Compliance & Policy

Privacy Policy

Last Updated: May 28, 2026

Welcome to ordflo(referred to as “we”, “us”, or “our”). We are committed to protecting the privacy of our business operators (“Operators”) and their end customers (“Customers”). This Privacy Policy explains how our Android Application and WhatsApp automation service collect, process, secure, and store personal and operational information.

1. Information We Collect

ordflo operates as an AI-powered operational manager connecting to the Meta WhatsApp Cloud API. To provide this service, we collect:

  • Business Operator Credentials: Contact email, business address, and access tokens for Meta WhatsApp Cloud API, stored securely via Firebase Authentication and Firestore rules.
  • WhatsApp Conversational Logs: Incoming and outgoing customer messages sent to the Operator's WhatsApp Business number.
  • Operational Data: Structured details extracted by our AI (e.g., customer names, delivery addresses, items ordered, appointment times).

2. How We Use the Information

We process operational information strictly to provide AI Business automation and support:

  • To enable the AI to reply to Customer FAQs, verify orders, and set up appointments.
  • To display order queues and appointment lists inside the Operator's ordflo Android app.
  • To dispatch automated operational triggers (e.g., out-for-delivery WhatsApp alerts).
  • We do not sell, rent, or monetize any Customer contact lists or conversations.

3. Data Storage & Security Protocols

All information is stored in secure server clusters using Firebase and Google Cloud Platform:

  • Encryption in Transit: All API requests, webhook deliveries, and communications are encrypted using HTTPS (TLS 1.3).
  • Encryption at Rest: Data stored in Cloud Firestore databases is encrypted using AES-256 protocols.
  • Token Security: Access credentials and Meta Cloud API system tokens are stored using strict Firestore Security Rules, allowing access only to the authenticated Operator.

4. Meta Policy Compliance

ordflo complies with the 2026 Meta WhatsApp Business API Policies regarding automated customer communications. Our system maintains clear opt-out guidelines. If a Customer replies “STOP” or “UNSUBSCRIBE”, the AI is immediately disabled for that chat, and the conversation is escalated to the Business Owner.

5. Your Data Control Rights

Under regional laws, including the Indian Digital Personal Data Protection Act (DPDP), Customers and Operators have the right to request access to their stored logs, request correction of inaccurate records, or demand permanent data deletion. Please see our dedicated User Data Deletion instructions page to request data purge.

6. Updates to This Privacy Policy

We may update this policy periodically to reflect operational adjustments or regulatory updates. Changes will be posted here with an updated revision date.

If you have any questions, please contact our compliance officer at: contact.ordflo@gmail.com