Privacy Policy

Last updated: March 15, 2026

Company: AkrosLab Ltd.
Website: akroslab.com

1. Introduction

AkrosLab Ltd. ("we", "our", or "us") operates WhatsApp Receptionist, a software-as-a-service platform that provides AI-powered WhatsApp messaging automation for dental clinics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (akroslab.com) and services.

By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Organization/clinic name
  • Account credentials (encrypted)

2.2 WhatsApp Business Data

When you connect your WhatsApp Business account through Meta's OAuth flow, we receive and store:

  • WhatsApp Business Account ID
  • Phone Number ID
  • Access tokens (encrypted at rest)

We do not access your personal WhatsApp messages. We only process messages sent to and from your connected WhatsApp Business number.

2.3 Patient Message Data

When patients message your clinic through WhatsApp, we process:

  • Phone numbers of patients who initiate conversations
  • Message content (text messages only)
  • Timestamps of messages
  • Conversation history for AI context

2.4 Usage Data

We automatically collect certain information when you visit our website or use our platform:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Device information

3. How We Use Your Information

We use the information we collect to:

  • Provide our service: Process incoming WhatsApp messages, generate AI responses, and send replies on behalf of your clinic
  • Maintain conversation context: Store message history so the AI can provide coherent, contextual responses
  • Improve our service: Analyze usage patterns to enhance performance and reliability
  • Communicate with you: Send service-related notifications, updates, and support messages
  • Ensure security: Detect, prevent, and address technical issues and abuse

4. Data Sharing and Disclosure

We do not sell, rent, or share patient data with third parties for marketing purposes.

We may share data with:

  • OpenAI: Message content is sent to OpenAI's API for AI response generation. OpenAI processes this data according to their API data usage policies and does not use API data to train their models.
  • Meta/WhatsApp: Messages are delivered through Meta's WhatsApp Business Platform API. Meta processes this data according to the WhatsApp Business Platform Terms.
  • Infrastructure providers: We use cloud hosting services that may process data as part of providing infrastructure (e.g., database hosting, server hosting).
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS/SSL
  • Access tokens and credentials are encrypted at rest
  • Database access is restricted and monitored
  • We follow the principle of least privilege for internal access

6. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, data is removed within 30 days.
  • Message data: Conversation history is retained for the duration of your subscription to provide AI context. Upon account cancellation, message data is deleted within 30 days.
  • Access tokens: WhatsApp access tokens are deleted immediately upon disconnecting your WhatsApp Business account.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing

To exercise these rights, contact us at the email provided in the Contact section below.

7.1 GDPR (European Economic Area)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing personal data includes:

  • Contract performance: Processing necessary to provide our service
  • Legitimate interest: Processing for service improvement and security
  • Consent: Where you have given explicit consent

You have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

9. Third-Party Links

Our service may contain links to third-party websites (e.g., Doctoralia for appointment booking). We are not responsible for the privacy practices of these external sites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Meta Platform Data Usage

In compliance with Meta's Platform Terms, we confirm that:

  • We only request the minimum permissions necessary to provide our service
  • We do not use data obtained from Meta for purposes other than providing and improving our service
  • We do not transfer Meta user data to data brokers or other services that sell data
  • We delete all data received from Meta APIs upon user request or when no longer needed for our service
  • We comply with all applicable Meta Platform Policies

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: