Privacy Policy

Last updated: July 1, 2026

This Privacy Policy explains how STS Connect ("we", "us", "our", or "the Service"), operated by Smart Telecom, collects, uses, discloses, and safeguards your information when you use our unified business messaging platform at stsconnect.chat, portal.stsconnect.chat, and app.stsconnect.chat.

By creating an account or using the Service, you consent to the collection, use, and disclosure of your information as described in this Policy.


1. Information We Collect

1.1 Information You Provide

  • Account information: Your name, email address, company name, and password (stored as a bcrypt hash).
  • Payment information: Billing details processed securely via Stripe. We never store full credit card numbers on our servers.
  • Messaging channel credentials: When you connect WhatsApp, Facebook, Instagram, Telegram, or email, you authorize us to store the access tokens/credentials required to send and receive messages on your behalf.

1.2 Information Collected Automatically

  • Usage data: IP address, browser type, device information, access times, and pages visited.
  • Cookies & local storage: Used for authentication, session management, and security.

1.3 Message Content & Customer Conversations

To provide the Service, we process messages you send and receive through connected channels. This includes:

  • Message text, media (images, audio, video, documents), timestamps, and delivery status.
  • Contact information of your customers (name, phone number, email) when they message you.
  • This data is stored by our messaging engine hosted on our own infrastructure and is not shared with third parties for marketing purposes.

2. How We Use Your Information

  • To provide, operate, and maintain the Service across all messaging channels.
  • To create and manage your account, subscription, and billing.
  • To send service-related notifications (security alerts, billing receipts, product updates).
  • To provide customer support and respond to your inquiries.
  • To detect, prevent, and address fraud, abuse, and technical issues.
  • To comply with legal obligations and law enforcement requests.
  • To improve and develop new features based on aggregate, anonymized usage data.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data on the following legal bases:

  • Contractual necessity: To provide the Service you signed up for.
  • Legal obligation: To comply with tax, accounting, and regulatory requirements.
  • Legitimate interest: To ensure security, prevent fraud, and improve the Service.
  • Consent: For optional marketing communications, which you can withdraw at any time.

4. Third-Party Services

The Service integrates with the following providers. Each processes data under their own privacy policy:

  • Meta (WhatsApp Cloud API, Facebook Messenger, Instagram Direct) — governed by Meta's Privacy Policy. Data received via WhatsApp API is used solely to respond to user messages.
  • Stripe — payment processing — governed by Stripe's Privacy Policy.
  • Telegram — bot messaging — governed by Telegram's Privacy Policy.
  • Amazon Web Services (SES) — transactional email delivery.

5. Data Retention

We retain your personal data as follows:

  • Account data: Retained while your account is active. Deleted within 30 days of account closure.
  • Message content: Retained as configured in your account settings. You may delete conversations at any time.
  • Billing records: Retained for 7 years as required by tax and financial regulations.
  • Logs & usage data: Retained for 90 days for security and debugging purposes.

6. Data Security

We implement industry-standard security measures including TLS 1.2+ encryption in transit, bcrypt password hashing, role-based access control, and isolated Docker infrastructure. Payment data is handled entirely by Stripe and never touches our servers.


7. Your Privacy Rights (GDPR / Data Subject Access)

Depending on your location, you may have the right to: access, rectify, erase, restrict, port, object to, or withdraw consent for processing of your personal data. To exercise any of these rights, email privacy@stsconnect.chat. We respond within 30 days.


8. Data Deletion

You may request deletion of your account and all associated data at any time from Account Settings → Delete Account, or by emailing privacy@stsconnect.chat. We process deletion requests within 30 days. Previously stored messages are permanently removed as part of your account deletion.


9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Meta's servers. We ensure such transfers comply with applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under 16 years old. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice within the Service at least 30 days before they take effect.

12. Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes arising in connection with this Policy are subject to the exclusive jurisdiction of the Dubai Courts, United Arab Emirates.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact our Data Protection Officer:

Email: privacy@stsconnect.chat
Company: Smart Telecom
Address: Office S1-078, 24 Al Maktoum Rd., Dubai, United Arab Emirates
Phone: +971 4 522 5777
Website: stsconnect.chat