This policy applies to business customers (tenants) and to the personal data processed on their behalf via our platform and integrations (including WhatsApp Cloud API and other messaging channels). End customers of our clients do not access tenant backoffice directly.

Business contact details: name, company, email, phone.

Messages and metadata coming from integrated channels (WhatsApp, Facebook Messenger, Instagram) — content is held per tenant and under tenant contract.

Technical and usage data: IP addresses, device/browser data, logs, cookies and similar technologies.

We process data to operate the service, provide support, secure the platform, and comply with legal obligations. Legal bases include contract performance (Art. 6(1)(b) GDPR), legitimate interests and legal compliance.

Data retention is governed by the tenant contract. By default we retain tenant data while the contract is active. After a tenant requests deletion, we remove data within 7 calendar days unless legal retention obligations apply.

We operate within the EEA; where subprocessors or services require transfers, we use Standard Contractual Clauses or equivalent safeguards. Typical subprocessors include cloud infrastructure providers, messaging API vendors and analytics services (for example: AWS, CDN providers, Meta's WhatsApp Cloud API, OpenAI for assistant features, payment providers). Tenants may request the current list of subprocessors by contacting fms@sisisolutions.ie

We implement technical and organisational measures: TLS, access control, encryption at rest for sensitive fields, logging, monitoring and incident response procedures. Access to tenant data is role-based and audited.

Data subjects can request access, rectification, erasure, restriction, objection and portability by contacting fms@sisisolutions.ie. Requests will be processed in accordance with GDPR; tenants must authenticate to exercise rights relating to their tenant data.

Tenants can request full deletion by email (see our data deletion page) or via the tenant admin backoffice where available. Deletion requests are verified and processed within 7 calendar days; an email confirmation is sent when complete.

We may update this policy to reflect legal or operational changes. Material changes will be communicated to customers via the tenant admin contact email.