreements.
  • AI Model Providers: Conversation context may be sent to large-language-model providers under strict data processing terms. Your data is not used to train their public models.
  • Payment Processor: For subscription billing. We store only the last four digits and the brand of payment methods.
  • Legal Requirements: If required by Pakistani law or a valid court order, we may disclose information to relevant authorities.

06 Data Security

We implement industry-standard security measures to protect your data:

  • All access tokens and credentials are stored using AES-256 encryption at rest.
  • All data in transit is protected using TLS 1.2 or higher (HTTPS only).
  • Our webhook endpoints validate every request using Meta's signature verification mechanism.
  • Access to our production systems is restricted to authorized personnel only.
  • Administrative actions are logged in an immutable audit trail.

07 Data Retention & Deletion

We retain message logs for a maximum of 90 days by default unless you configure a longer retention period in your dashboard settings (up to 12 months). Diagnostic technical logs are retained for a maximum of 90 days and then automatically deleted.

You may request complete deletion of all your data at any time. We will process deletion requests within 30 days, with backups purged within an additional 30 days. To submit a deletion request, visit our Data Deletion page or contact us directly.

Upon account termination, all associated data — including messages, tokens, and configuration — is permanently deleted from our systems within the timelines above. Billing records may be retained for up to 7 years where required by tax law.

08 Your Rights

As a user of our platform you have the right to:

  • Request a copy of all personal data we hold about you.
  • Correct inaccurate information in your account.
  • Request deletion of your data at any time.
  • Revoke Meta API access permissions at any time via your Facebook, Instagram, or WhatsApp Business settings.
  • Object to any processing of your data and withdraw consent.

09 Contact Us

For any privacy-related questions, data requests, or concerns, please contact us:

Elabd Technologies — Privacy Office
Flat No 2 First Floor Upstairs, Faysal Bank Munawar Plaza
I-10 Markaz, Islamabad, Pakistan
info@elabdtech.com
+92 344 505 1548

Response time: within 72 hours on business days.