privacy policy

01 - Introduction

This Privacy Policy describes how Dipdux Analytica, LLC ("Dipdux," "we," "our," or "us") collects, uses, shares, stores, and protects personal data in connection with our websites, products, applications, and services (collectively, the "Services"). The Services include — without limitation — our corporate website at dipdux.com, our cloud-hosting platform CloudX, our cybersecurity offering XLR8, our secure-sharing tool KeeperX, our InternX training programs, and our chatbot development and WhatsApp Business Platform Tech Provider services (the "Chatbot Services").

Dipdux Analytica, LLC is a limited liability company duly registered in the Arab Republic of Egypt under Commercial Registration No. 35107, Tax ID 759-958-181, and Information Technology License No. 644, with its principal place of business in Sheikh Zayed City, Giza Governorate, Egypt.

This Policy applies to personal data we process whether you interact with us through our website, our applications, our Chatbot Services on the WhatsApp Business Platform, our cloud or cybersecurity products, our recruitment and training programs, or any other channel through which we offer the Services.

We have prepared this Policy in accordance with the Egyptian Personal Data Protection Law No. 151 of 2020 ("PDPL") and, where applicable to our processing activities, the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), and other applicable data protection laws.

02 - Our Two Roles:
Controller and Processor

Depending on the Service and the context, Dipdux acts in one of two distinct capacities under data protection law:

(a) Data Controller. We act as a controller when we determine the purposes and means of processing — for example, when we process the personal data of:

 -Visitors to our website (dipdux.com);
 -Prospective clients who contact us;
 -Our direct customers and their authorized representatives;
 -Job applicants, employees, contractors, and InternX program participants;
 -Users of our cybersecurity, cloud, and secure-sharing products who hold accounts directly with us.

(b) Data Processor. We act as a processor on behalf of our business clients (the "controllers") when we provide our Chatbot Services on the WhatsApp Business Platform. In that case, our clients' end-users send messages to a WhatsApp Business number that belongs to and is operated by our client, and Dipdux processes the resulting message data only on the documented instructions of that client and pursuant to a written Data Processing Agreement ("DPA") between Dipdux and the client. Where we act as a processor, the controlling privacy policy with respect to the end-user is the client's privacy policy, not this one. This Policy nonetheless describes the categories of data we process in that capacity, our security commitments, and how end-users may exercise their rights through us.

03 - Personal Data We Collect

3.1 Data we collect as a Controller

 -Identity and contact data: Full name, job title, company, email address, phone number, country, language preference.
 -Account credentials: Username, hashed password, multi-factor authentication tokens, session identifiers.
 -Commercial data: Services purchased or subscribed to, billing address, VAT/Tax ID, invoices, payment status. (We do not store full payment-card numbers; card payments are handled by third-party PCI-DSS-compliant processors.)
 -Communications data: Email correspondence, support tickets, chat transcripts, recordings of scheduled calls (where lawful and disclosed at the time of the call).
 -Technical and usage data: IP address, device identifiers, browser type and version, operating system, pages visited, referring URL, timestamps, crash logs, performance metrics.
 -Cookie and tracking data: First- and third-party cookies, pixels, local-storage identifiers, and analytics events (see Section 9).
 -Recruitment and training data: CVs, portfolios, references, interview notes, certifications, and InternX program records.

3.2 Data we process as a Processor (Chatbot Services on WhatsApp Business Platform)

When our clients deploy chatbots that we build and operate on their WhatsApp Business Accounts, we process the following categories of personal data on behalf of those clients and strictly under their instructions:

 -WhatsApp identifiers: The end-user's WhatsApp phone number (E.164 format), WhatsApp display name, and (where shared by the user with the business) profile photo.
 -Message content: Text, images, documents, voice notes, video, audio, location pins, contacts, stickers, and interactive button or list selections sent by the end-user to our client's WhatsApp Business number, and the responses generated or sent in return.
 -Message metadata: Message identifiers, timestamps, delivery and read receipts, conversation identifiers, message direction (inbound/outbound), template names used, and language detection results.
 -Session and routing data: Bot state, conversational context variables, intent classifications, hand-off events to human agents, and routing decisions.
 -Opt-in records: Evidence of the end-user's consent to receive messages from the client's WhatsApp Business number, including the source, timestamp, channel, and exact text of the consent statement, as required by the WhatsApp Business Messaging Policy.
 -Business-defined custom fields: Any additional data the client instructs us to collect through the chatbot (for example, an order number, a reservation reference, or a customer segment label). The client is solely responsible for the lawfulness of any such custom collection.

We do not access end-users' WhatsApp contact lists, social graph, or messages sent to anyone other than our client's WhatsApp Business number.

04 - Sources of the Data

We collect personal data from the following sources:

 -Directly from you, when you fill out a form, register an account, contact us, sign a contract, or message a chatbot we operate on behalf of a client;
 -Automatically, through cookies, server logs, and similar technologies when you use our Services;
 -From our clients, when they upload, configure, or share data with us in connection with the Chatbot Services or our other products;
 -From third parties, such as Meta Platforms, Inc. and WhatsApp LLC (technical, delivery, and quality-of-service data relating to WhatsApp Business API traffic), payment processors, identity verification providers, and publicly available sources, where lawful.

05 - Purposes and Legal
Bases for Processing

We process personal data only where we have a lawful basis to do so. The principal purposes and the legal bases we rely on are:

 -Providing the Services and performing our contracts with clients and users: performance of a contract; legitimate interests.
 -Communicating with prospective clients and responding to inquiries: legitimate interests; consent (for marketing).
 -Operating the Chatbot Services on behalf of our clients: processor acting on documented instructions of the controller (our client).
 -Billing, invoicing, accounting, and tax compliance: legal obligation (Egyptian tax law, including statutory retention periods).
 -Security, fraud prevention, abuse detection, and platform integrity: legitimate interests; legal obligation.
 -Improving and debugging our Services (using anonymized or aggregated data wherever feasible): legitimate interests.
 -Sending marketing communications about our products: consent (you may withdraw at any time).
 -Recruitment, employment, and InternX program administration: performance of a contract; legitimate interests; consent.
 -Complying with legal, regulatory, and court-ordered obligations: legal obligation.

We do not sell personal data, and we do not use Chatbot Services data to build profiles of WhatsApp users beyond what is strictly necessary to deliver the conversational service requested by the client.

06 - How We Share Personal Data

We share personal data only with the following categories of recipients, and only to the extent necessary:

 -Our clients — where the data was collected through chatbots operated on their behalf, the data is shared with (and largely controlled by) the client whose WhatsApp Business Account received it.
 -Meta Platforms, Inc., WhatsApp LLC, and their affiliates — as the operators of the WhatsApp Business Platform. Message delivery, template review, quality monitoring, and platform-integrity functions necessarily involve Meta and WhatsApp processing the relevant data under their own terms and privacy policies.
 -Sub-processors and service providers — including reputable cloud-hosting providers, content-delivery networks, email-delivery providers, analytics providers, customer-support platforms, and similar service providers that act under our written instructions and binding confidentiality and security obligations.
 -Professional advisors — auditors, accountants, lawyers, and insurers, bound by professional confidentiality obligations.
 -Authorities — where disclosure is required by Egyptian law, by an applicable foreign law that we are bound to comply with, or by a valid order of a competent court or regulator.
 -In connection with corporate transactions — such as a merger, acquisition, restructuring, or sale of assets, in which case affected data subjects will be notified to the extent required by law.

We do not share personal data with advertising networks for cross-context behavioral advertising, and we do not sell personal data within the meaning of the CCPA/CPRA.

07 - International Data Transfers

Dipdux is established in Egypt, but some of our service providers and platform partners — including Meta and WhatsApp — operate infrastructure outside Egypt, including in the European Economic Area, the United Kingdom, and the United States.

When we transfer personal data outside Egypt or the EEA, we rely on lawful transfer mechanisms, which may include:

 -The data subject's explicit and informed consent;
 -The performance of a contract with the data subject;
 -The European Commission's Standard Contractual Clauses (where the importer is in an adequacy-uncertain jurisdiction);
 -Approval from the Egyptian Personal Data Protection Center, where required under PDPL Article 14.

Copies of the relevant safeguards are available on request.

08 - Data Retention

We retain personal data only for as long as is necessary for the purposes set out in this Policy or required by law. Specifically:

 -Marketing prospects: up to 6 months from last interaction, unless you withdraw consent earlier;
 -Client account and contractual records: for the duration of the contract plus 5 years thereafter, or longer where Egyptian tax law requires (currently 5 years for accounting records);
 -Chatbot conversation data (Processor role): in line with the retention period instructed by the client in the DPA. By default, we retain inbound and outbound message bodies for 30 days to enable troubleshooting, after which they are purged from our active systems; conversation metadata may be retained longer in aggregated or anonymized form;
 -Server logs and security logs: up to 6 months;
 -Recruitment data: up to 12 months after the conclusion of the recruitment process, unless you consent to a longer period for future opportunities.

After the applicable retention period expires, we delete, anonymize, or securely archive the data in accordance with our internal data-management policy.

09 - Cookies and
Similar Technologies

Our website uses cookies and similar technologies for session management, security, performance, and analytics. We classify cookies as:

 -Strictly necessary (always active);
 -Performance and analytics (only set with your consent where required);
 -Functional (remember your preferences, only set with your consent where required).

You can manage cookies through your browser settings or our cookie banner where available. Disabling certain cookies may impact site functionality.

10 - Your Rights

Subject to the conditions and limitations of applicable law, you have the following rights:

 -Right to be informed about how we process your data (this Policy);
 -Right of access to the personal data we hold about you;
 -Right to rectification of inaccurate or incomplete data;
 -Right to erasure ("right to be forgotten") — see also our Data Deletion page;
 -Right to restrict processing in certain circumstances;
 -Right to data portability — receive your data in a structured, machine-readable format;
 -Right to object to processing based on legitimate interests, including profiling;
 -Right to withdraw consent at any time, where consent is the legal basis;
 -Right not to be subject to a solely automated decision that produces legal or similarly significant effects;
 -Right to lodge a complaint with the Egyptian Personal Data Protection Center or, where applicable, the data protection authority of your EEA country of residence.

To exercise any of these rights, contact us using the details in Section 14. We will respond within the timeframes required by applicable law (no later than 30 days under PDPL; one month under GDPR, extendable as permitted).

If you are an end-user of a chatbot operated on behalf of one of our clients, please first direct your request to that client (the controller). We will assist them in fulfilling your request, and we will also act directly where applicable law requires.

11 - Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include, without limitation:

 -Encryption of data in transit (TLS 1.2 or higher) and encryption at rest for sensitive data stores;
 -Role-based access controls and the principle of least privilege;
 -Multi-factor authentication for administrative access;
 -Network segmentation, firewalling, and intrusion detection;
 -Regular vulnerability scanning, penetration testing, and security reviews carried out by our XLR8 cybersecurity team;
 -Documented incident-response procedures and personnel training.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required by law, affected data subjects, within the timeframes required by law.

12 - Children's Privacy

Our Services are intended for businesses and adults. We do not knowingly collect personal data from children under the age of 18 without verifiable parental consent. If you believe we have inadvertently collected such data, please contact us immediately and we will take steps to delete it.

13 - Changes to this Policy

We may update this Policy from time to time. We will post the updated version on our website and revise the "Last updated" date at the top. Where the changes are material, we will provide additional prominent notice (for example, by email to registered users or a banner on the website) before the changes take effect.

14 - Contact Us

If you have any questions, concerns, or requests regarding this Policy or our processing of your personal data, please contact us:

Dipdux Analytica, LLC
Sheikh Zayed City, Giza Governorate, Egypt

 -Privacy inquiries: privacy@dipdux.com
 -Data deletion requests: see /legal/data-deletion
 -General inquiries: hello@dipdux.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Egyptian Personal Data Protection Center or, where applicable, your local data protection authority.

This Privacy Policy is published in English. In the event of any conflict between this version and any translation, the English version shall prevail to the extent permitted by applicable law.