Privacy policy

Unit is operated by Digicliq Media Consult (the "Company", "we", "us", "Unit"), based in Accra, Ghana. We provide a multi-channel customer conversation platform with an AI agent trained on each customer's own products, brand persona, and knowledge base. Our customers are businesses (typically small or medium-sized) that use Unit to talk to their own customers across channels like WhatsApp, Instagram, Facebook Messenger, email, SMS, and a web widget.

Throughout this policy:

• "Customer" means a business that has signed up for Unit and operates a workspace.
• "End user" means a person who messages a Customer through one of the channels Unit relays.
• "You" refers to either a Customer or an End user, depending on context.

From Customers (signup + workspace)

• Name, work email address, hashed password, and the workspace name + slug they choose.
• Optional: industry tag, country, profile photo (avatar), and notification preferences.
• Channel setup details needed to connect services such as WhatsApp Business or website chat. Sensitive credentials are protected and are not shown again in the dashboard after they are saved.

From End users (conversations)

• Display name, phone number, email address, and any other contact information the connected messaging channel shares with us about you when you message a Customer.
• The content of messages you send and receive through Unit — including text, attachments, voice notes, and any media. This is the conversation history.
• Metadata about each conversation: the channel used, delivery and read receipts, timestamps, status changes (open / resolved), and tags or notes added by the Customer's team.

Automatically

• Server logs (IP address, user agent, request paths, timestamps) for security, abuse detection, and basic operational telemetry. Retained 30 days.
• Aggregate, non-identifying usage statistics (e.g. how many messages a workspace handled in a given period).

• Provide the service: route conversations between End users and Customer workspaces, deliver replies, run the AI agent against the Customer's own catalog, brand persona, and knowledge base, and escalate conversations when the AI cannot safely complete a request.
• Account management: authenticate Customer logins, send invites, password resets, and product updates.
• AI assistance: the AI agent uses the Customer's products, knowledge entries, brand persona, and conversation history to detect intent, answer, capture lead or order details, and escalate when needed. We do not use End-user conversation content to train any general-purpose AI model.
• Support: respond to your help requests at [email protected].
• Security & abuse prevention: detect fraud, throttle suspicious traffic, comply with legal requests.

We use a small number of vetted service providers to run Unit. We share only the data each one needs to do its job and have data-processing terms in place where applicable.

• Hosting and storage providers: services used to run Unit and store product images, knowledge-base files, user avatars, and workspace data.
• OpenAI: the AI service provider that powers the AI agent. We send the agent's prompt (including the Customer's knowledge snippets and the conversation context needed to generate a reply) to OpenAI. Per our agreement with OpenAI, this data is not used to train OpenAI's general models.
• Resend: transactional email (signup confirmations, teammate invites, password resets) sent on Unit's behalf to email addresses Customers provide.
• Messaging channel providers: services such as WhatsApp, Instagram, Facebook, email, SMS, and website chat that deliver messages between Customers and End users. Data flows through them under their own policies.

We do not sell personal data. We do not share it with advertising networks. We do not use it to train models outside the AI agent flow described above.

Unit's primary hosting is in Europe. Some service providers, including AI and messaging providers, may process data in other regions such as the United States. We rely on standard contractual clauses and relevant cross-border data-transfer mechanisms where required.

When a Customer connects a WhatsApp Business number, Meta sends inbound message events to Unit so the workspace can receive and reply to them. Outbound messages flow back through WhatsApp. The data that touches Meta during this exchange — message bodies, sender phone numbers, timestamps, and attachment URLs — is processed solely to deliver the messaging feature for the connected Customer. We do not:

• Use WhatsApp message data to train AI models. The conversation context shipped to OpenAI is the immediate thread, scoped to the Customer's workspace, and our provider settings prevent long-term retention on their side.
• Share WhatsApp data with advertising networks or use it for ad targeting.
• Profile end users across workspaces or businesses.
• Resell, license, or otherwise transfer WhatsApp data to third parties beyond the sub-processors named above.

Channel access credentials (e.g. whatsapp_business_messaging tokens issued by Meta) are stored encrypted at rest, used only to keep the connected channel working, and are revoked when the Customer disconnects the channel or deletes the workspace.

• Customer accounts: retained for the life of the account. Deleted within 30 days of workspace deletion request. See our data-deletion guide for the full procedure.
• Conversation history: retained for as long as the Customer's workspace exists or until the Customer deletes specific conversations from their dashboard.
• Server logs: 30 days.
• Backups: encrypted bucket-level snapshots taken daily, retained for up to 60 days.

The dashboard stores your sign-in session and a small number of UI preferences in your browser. The marketing site stores only your dark/light theme choice. We do not use third-party tracking or advertising cookies.

Concretely, the following are in place today:

• Customer workspaces are kept separate from each other.
• Channel credentials and access tokens are encrypted or otherwise protected at rest; the dashboard never shows raw credentials again after they are saved.
• Public traffic is served over HTTPS.
• Incoming channel events are verified before they are accepted.
• Admin actions on a workspace are audit-logged.
• Uploaded files are stored privately and shown only to authorized workspace users.

We have not yet pursued external compliance audits (SOC 2, ISO 27001, HIPAA). When we do, we'll update this page.

Depending on where you are, you may have rights to access, correct, export, or delete personal data we hold about you, plus the right to object to certain processing or withdraw consent. To exercise any of these, email us at [email protected]. We respond within 30 days.

If you are an End user (i.e. you messaged a Unit Customer), the Customer is the data controller for that conversation; Unit is the processor. We will forward your request to the relevant Customer.

Unit is not directed at people under 13. We don't knowingly collect personal data from anyone under 13. If you believe we have, email [email protected] and we'll delete it.

If Unit is acquired, merged with another company, or sold, personal data may be transferred as part of the transaction, subject to the new owner agreeing to a privacy policy at least as protective as this one. We'll notify Customers in advance.

We may update this policy as the product evolves. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced via in-app notice or email to Customers before they take effect.

Questions, requests, or concerns: [email protected].