Privacy Policy

bijnis.xyz is operated by SOT Labs [SourceOfTruth Labs LLP] ("we", "our", or "us"). We provide website creation, Google Business Profile setup and optimization, WhatsApp Business automation, local SEO, and related digital services for businesses in India.

This Privacy Policy applies to visitors, leads, customers, and users of https://bijnis.xyz and any related services, websites, landing pages, forms, applications, integrations, APIs, and support channels we operate.

If you have any privacy-related question, want to request deletion, or want to exercise your rights, you can contact us at hello@sotlabs.net.

This Privacy Policy explains what information we collect, how we use it, when we share it, how long we keep it, how we protect it, and what rights you have in relation to your personal data.

It also explains in detail how we handle data obtained through Google Sign-In / Google OAuth, through access to Google Business Profile services, and through our WhatsApp Business Platform integration where you authorize us to connect your WhatsApp Business number and manage customer communications on your behalf.

3.1 Information You Provide Directly

• Contact details: Your name, phone number, email address, and business name when you contact us through forms, WhatsApp, email, or phone.
• Business information: Business name, address, business category, service areas, opening hours, website details, photos, descriptions, and other information required to create, maintain, or optimize your web presence and Google Business Profile.
• Communications: Messages, support queries, documents, feedback, and instructions you send to us.
• Billing and transaction records: Payment status, invoices, GST-related records, and transaction references from our payment partners. We do not store your full debit/credit card details on our systems.

3.2 Information We Collect Automatically

• Usage data: Pages visited, time spent on pages, referring pages, browser type, operating system, device type, and approximate location derived from IP address.
• Technical data: IP address, request headers, device identifiers, crash/error logs, and security-related activity logs.
• Cookie and analytics data: We may use cookies or similar technologies for essential website functionality, analytics, and performance monitoring.

3.3 Google Account Data We Collect

If you choose to sign in with Google or connect your Google account to our services, we may collect certain information from your Google account, depending on the permissions you grant.

• Name: Your Google account display name.
• Email address: Your primary Google account email address.
• Basic profile information: Such as your Google profile identifier and, where made available by Google, your profile image.
• Authentication-related metadata: Information needed to verify your identity, maintain your sign-in session, and connect your account securely.

We collect this Google account data primarily for basic user registration and authentication, including creating your account, allowing you to sign in securely, identifying you as the authorized user, and enabling account-related support and service delivery.

3.4 Google Business Profile Data We May Access

When you connect your Google account and authorize access to Google Business Profile features, we may access, receive, store, process, or update certain Google Business Profile-related data strictly as necessary to provide the services you request.

Depending on the features you use, this may include:

• account and location identifiers;
• business name, address, phone number, website URL, categories, service areas, hours, and business attributes;
• photos, videos, logos, posts, offers, products, and services published to your Business Profile;
• customer reviews, ratings, review replies, and related moderation or response history;
• profile performance insights, visibility metrics, and operational analytics; and
• technical authentication, authorization, and account-linking metadata necessary to maintain your connection.

We access only the categories of Google-derived data reasonably required to provide subscribed or enabled features.

3.5 WhatsApp Business Data We Collect

When you connect a WhatsApp Business number to our platform, we may collect and store the following data to provide our WhatsApp automation services:

• Phone numbers: The phone numbers of end customers who message your connected WhatsApp Business number.
• Message content: Inbound messages received from your end customers and outbound messages sent on your behalf, including automated replies, keyword responses, and broadcast campaigns.
• Contact metadata: Display names (where provided by the messaging customer), message timestamps, message counts, and tags you assign.
• Opt-in records: Timestamp and context when an end customer initiated a conversation with your business number.
• Delivery and read receipts: Message status updates provided by Meta's WhatsApp platform.
• WhatsApp account details: Your connected phone number ID, WhatsApp Business Account (WABA) ID, and display name.

3.6 Instagram Data We Collect

When you connect your Instagram Business or Creator account to our platform, we may collect and store the following data to provide our Instagram management services:

• Account profile: Instagram username, display name, bio, profile image, follower and following counts, account type, and linked Facebook Page identifier.
• Media content: Photos, videos, carousels, Reels, and Stories published through our platform, including captions, hashtags, and location tags you provide.
• Direct Messages: Inbound DMs received on your Instagram account and automated replies sent on your behalf through our platform.
• Comments: Comments posted on your Instagram content and replies sent on your behalf through our platform.
• Performance insights: Post-level and account-level metrics including reach, impressions, engagement rate, saves, profile visits, and follower demographics, as made available by Meta's Instagram Graph API.

3.7 Facebook Page Data We Collect

When you connect a Facebook Page to our platform, we may collect and store the following data:

• Page profile: Page name, Page ID, category, description, contact information, and profile and cover images.
• Posts and content: Posts, images, videos, and link content published through our platform on your behalf.
• Page engagement data: Reach, impressions, reactions, shares, comments, and link clicks on your Page content, as made available by Meta's Graph API.
• User-generated content: Comments and posts made by visitors on your Facebook Page, accessed for the purpose of monitoring and enabling responses through our platform.
• Page messages: Inbound messages sent to your Facebook Page and automated replies sent on your behalf.

3.8 YouTube Channel Data We Collect

When you connect your YouTube channel to our platform, we may collect and store the following data:

• Channel profile: Channel ID, channel name, description, subscriber count, and profile image.
• Video content: Videos and YouTube Shorts uploaded through our platform, including titles, descriptions, tags, thumbnails, privacy settings, and video files.
• Community posts: Community posts published through our platform on your behalf.
• Comments: Comments on your videos and replies made through our platform.
• Analytics data: Views, watch time, traffic sources, audience demographics, and other performance metrics as made available by the YouTube Analytics API.

3.9 Social Commerce Data We Collect

When you use our Social Commerce Sync feature to connect your product catalog to Instagram Shopping or Facebook Shops, we may collect and process:

• Product catalog data: Product names, descriptions, prices, images, inventory status, SKUs, and product URLs from your bijnis catalog that are synced to Meta's Commerce Manager.
• Catalog and product identifiers: Meta Commerce Manager catalog IDs and product IDs assigned to your synced items.
• Order references: Order identifiers and status references where required to support social commerce features.

We use personal data and business data for the following purposes:

• To provide, operate, maintain, and improve our website and services.
• To register your account and authenticate you when you sign in.
• To verify your identity and prevent unauthorized access or fraud.
• To communicate with you about onboarding, support, updates, billing, and service performance.
• To create, manage, update, optimize, or support your website, Google Business Profile, and local SEO presence.
• To enable WhatsApp Business automation features including automated replies, contact management, and broadcast campaigns on your behalf.
• To publish content on your Instagram account and Facebook Page, including posts, Reels, Stories, and carousels, strictly as instructed or scheduled by you.
• To automate responses to Instagram Direct Messages and Facebook Page messages, and to route qualified leads from social media to your WhatsApp Business number where you have enabled this feature.
• To manage and respond to comments on your Instagram posts and Facebook Page content on your behalf.
• To sync your product catalog to Meta Commerce Manager for Instagram Shopping and Facebook Shops.
• To upload videos and Shorts to your YouTube channel and publish Community Posts on your behalf as instructed or scheduled by you.
• To manage and respond to comments on your YouTube videos through our platform.
• To generate social media performance analytics, dashboards, and insights for your Instagram, Facebook, and YouTube accounts.
• To provide customer support and respond to legal, technical, or account-related requests.
• To comply with legal, tax, accounting, regulatory, and security obligations.
• To analyze usage trends, improve website performance, and enhance user experience.

When you choose Google Sign-In or otherwise authorize access to your Google account, we use Google user data only for the limited purposes described in this Privacy Policy and only to provide user-facing functionality that you have requested.

• We use your name, profile, and email for user registration, login, identity verification, and account management.
• We may use connected Google account access to determine whether your account is authorized to connect to and manage a Google Business Profile.
• We do not use Google user data for unrelated advertising purposes.
• We do not sell Google user data.
• We do not share Google user data with any third party for their independent marketing, advertising, or profiling purposes.

5.1 Google OAuth Consent and User-Controlled Authorization

Access to Google account data and Google Business Profile data is granted by you directly through Google's own OAuth consent flow, authorization screens, and permission systems.

You remain in control of whether to grant, deny, limit, or revoke access. Google may require you to manually sign in, review scopes, and approve access before any connection is established or maintained.

If you revoke access through your Google account permissions or otherwise disconnect the integration, some or all connected features may stop functioning immediately.

5.2 No Indirect or Unauthorized Access

We do not provide third parties with indirect, shared, or unauthorized access to our Google API project, OAuth credentials, or Google Business Profile API access.

Where direct user or merchant authorization is required by Google, access must be granted through Google's approved authorization mechanisms and not through hidden, automated, or unauthorized delegation methods.

5.3 How We Use Google-Derived Data

We use information received from Google APIs only for purposes permitted by Google's policies and reasonably necessary to provide, maintain, secure, and improve the user-facing services you request.

For example, we may use Google-derived data to:

• connect and maintain your Google Business Profile integration;
• display, manage, or update your business profile information;
• publish or edit approved content such as posts, products, services, photos, and profile details;
• help monitor and respond to customer reviews where enabled by you;
• generate analytics, reports, dashboards, and visibility summaries for your account;
• secure, troubleshoot, audit, and support the proper functioning of our services; and
• comply with legal obligations or enforce our agreements.

We do not sell Google user data. We do not use Google-derived data for unrelated advertising, data brokering, or any purpose prohibited by the Google API Services User Data Policy.

bijnis.xyz's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

bijnis.xyz operates as a WhatsApp Business Solution Provider (Tech Provider) under Meta's WhatsApp Business Platform. As part of this role, we process WhatsApp-related data on behalf of our business clients to enable automated messaging, customer engagement, and related features.

6.1 Our Role as Data Processor

When you use bijnis.xyz's WhatsApp integration features as a business client, you are the data controller for your end customers' personal data. bijnis.xyz acts as a data processor, handling WhatsApp data solely on your behalf and under your instructions.

Our business clients are responsible for ensuring that their end customers have provided valid opt-in consent to receive WhatsApp messages before any messages are sent through our platform.

6.2 How We Use WhatsApp Data

We use WhatsApp-related data solely to provide services requested by our business clients, including:

• routing and displaying incoming customer messages in the business client's WhatsApp dashboard;
• sending automated welcome messages, replies, and keyword-triggered responses configured by the business client;
• executing broadcast campaigns authorized by the business client to their opted-in contacts;
• maintaining message history and contact lists for the business client's reference;
• tracking message delivery and read status; and
• troubleshooting, maintaining, and improving the WhatsApp integration features.

We do not use end customers' WhatsApp data for advertising, profiling, data brokering, or any purpose unrelated to providing the WhatsApp integration service to the relevant business client.

We do not sell WhatsApp data. We do not share WhatsApp message content or end customer phone numbers with any third party except as required to transmit messages through Meta's WhatsApp Cloud API or as required by applicable law.

6.3 Opt-Out for End Customers

End customers who receive WhatsApp messages via a business connected to bijnis.xyz can opt out of further messages at any time by replying STOP or OPTOUT to any message. Upon receiving an opt-out, we will mark that contact as opted out and no further automated messages will be sent to them from that business's connected number.

End customers may also contact the relevant business directly or reach us at hello@sotlabs.net to request removal from a business's contact list.

6.4 Retention of WhatsApp Data

WhatsApp message logs, contact records, and related data are retained for as long as the business client's account is active on our platform. Upon account closure or a valid deletion request, WhatsApp contact and message data will be deleted within 30 days, except where retention is required by applicable law or for legitimate fraud prevention and security purposes.

6.5 Meta Platform Policy Compliance

Our use of the WhatsApp Business Platform and associated data complies with Meta's Business Terms of Service, the WhatsApp Business Messaging Policy, and the WhatsApp Business API Terms of Service. WhatsApp-related data is processed only in accordance with these policies and the purposes described in this Privacy Policy.

Meta Platforms, Inc. operates the underlying WhatsApp infrastructure. Their data practices are governed by Meta's own Privacy Policy, which is independent of this document.

6.6 Customer-Owned WhatsApp Business Account (WABA)

The WhatsApp Business Account (WABA) you connect to bijnis.xyz is your property at all times. To enable automation features, you grant bijnis.xyz limited API access credentials (such as a WABA ID and an access token) solely so we can operate the agreed automation services on your behalf. We do not take ownership of, transfer, or share these credentials with any party other than Meta's WhatsApp Cloud API infrastructure as required to transmit and receive messages.

You may revoke bijnis.xyz's access to your WABA at any time through Meta's Business Manager. Upon revocation, all WhatsApp automation features will cease to function. Stored message logs and contact records associated with your WABA will be deleted in accordance with our data retention policy in Section 6.4.

WhatsApp API usage charges billed by Meta accrue to your WABA and your Meta Business Manager account. bijnis.xyz has no visibility into, and is not responsible for, the billing or charges levied by Meta against your WABA.

bijnis.xyz operates as an approved Meta Tech Provider and Business Solution Provider. In addition to WhatsApp services described in Section 6, we process Facebook Page and Instagram data on behalf of our business clients to enable social media posting, engagement automation, analytics, and social commerce features.

6A.1 Our Role as Data Processor

When you use bijnis.xyz's Facebook and Instagram features as a business client, you are the data controller for your Facebook Page data, Instagram account data, and the personal data of end customers who interact with your Page or Instagram account. bijnis.xyz acts as a data processor, handling this data solely on your behalf and under your instructions.

6A.2 How We Use Facebook and Instagram Data

We use Facebook and Instagram data solely to provide services requested by our business clients, including:

• publishing posts, images, videos, Reels, and Stories to your Instagram account and Facebook Page as instructed or scheduled by you;
• sending automated responses to Instagram Direct Messages and Facebook Page messages as configured by you;
• reading, moderating, and replying to comments on your posts and Page content on your behalf;
• displaying engagement metrics, reach, and audience insights in the bijnis Social Performance Dashboard;
• syncing your product catalog to Meta Commerce Manager for Instagram Shopping and Facebook Shops; and
• troubleshooting, maintaining, and improving the Facebook and Instagram integration features.

We do not use Instagram or Facebook Page data for advertising, profiling, data brokering, or any purpose unrelated to delivering the social management service to the relevant business client.

We do not sell Instagram or Facebook data. We do not share Instagram or Facebook Page message content or end customer data with any third party except as required to transmit messages through Meta's Graph API or as required by applicable law.

6A.3 Cross-Platform Routing: Instagram and Facebook to WhatsApp

If you enable the Social-to-WhatsApp Funnel feature on bijnis.xyz, inbound Instagram Direct Messages or Facebook Page messages that meet the criteria you configure may be routed to generate a WhatsApp conversation with the same end customer on your behalf. This feature:

• uses the sender's Instagram or Facebook profile name and, where available, their phone number if provided in the conversation, to initiate or link a WhatsApp contact record;
• stores a cross-platform reference linking the Instagram or Facebook interaction to the resulting WhatsApp conversation, keyed by your business identifier; and
• is activated only when explicitly enabled by you and operates strictly on your instruction and behalf.

End customers whose messages are routed in this way are subject to the same opt-out rights described in Section 6.3 of this Privacy Policy. Replying STOP or OPTOUT to any WhatsApp message will suppress further automated messages from that business.

6A.4 Social Commerce Data

When you use Social Commerce Sync, product catalog data from bijnis is transmitted to Meta's Commerce Manager to enable Instagram Shopping and Facebook Shops. This data is processed by Meta under their own platform terms and data policies. We do not acquire independent rights to your product catalog data through this process.

6A.5 Opt-Out for End Customers

End customers interacting with a business through bijnis-managed Instagram or Facebook automation may request to stop receiving automated messages at any time by replying with a stop request in the conversation, or by contacting the relevant business directly. You are responsible for honoring such requests promptly in accordance with applicable law and Meta's platform policies.

6A.6 Retention of Facebook and Instagram Data

Facebook Page post records, Instagram content metadata, Direct Message logs, comment records, and analytics data are retained for as long as your account is active on our platform. Upon account closure or a valid deletion request, social content and interaction data will be deleted within 30 days, except where retention is required by applicable law or for legitimate fraud prevention and security purposes.

6A.7 Meta Platform Policy Compliance

Our use of Meta's Graph API, Instagram Graph API, and associated data complies with Meta's Business Terms of Service, Meta's Platform Terms, and Meta's Developer Policies. Social data is processed only in accordance with these policies and the purposes described in this Privacy Policy.

6A.8 Revoking Facebook and Instagram Access

You may revoke bijnis.xyz's access to your Facebook Page and Instagram account at any time through Meta's Business Manager or your Facebook account app settings. You may also disconnect from within your bijnis account settings. Upon revocation, all Facebook and Instagram automation features will cease to function immediately. We will delete associated access tokens within 30 days of revocation.

bijnis.xyz connects to YouTube channels via Google's YouTube Data API v3 and YouTube Analytics API to provide video publishing, community management, and analytics features on behalf of business clients.

6B.1 Our Role

When you connect your YouTube channel to bijnis.xyz, you authorize us to act on your behalf. You remain the owner and data controller of your YouTube channel and its content. bijnis.xyz acts as a data processor for YouTube-related data under your instructions.

6B.2 How We Use YouTube Data

We use YouTube channel data solely to provide services requested by our business clients, including:

• uploading videos and YouTube Shorts to your channel as instructed or scheduled by you, including titles, descriptions, tags, and thumbnails you provide;
• publishing Community Posts on your channel on your behalf;
• reading and replying to comments on your videos through our platform;
• displaying channel performance metrics, video analytics, audience insights, and traffic source data in the bijnis Social Performance Dashboard; and
• troubleshooting, maintaining, and improving the YouTube integration features.

We do not use YouTube data for advertising, profiling, data brokering, or any purpose unrelated to providing the YouTube management service to you.

We do not sell YouTube data. bijnis.xyz's use of information received from Google APIs, including YouTube APIs, adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6B.3 Content Published via bijnis

All video content, Community Posts, and comment replies published to your YouTube channel through bijnis are published solely on your behalf and under your instruction or schedule. You retain full ownership of all content published. We do not acquire any rights to your video content through this process.

6B.4 YouTube Analytics Data

We access YouTube Analytics data (views, watch time, traffic sources, audience demographics) solely to display performance insights in the bijnis dashboard for your own review. We do not share, sell, or transfer your YouTube analytics data to any third party.

6B.5 Retention of YouTube Data

YouTube channel metadata, video records, and analytics data are retained for as long as your account is active on our platform. Upon account closure or a valid deletion request, stored YouTube data will be deleted within 30 days, except where retention is required by applicable law. Revoking our access does not delete content already published to your YouTube channel; you must manage published content directly through YouTube Studio.

6B.6 Revoking YouTube Access

You may revoke bijnis.xyz's access to your YouTube channel at any time by visiting Google Account Permissions and removing our application, or from within your bijnis account settings. Upon revocation, all YouTube automation features will cease to function immediately. OAuth tokens associated with your YouTube channel will be revoked and deleted within 30 days of disconnection.

We do not sell your personal information. We also do not share your Google name, Google email, or Google basic profile data with anyone else for independent use, advertising, or resale.

We may disclose limited information only in the following situations:

• Service providers: Hosting providers, analytics providers, payment processors, email delivery providers, customer support tools, and similar vendors who help us operate our services and who process information on our behalf under confidentiality and security obligations.
• Meta platforms (WhatsApp, Facebook, Instagram): Message content and phone numbers are transmitted through Meta's WhatsApp Cloud API solely to deliver messages on your behalf. Post content, media, and catalog data are transmitted through Meta's Graph API solely to publish and manage your Facebook Page and Instagram content as you instruct. These transmissions are subject to Meta's own data policies.
• Google / YouTube: Video content, post data, and metadata are transmitted through Google's YouTube Data API solely to publish and manage your YouTube channel content as you instruct. This transmission is subject to Google's own data policies.
• Google services requested by you: Where required to create, connect, or manage your Google Business Profile or related Google services that you have explicitly authorized.
• Legal compliance: If required by law, regulation, court order, legal process, or a lawful government request.
• Protection of rights and security: To investigate, prevent, or act regarding fraud, abuse, security issues, or violations of our terms.
• Business transfer: In connection with a merger, acquisition, restructuring, financing, or sale of assets, subject to continued protection of your data.

Except for the limited cases above, your Google sign-in data, WhatsApp data, and other personal information will not be shared with anyone else.

We retain your data only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce agreements.

• Google account data used for registration and authentication: We may retain your name, email address, and basic profile details for as long as your account exists.
• Your requested retention preference: Unless you ask us to delete it, this information may be retained indefinitely for account continuity and service records.
• Business and service records: We may retain these as long as needed for service delivery, support, and compliance.
• WhatsApp message and contact data: Retained while your account is active and deleted within 30 days of account closure or a valid deletion request, subject to legal retention obligations.
• Billing and tax records: We may retain these for the period required by applicable law.
• Analytics and security logs: These may be retained for operational, fraud-prevention, and service-improvement purposes.

If you request deletion, we will delete or anonymize personal data within a reasonable period, except where we are required or permitted by law to retain certain records.

8.1 Storage of Tokens and Credentials

If we store OAuth access tokens, refresh tokens, or related authentication credentials in connection with Google integrations, we store them using reasonable administrative, technical, and organizational safeguards designed to protect them against unauthorized access, disclosure, alteration, misuse, or loss.

We do not knowingly expose OAuth tokens, refresh tokens, client secrets, or similar credentials in public-facing code, browser source code, or any insecure storage method prohibited by applicable Google policies.

Where applicable and feasible, tokens and related credentials are stored encrypted at rest and access is restricted to authorized systems and personnel with a legitimate need to know.

8.2 Human Access Restrictions

We restrict internal human access to Google-derived data, WhatsApp data, and connected account information to authorized personnel, contractors, or service providers who require such access for limited permitted purposes, such as:

• providing support requested by you;
• troubleshooting, maintenance, and service reliability;
• security monitoring, abuse prevention, or fraud detection;
• legal or regulatory compliance; or
• other purposes expressly permitted by applicable policies and applicable law.

We do not permit human access to Google-derived data or WhatsApp data for unrelated advertising, data mining, or other prohibited purposes.

If you want us to delete your account or personal data, you may send an email to hello@sotlabs.net with your deletion request.

Please include enough information for us to identify your account safely, such as the email address used to register with us and your business name, if applicable.

Once we verify the request, we will process deletion within a reasonable time, subject to any legal or contractual obligations that require us to retain certain records.

For full step-by-step deletion instructions, including what data will be deleted, what is legally retained, and how end customers can opt out of WhatsApp messages, see our dedicated Data Deletion Instructions page.

9.1 Service Providers and Processing of Google-Derived Data

We may use trusted hosting providers, infrastructure vendors, analytics providers, support tools, subcontractors, or other service providers to process information on our behalf, including Google-derived data and WhatsApp data where necessary to deliver, secure, maintain, or support our services.

Such providers are subject to contractual, confidentiality, and security obligations appropriate to the nature of the information they process.

If you previously granted our application access to your Google account, you can revoke that access at any time from your Google Account settings.

To do this, visit Google Account permissions and remove our application from the list of connected third-party apps and services. Revoking access through your Google account prevents our application from accessing Google data going forward, although it does not by itself automatically delete data that we already lawfully stored on our systems before revocation.

If you want both revocation and deletion, you should revoke access in your Google account and also email us at hello@sotlabs.net to request deletion of any stored data associated with your account.

You can manage connected apps here: https://myaccount.google.com/permissions

10.1 Revocation, Deletion, and Data Retention for Google-Derived Data

You may revoke our access to your Google account at any time through your Google account permissions or by contacting us at hello@sotlabs.net.

You may also request deletion of Google-derived data under our control by contacting us at hello@sotlabs.net. Upon a valid request, we will take reasonable steps to delete or de-identify Google-derived data that is no longer required for:

• providing active services requested by you;
• maintaining security, preventing fraud, or investigating abuse;
• backup and disaster recovery processes;
• legal, tax, accounting, audit, or regulatory obligations; or
• establishment, exercise, or defence of legal claims.

Where appropriate, OAuth access tokens, refresh tokens, and related credentials will be revoked, deleted, or rendered unusable when they are no longer required for the authorized service or after access has been revoked, subject to technical and legal constraints.

Limited information may remain in logs, backups, invoices, support records, and legally required business records for a reasonable period consistent with our retention practices and applicable law.

Where applicable under Indian law, including the Digital Personal Data Protection Act, 2023, we process personal data on one or more of the following bases:

• Consent: Where you voluntarily provide information, sign in, connect accounts, or request services.
• Contractual necessity: Where processing is required to provide the services you requested.
• Legal obligation: Where we must retain or disclose information under applicable law.
• Legitimate interests: For security, analytics, fraud prevention, service administration, and product improvement, where appropriate and lawful.

We may use essential cookies and similar technologies to keep the website functioning, remember basic preferences, maintain security, and understand how visitors use our site.

We may also use analytics tools such as Google Analytics to understand traffic sources, visitor behavior, and site performance. You can control cookies through your browser settings, and in some cases through third-party opt-out tools where available.

We do not use third-party advertising cookies for behavioral ad targeting based on Google user data obtained through OAuth.

We use reasonable technical, administrative, and organizational safeguards to protect your information, including HTTPS, access controls, authentication protections, limited internal access, security monitoring, and periodic reviews of our systems and processes.

However, no method of electronic storage or transmission is completely secure, so we cannot guarantee absolute security.

13.1 Google Approval and Platform Dependency

Use of Google OAuth, Google account access, and Google Business Profile integrations depends on Google's systems, approval processes, platform policies, available APIs, technical limitations, and continued availability of relevant features.

We do not guarantee approval of any Google OAuth verification request, API access request, Business Profile API access request, scope verification request, or continued availability of any Google integration, feature, or permission.

Some of our service providers or platforms may process data on servers located outside your state or country. By using our services, you understand that data may be processed by trusted vendors subject to appropriate contractual and security protections.

Subject to applicable law, you may have the right to request access to your personal data, correction of inaccurate data, deletion of data, withdrawal of consent where consent is the legal basis, and grievance redressal.

To exercise any such right, please contact us at hello@sotlabs.net. We may need to verify your identity before taking action on your request.

Our services are intended for businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided information to us, please contact us at hello@sotlabs.net so we can take appropriate action.

Our website or services may contain links to or integrations with third-party websites or services, including Google, YouTube, Meta, WhatsApp, Facebook, Instagram, Meta Commerce Manager, payment gateways, and other platforms. We are not responsible for the privacy practices of those third parties, and we encourage you to review their policies separately. In particular:

• Meta Privacy Policy: governs Meta's own processing of data through Facebook, Instagram, and WhatsApp platforms.
• Google Privacy Policy: governs Google's own processing of data through Google Account, YouTube, and related services.

We may revise this Privacy Policy from time to time. If we make material changes, we may update the date at the top of this page and, where appropriate, provide additional notice through the website or by email.

Your continued use of our services after an updated version becomes effective means you acknowledge the revised Privacy Policy, to the extent permitted by law.

For privacy questions, deletion requests, complaints, or data-related concerns, contact:

To make this policy especially clear for users and reviewers: if you sign in using Google, we collect your name, email address, and basic profile information for basic registration and authentication.

We retain that information unless and until you ask us to delete it, and we do not share that Google sign-in data with anyone else except where necessary to operate the service, comply with law, or protect our rights and systems.

To request deletion, email hello@sotlabs.net. To stop future access from Google, revoke the app in your Google Account permissions settings.