Legal · Wits Africa Limited
Privacy Policy
Effective date: 1 July 2025 · Last updated: 1 July 2025
This policy applies to Conversa, a product of Wits Africa Limited, and covers its workspace, inbox, automation, and channel integration features — including WhatsApp, Instagram, Messenger, TikTok, X, and related reporting workflows.
1. About this policy
This Privacy Policy explains how Wits Africa Limited ("Wits Africa", "we", "us", "our") collects, uses, stores, and protects information when businesses, workspace users, and connected channel accounts use Conversa. Conversa is a product of Wits Africa Limited, a company incorporated in Kenya. By using Conversa you agree to the practices described in this policy.
2. Information we collect
We may process: account and workspace details (name, email address, role, organisation name); connected channel identifiers and account metadata (such as phone numbers, page IDs, usernames, and profile images supplied by integrated platforms); customer profile details and conversation history received through connected channels; message content, comments, and webhook payloads delivered by integrated platforms; access tokens and credentials required to maintain platform integrations; automation and routing settings configured by your workspace; and service and diagnostic logs needed to operate and secure the platform.
3. Connected platforms — WhatsApp, Instagram, Messenger, TikTok, X
When you connect a channel such as WhatsApp, Instagram, Messenger, TikTok, or X (Twitter), the respective platform may share with us account identifiers, profile metadata, access tokens, webhook events, message content, comment content, and delivery or status events. Each platform's own terms and privacy policy govern how that platform processes your data before sharing it with us. In particular, use of the TikTok integration is subject to TikTok's Developer Terms of Service, Platform Policy, and Privacy Policy in addition to these terms. Wits Africa only accesses data that a connected business account explicitly authorises through the relevant platform's OAuth or integration flow.
4. How we use information
We use information to: authenticate users and maintain workspace access; connect and manage authorised channels; send and receive customer communications on your behalf; route conversations to the appropriate team member or department; provide in-platform reporting and analytics; support workflow automation; troubleshoot issues and ensure platform reliability; and comply with legal and regulatory obligations. We do not sell, rent, or trade customer message or comment data to third parties.
5. Tokens and credentials
Access tokens, refresh tokens, and platform credentials are stored encrypted and are used solely to maintain authorised integrations and perform actions requested by your workspace — such as receiving inbound messages, sending replies, and syncing account metadata. We do not use these credentials for any purpose beyond operating your Conversa workspace.
6. Customer and public interaction data
Conversa may process customer conversations, contact profiles, public comments, and related interaction data made available through your connected business channels. As the workspace operator, you remain responsible for ensuring you have the legal basis, platform authority, and any applicable consents required to collect, access, and manage that data through your Conversa workspace.
7. Sharing and sub-processors
We rely on the following categories of sub-processors to operate the service: cloud hosting and database providers (including Supabase and Railway); frontend hosting (Vercel); transactional email providers; and the APIs of connected platforms (Meta, TikTok, X, and others). Each processes data only as necessary to deliver the service. We do not sell personal data. We may disclose data if required by Kenyan law, a court order, or to protect the rights and safety of users or the public.
8. Security
We implement reasonable technical and organisational safeguards including TLS encryption in transit, encrypted storage of credentials and tokens, row-level security on all database tables, HMAC-SHA256 webhook signature verification, and role-based access control within workspaces. No internet-based service can guarantee absolute security, and you are responsible for maintaining the security of your own login credentials.
9. Data retention
We retain workspace, channel, message, comment, and diagnostic data for as long as your account is active and as needed to provide the service, comply with legal obligations under Kenyan law, resolve disputes, and protect the platform. Diagnostic webhook logs are retained for 90 days. Upon account deletion we will purge associated personal data within 30 days unless a longer retention period is required by applicable law.
10. Your rights
Under the Kenya Data Protection Act, 2019, and other applicable law, you may have the right to access, correct, restrict processing of, export, or request deletion of personal data we hold about you. Workspace administrators can manage user access, disconnect channels, and rotate credentials directly from within Conversa. To exercise individual data rights or make a deletion request, contact us at privacy@witsafrica.co.ke.
11. Platform-specific compliance
Connecting a third-party platform through Conversa does not transfer compliance obligations from that platform to Wits Africa. You remain responsible for complying with the policies of Meta (WhatsApp, Instagram, Messenger), TikTok, X, and any other integrated provider, including their messaging policies, data usage restrictions, and user consent requirements. Conversa only accesses permissions that you explicitly grant during the platform authorisation flow.
12. Changes to this policy
We may update this policy from time to time. We will notify workspace administrators of material changes by email or in-app notice at least 14 days before the changes take effect. Continued use of Conversa after that date constitutes acceptance of the updated policy. The current version is always available at https://konvas.app/privacy.
13. Governing law
This Privacy Policy is governed by the laws of Kenya, including the Kenya Data Protection Act, 2019. Any disputes arising from this policy shall be subject to the jurisdiction of the courts of Nairobi, Kenya.
14. Contact us
Wits Africa Limited — privacy@witsafrica.co.ke. For general support enquiries, contact support@witsafrica.co.ke. We aim to respond to all privacy-related requests within 14 business days.
Also see our Terms of Service · Cookies Policy · Data Deletion · © 2026 Wits Africa Limited. All rights reserved.