Try for free

Privacy Policy

Effective date: March 19, 2026

MonkeyChat("we," "us," or "our") operates the website at https://monkeychat.deand provides an AI-powered WhatsApp agent platform for craft businesses ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our dashboard, or interact with our WhatsApp-based services.

We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TDDDG).

1. Data Controller

The data controller responsible for processing your personal data is:

MonkeyChat
Email: hello@monkeychat.de

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration data: name, email address, and organization details when you sign up through our dashboard.
  • Business profile data: business name, service categories, business hours, and service area information you configure in your dashboard.
  • Payment information: processed securely through our third-party payment provider. We do not store credit card numbers.

2.2 Information Collected Through WhatsApp

When end customers communicate with a business through our WhatsApp integration, we process:

  • WhatsApp phone number and profile name as provided by the WhatsApp Business API.
  • Message content: text messages, voice messages, and images sent during the conversation.
  • Service request details: problem descriptions, address information, scheduling preferences, and any photos shared for service assessment.
  • Conversation metadata: timestamps, message status, and conversation state.

2.3 Automatically Collected Information

  • Usage data: pages visited, features used, and interaction patterns on our website and dashboard.
  • Device information: browser type, operating system, and device identifiers.
  • Log data: IP addresses, access times, and referring URLs.

3. How We Use Your Information

We process personal data for the following purposes:

  • Service delivery: to operate the WhatsApp agent, process service requests, create tickets, generate cost estimates, and facilitate appointment booking (legal basis: contract performance, Art. 6(1)(b) GDPR).
  • AI processing: to generate contextual responses, route conversations, transcribe voice messages, and provide intelligent assistance through our AI agent (legal basis: contract performance, Art. 6(1)(b) GDPR).
  • Account management: to create and manage your account, authenticate sessions, and provide customer support (legal basis: contract performance, Art. 6(1)(b) GDPR).
  • Service improvement: to analyze usage patterns, fix bugs, and improve our platform (legal basis: legitimate interest, Art. 6(1)(f) GDPR).
  • Legal compliance: to comply with legal obligations and protect our rights (legal basis: legal obligation, Art. 6(1)(c) GDPR).

4. WhatsApp and Meta Platform Data

Our Service integrates with the WhatsApp Business Platform provided by Meta Platforms, Inc. When end customers message a business through WhatsApp:

  • Messages are transmitted via Meta’s WhatsApp Business API infrastructure.
  • We receive and process message content, sender information, and media attachments through webhook notifications.
  • We send responses back through the WhatsApp Business API.
  • Meta processes data in accordance with the WhatsApp Business Data Processing Terms.

We do not sell, share, or use WhatsApp message data for advertising purposes. Message data is used solely to provide the requested service to the business and its customers.

5. AI and Automated Processing

Our Service uses artificial intelligence to:

  • Understand and respond to customer inquiries via natural language processing.
  • Transcribe voice messages using speech-to-text technology (OpenAI Whisper).
  • Generate voice responses using text-to-speech technology (ElevenLabs).
  • Route conversations and categorize service requests.
  • Generate cost estimates based on provided information.

AI-generated responses are provided as assistance to the business. No fully automated decisions with legal or similarly significant effects are made without human oversight. You have the right not to be subject to automated decision-making under Art. 22 GDPR.

6. Media Processing

When end customers share images or voice messages through WhatsApp:

  • Imagesare downloaded from WhatsApp’s servers, processed to understand the service request context, and stored alongside the associated ticket.
  • Voice messages are downloaded, transcribed to text using OpenAI Whisper, and the transcription is stored with the conversation history. Original audio files are not retained after transcription.

7. Third-Party Service Providers

We share data with the following categories of third-party processors, all bound by data processing agreements:

  • Meta Platforms (WhatsApp Business API): message delivery and receipt.
  • OpenAI: natural language processing, conversation AI, and voice transcription.
  • ElevenLabs: text-to-speech voice generation.
  • Clerk: authentication and identity management.
  • Neon (PostgreSQL): database hosting and data storage.
  • Vercel: application hosting and infrastructure.

Some of these providers are based in the United States. Data transfers to the US are protected by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR.

8. Data Retention

  • Account data: retained for the duration of your subscription and deleted within 30 days of account closure, unless retention is required by law.
  • Conversation history: retained for up to 12 months to provide continuity of service, then automatically anonymized or deleted.
  • Tickets and service records: retained for the duration of the business relationship plus any legally required retention period.
  • Voice message audio: deleted immediately after transcription.
  • Log data: retained for up to 90 days for security and debugging purposes.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access(Art. 15 GDPR) — obtain confirmation of whether your data is being processed and request a copy.
  • Right to rectification(Art. 16 GDPR) — correct inaccurate or incomplete data.
  • Right to erasure(Art. 17 GDPR) — request deletion of your data under certain conditions.
  • Right to restriction(Art. 18 GDPR) — restrict processing under certain circumstances.
  • Right to data portability(Art. 20 GDPR) — receive your data in a structured, machine-readable format.
  • Right to object(Art. 21 GDPR) — object to processing based on legitimate interest.
  • Right to withdraw consent(Art. 7(3) GDPR) — withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@monkeychat.de. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • HMAC signature verification for all incoming WhatsApp webhook payloads.
  • Role-based access control and multi-tenant data isolation.
  • Regular security reviews and dependency updates.

11. Cookies and Tracking

Our website uses only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Essential cookies do not require consent under Art. 5(3) of the ePrivacy Directive.

12. Children’s Privacy

Our Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@monkeychat.de and we will promptly delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. For significant changes, we will provide additional notice via email or through the Service.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

MonkeyChat
Email: hello@monkeychat.de
Website: https://monkeychat.de

See also our Terms of Service.