At ULTEH, we believe that privacy is a fundamental right — not a checkbox. This page is your complete guide to understanding exactly what personal data ULTEH collects, the specific and lawful purposes for which it is processed, how long we retain it, who it may be shared with, and — most importantly — how you can exercise your right to have it partially or permanently deleted from all of our systems.
Whether you want to disconnect a specific platform integration, delete individual chatbots and their training data, export a copy of everything we hold about you, or permanently close your account, this page covers every option available to you in clear, straightforward language.
We process your data only to the extent necessary to deliver the Service. We do not sell your personal data. We do not share your data with third parties for advertising or marketing. We do not build advertising profiles from your activity. Your data belongs to you, and we are committed to helping you exercise full control over it.
ULTEH respects the privacy of every individual who uses our platform and is committed to upholding your rights under applicable data protection law. Depending on your country or region of residence, you may be entitled to the following rights:
Request a copy of all personal data we hold about you, along with details of how it is processed and on what legal basis.
Request correction of inaccurate or incomplete personal data at any time. Most profile data can be updated directly in your account settings.
Also called the "right to be forgotten." Request permanent deletion of your personal data from our systems, subject to legal retention requirements.
Request that we limit the processing of your personal data in specific circumstances — for example, while a dispute about data accuracy is being investigated.
Receive a structured, machine-readable copy of your personal data and, where technically feasible, transfer it to another provider. See Section 8 for details.
Object to processing based on legitimate interests, including profiling. You may also opt out of direct marketing communications at any time.
Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
You have the right not to be subject to decisions made solely by automated systems — including AI — that produce significant legal or similar effects on you, without human review.
To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days. We will not discriminate against you for exercising your privacy rights.
These rights are grounded in applicable data protection legislation including, but not limited to: the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and equivalent national or regional laws. ULTEH honors these rights for all users globally, regardless of whether their jurisdiction mandates them.
ULTEH only processes personal data when it has a clear, lawful basis to do so. The applicable legal basis depends on the type of data and the specific purpose of processing:
The majority of data we process is strictly necessary to fulfill our contractual obligations to you as a subscriber. This includes processing your account information, authentication credentials, subscription details, billing records, and all data required to operate the AI chatbot features of the platform on your behalf. Without this data, we cannot deliver the Service.
We process certain data on the basis of our legitimate business interests, provided those interests do not override your fundamental rights. This includes: fraud prevention and platform security; detection and prevention of abuse and policy violations; service reliability monitoring and system diagnostics; internal analytics for product improvement; and improving the quality and safety of our AI models using aggregated, anonymized data. We carefully assess and document each legitimate interest use case and only process data to the minimum extent necessary.
In certain cases, we are required by law to process and retain data. For example, applicable tax and financial regulations require us to retain billing records and transaction data for a minimum period of seven (7) years. We comply fully with all legal obligations in every jurisdiction in which we operate.
Where we process data based on your specific consent — such as sending promotional communications or using non-essential cookies — you may withdraw that consent at any time through your account notification settings or by contacting us. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal, and it does not affect your ability to continue using the Service.
When you create an account and use ULTEH to connect your messaging platforms, configure AI chatbots, and serve your customers, we collect and store the following categories of data. We collect only what is necessary to provide and operate the Service effectively and securely.
Core identity and subscription data associated with your ULTEH account:
When you connect your Facebook Page to ULTEH to enable Messenger automation, we collect and store:
Note: Facebook PSIDs are pseudonymous and do not directly identify individuals without additional data held solely by Facebook. ULTEH does not collect broader Facebook profile data of your end users.
When you connect your WhatsApp Business account to ULTEH via the WhatsApp Business Platform (Meta Cloud API), we collect and store:
When you connect your Instagram Business or Creator account to ULTEH via the Instagram Messaging API, we collect and store:
When you access the ULTEH dashboard, we automatically collect:
ULTEH uses the data described in Section 3 exclusively for the clearly defined purposes below. We do not use your data for any purpose beyond what is described here without first obtaining your explicit consent.
The primary purpose of all data collection is to operate, maintain, and continuously improve the ULTEH platform. This includes: authenticating your identity and managing your session; processing your subscription and enabling access to features; powering the AI chatbot engine with your training data; routing and delivering messages across connected channels; and providing the analytics and reporting features of the platform.
We use your account and billing data to manage subscriptions, process payments, issue invoices, send payment receipts, notify you of upcoming renewals and billing changes, and respond to billing disputes. Financial records are retained in compliance with applicable accounting and tax law.
Technical and usage data is used to protect the security and integrity of the platform, including detecting and preventing unauthorized access, identifying abnormal usage patterns indicating account compromise or abuse, enforcing rate limits and API usage policies, and investigating suspected fraud or Terms of Service violations.
We analyze aggregated, anonymized Service performance data to identify bugs, improve response quality, optimize platform performance, and guide product development decisions. We do not use identifiable conversation content or your specific training data to train shared AI models without your explicit written consent.
When you contact our support team, we use your account data and communication history to understand your issue in context, provide accurate and timely assistance, and follow up on unresolved matters. Support interactions may be reviewed internally for quality assurance.
We process and retain certain data to comply with applicable law, including tax obligations, financial reporting requirements, responding to lawful court orders, and enforcing our contractual rights in the event of disputes.
We use your email address to send transactional communications essential to your account (payment confirmations, security alerts, subscription status updates). Where you have given consent, we may also send promotional communications about new features or offers. You can unsubscribe from marketing emails at any time via the unsubscribe link in any email or through your account notification settings.
We never sell, rent, share, or monetize your personal data with third parties for advertising, marketing, or any commercial purpose outside of delivering the Service to you.
ULTEH retains your data only for as long as necessary to fulfill the purpose for which it was collected, to comply with applicable legal obligations, or to resolve disputes and enforce our agreements. The table below describes the retention periods that apply to each data category:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account profile data (name, email, preferences) | Active account + 30 days post-deletion | Required to operate the Service; 30-day grace period for data export |
| Authentication logs (login history, IP, device) | 90 days | Security monitoring and fraud prevention |
| Conversation logs (messages processed by AI) | Duration of subscription | Required for chatbot operation, handover history, and analytics |
| Chatbot training data (documents, URLs, knowledge base) | Duration of active subscription | Required for the AI to function on your behalf |
| Platform access tokens (Facebook, WhatsApp, Instagram) | Until disconnected or expired | Required to maintain active channel integrations |
| Webhook event logs | 30 days | Debugging and service reliability monitoring |
| Billing and financial records | 7 years from invoice date | Legal obligation under applicable tax and accounting law |
| Support communications | 3 years from last interaction | Customer service history and dispute resolution |
| Aggregated analytics data (anonymized) | Indefinitely | Product improvement; no personal data included post-anonymization |
| Consent records | Duration of relationship + 3 years | Legal obligation to demonstrate consent was obtained |
| Data deletion request records | 3 years from request date | Demonstrating compliance with deletion obligations |
After the applicable retention period expires, data is securely and permanently deleted or irreversibly anonymized using industry-standard methods that prevent recovery through any reasonable technical means.
ULTEH implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction.
All data in transit between your browser and our platform is protected by TLS (Transport Layer Security) encryption, minimum TLS 1.2. Sensitive data stored at rest — including all platform access tokens, authentication credentials, and personal account data — is encrypted using AES-256 industry-standard encryption. Encryption keys are managed using secure key management services with strict access controls and regular rotation schedules.
Access to personal data within ULTEH's internal systems is governed by strict role-based access controls (RBAC) on a need-to-know basis. Only personnel with a verified and documented business reason may access specific data. All internal access to production data is logged, auditable, and subject to regular review. Administrative access to systems containing personal data requires multi-factor authentication (MFA).
Our platform is hosted on enterprise-grade cloud infrastructure with physical access controls, system redundancy, automated failover, and regular encrypted backups. We conduct periodic third-party penetration tests and continuous vulnerability assessments. Our infrastructure is monitored around the clock for anomalous activity, intrusion attempts, and availability threats.
In the event of a confirmed security incident affecting your personal data, ULTEH will notify affected users within the timeframe required by applicable law (72 hours under GDPR where applicable) and will cooperate fully with regulatory authorities and affected individuals in investigating and mitigating the impact. We will provide you with clear information about what data was affected, how the breach occurred, and what steps we are taking to prevent recurrence.
All ULTEH employees and contractors who handle personal data complete mandatory data protection training upon onboarding and annually thereafter. All personnel are bound by confidentiality agreements and are required to adhere to our internal data handling, access, and incident reporting policies at all times.
ULTEH does not sell, rent, or share your personal data with third parties for their own marketing or commercial purposes. To operate the Service, we work with a carefully selected set of third-party service providers who process certain data on our behalf as data processors. All such providers are bound by contractual data processing agreements requiring them to process data only as instructed by ULTEH and to implement appropriate security measures.
ULTEH may disclose personal data if required to do so by law, court order, subpoena, or valid government authority demand, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of ULTEH; (c) prevent or investigate potential wrongdoing in connection with the Service; or (d) protect the safety of users or the public. Where legally permissible, we will notify you before any such disclosure is made.
Your data may be transferred to and processed in countries other than your country of residence. When we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority, adequacy decisions, or Binding Corporate Rules. You may request information about the transfer mechanisms we apply by contacting us at [email protected].
You have the right to receive a copy of the personal data you have provided to ULTEH in a structured, commonly used, and machine-readable format, and where technically feasible, to have that data transferred directly to another provider.
Encrypted access tokens, internal system logs, and aggregated analytics data are excluded from exports as they are either sensitive security credentials or non-personal operational data.
The ULTEH platform is designed exclusively for businesses and adult individuals. Our Service is not directed at children under the age of 16 (or the applicable age of digital consent in your jurisdiction). ULTEH does not knowingly collect, solicit, or process personal data from children.
If we become aware that we have inadvertently collected personal data from a child without verified parental or guardian consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided personal information to ULTEH without your consent, please contact us immediately at [email protected].
ULTEH gives you clear, accessible mechanisms to delete your data — either selectively by category or entirely by closing your account. The following options are available:
To remove a specific channel (Facebook Messenger, WhatsApp, or Instagram) without deleting your account:
To delete an individual chatbot along with all its configurations, training data, and conversation history:
To request deletion of a specific category of data (such as conversation logs only, or data for a specific time period) without closing your account:
To permanently delete your account and all associated data, please log in and return to this page, or navigate to Settings → Privacy → Delete Account. If you cannot log in, contact us at [email protected] to initiate a manual account deletion.
When you delete your ULTEH account, the following data is permanently and irreversibly removed from all of our active systems within 30 days of your confirmed deletion request:
Account deletion is permanent and irreversible. All chatbots, training data, conversation history, and platform integrations will be lost. Export any data you wish to keep before confirming. ULTEH cannot recover deleted accounts or data after confirmation.
ULTEH is committed to addressing all privacy concerns promptly and fairly. If you believe your data protection rights have been violated, or if you are dissatisfied with how we have handled your personal data or a rights request, we encourage you to contact us first so we can work together to resolve the matter directly.
Send your complaint in writing to [email protected] with the subject line "Privacy Complaint." Please describe your concern, the specific data involved, and the outcome you are seeking. We will acknowledge receipt within 5 business days and provide a substantive written response within 30 days.
If you are not satisfied with our response, or prefer to raise your concern directly with a regulatory authority, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. For example:
ULTEH will cooperate fully with any regulatory investigation and implement all required remedial measures without delay.
ULTEH may update this Data Deletion and Privacy Information page from time to time to reflect changes in our data practices, Service features, or applicable law. When we make material changes, we will notify you via email to your registered address and through a prominent notice within the ULTEH platform at least thirty (30) days before the changes take effect.
Non-material changes — such as grammatical corrections or clarifications that do not alter your rights — may be made without advance notice. The most recent version of this page is always available on ULTEH's website. Your continued use of the Service after any update constitutes acknowledgment of the revised policy. Previous versions are available upon written request to [email protected].
If you have any questions, concerns, or requests related to your personal data, your privacy rights, or anything described on this page, our team is ready to help. We aim to respond to all privacy-related inquiries within 5 business days and to fulfill all valid rights requests within 30 days.
Please include your registered email address in any request so we can verify your identity before processing. Identity verification is required to protect your data from unauthorized deletion or access attempts by third parties.
