Skip to main content

Privacy Policy

Your data — and your customers' data — exactly what we touch, why, and where it lives. Bina kisi chupi baat ke.

Effective: June 28, 2026  ·  Version 1.2 — Founding Cohort Edition
Privacy in 30 seconds
  • We collect the minimum needed to run your WhatsApp store — and we tell you exactly what.
  • Your customers' phone numbers are stored encrypted. Cross-merchant fraud signals are hashed, never raw.
  • Customer messages — including photos and voice notes — are sent to OpenAI to generate AI replies. PII is masked first. Nothing is used to train their models.
  • We do not sell your data. We do not sell your customers' data. Ever.
  • Servers are in Germany (Hetzner, Nuremberg). Payment processing happens in Pakistan (JazzCash/EasyPaisa) and the US/EU (Stripe).
  • You can export everything or delete everything from your dashboard. We respond to written requests within 7 days.
01

Who is responsible for your data

Tijarat AI is operated by Malik Imran Ahmed, sole proprietor, based in Tarnol, Islamabad, Pakistan. SECP private-limited incorporation is in progress. Until then, Malik Imran Ahmed is personally responsible for how your data is handled.

Day-to-day operations — support, engineering, and merchant onboarding — are handled by Rehan, the founder. Malik Imran Ahmed remains the registered owner and the data controller for all personal data processed on the platform.

For any privacy question or data-rights request, contact privacy@tijarat.org.pk. Founder reads every privacy email personally.

02

What we collect

2.1 What you give us directly

  • Account info: Your name, email, password (hashed with Argon2), business name
  • Store data: Products, prices, inventory, photos you upload
  • Payment info: JazzCash / EasyPaisa numbers and Stripe card tokens — full card numbers are never seen or stored by us
  • Courier credentials: TCS / Leopards API keys you connect, encrypted at rest
  • AI configuration: Your AI persona, escalation keywords, discount caps

2.2 What we collect about your customers (so the store works)

  • WhatsApp identifier: The phone number that messaged your business number
  • Message history: Conversation between customer and your store — stored so you can review and audit AI replies
  • Order details: Address, items, amounts, delivery status
  • Risk signals: A risk score per phone number used for COD fraud protection

2.3 What we collect automatically

  • Usage logs: Which dashboard pages you opened, what actions you took
  • Technical data: IP address, browser, OS, app version, error stack traces
  • Cookies: Session cookies for login + minimal preference cookies (see table below)
03

AI transparency — what our models actually do

Tijarat AI uses two AI systems. We owe you a clear explanation of each — because algorithms that operate in the dark cause real harm. We are openly committing to algorithmic transparency.

AI #1 — The conversational agent (OpenAI GPT-4o-class models)

When a customer messages your WhatsApp number, the message text is sent to OpenAI's API to generate a reply. Before sending, we mask personally identifiable information (phone numbers, addresses) where possible. OpenAI processes the request in real-time and returns the reply text. Under our API contract with OpenAI:

  • Your customer's messages are NOT used to train OpenAI's models
  • OpenAI retains API logs for 30 days for abuse monitoring, then deletes them
  • Data is processed in OpenAI's US data centres

If a customer sends a photo, the image is sent to OpenAI's GPT-4o Vision so the AI can understand it and match it against your catalogue. If a customer sends a voice note, the audio is sent to OpenAI's Whisper to transcribe it. The same protections apply — your customers' media is never used to train OpenAI's models.

If you do not want customer messages to leave Pakistan, switch the AI off from Settings → AI. The dashboard and order tools will continue to work without it.

AI #2 — Cross-merchant fraud scoring (in-house)

We compute a risk score for COD orders. The score is built from:

  • Hashed phone-number history across the Tijarat AI merchant network (never raw numbers)
  • Order-return rate and complaint patterns for that hashed identity
  • Address density and unusual ordering patterns
  • Time-of-day signals

The score is explainable — you can see which signals contributed in the order detail view. You always make the final shipping decision. The AI never auto-blocks without your rule explicitly saying so.

We will publish the full feature list and decision audit log to every merchant on request. No black box.

04

Your customers' phone numbers

This is the most sensitive data we hold. Here's our commitment.

  • Full phone numbers are encrypted at rest in our database
  • When shared into the cross-merchant fraud network, only a one-way SHA-256 hash is shared — the raw number never leaves your tenant
  • No merchant on Tijarat AI can see another merchant's customer phone numbers
  • We never sell, lease, or share customer phone lists with any third party for marketing
  • You can delete a customer's record at any time from Customers → Delete
05

How we use this data

  • Run your store: Process orders, send WhatsApp replies, book couriers, accept payments
  • Protect you from fraud: Compute risk scores and alert you to known fraud patterns
  • Support: Answer your tickets, debug issues you report
  • Improve the product: Aggregated, anonymised metrics only — never individual customer profiling
  • Legal compliance: Respond to lawful FBR / FIA / SBP requests where required
06

How we secure your data

TLS 1.3 in transit
All connections to Tijarat AI are HTTPS-only
Argon2 password hashing
Passwords never stored as plaintext or reversibly encrypted
Hetzner Cloud, Germany
Primary servers and Postgres database run in Hetzner's Nuremberg, Germany region
Automated daily backups
Compressed Postgres snapshots (pg_dump), retained for 30 days
Health monitoring
Continuous internal health checks on the API and database
Idempotency + audit log
Every billing and risk action is recorded in a tamper-evident audit log

If a breach happens

In the unlikely event that your data is exposed, we will notify you by email and WhatsApp within 72 hours of discovery, tell you exactly what was exposed, and what steps we are taking. This is a personal commitment from the founder.

07

Third parties we depend on

Every service we use is listed below, with what they see and where they process it. If we add a new processor, we will list it here before they go live.

Meta WhatsApp Business PlatformUSA / Ireland

Sends and receives WhatsApp messages on your connected number

Their privacy policy →
OpenAIUSA

Generates AI replies; also analyses customer-sent images (GPT-4o Vision) and voice notes (Whisper). Not used for training (see Section 03)

Their privacy policy →
Hetzner CloudGermany (EU)

Hosts our servers and Postgres database (Nuremberg)

Their privacy policy →
JazzCashPakistan

Processes subscription payments and customer COD-to-prepaid conversions

EasyPaisaPakistan

Processes subscription payments

StripeUSA / Ireland

Processes international card payments where used

Their privacy policy →
TCS CourierPakistan

Books and tracks shipments when you connect TCS

Leopards CourierPakistan

Books and tracks shipments when you connect Leopards

SentryUSA / Germany

Error tracking — stack traces only, no customer PII

Their privacy policy →
08

WhatsApp & Meta Platform data

Tijarat AI is a technology provider built on Meta's WhatsApp Business Platform. When a merchant connects their WhatsApp Business number, we receive and process the following on that merchant's behalf, solely to operate their store:

  • The customer's WhatsApp phone number and profile name
  • The content of messages sent to the merchant's business number
  • Any images, voice notes, or other media the customer sends to the business number
  • Message delivery, read, and error status returned by Meta's servers

We handle this data under the Meta Platform Terms, the WhatsApp Business Messaging Policy, and the WhatsApp Commerce Policy. Specifically:

  • WhatsApp data — including any media — is used only to deliver the merchant's service: never for advertising, AI model training, cross-merchant profiling, or resale
  • Messages are sent only to customers who messaged the business first or gave the merchant clear opt-in consent
  • Free-form replies stay within WhatsApp's 24-hour customer-service window; outside it, only Meta-approved template messages are used
  • Merchants who violate WhatsApp's messaging or commerce policies are warned, and terminated on repeat violation (see Terms of Service, Acceptable Use)

WhatsApp customers can have their data deleted at any time — see the data deletion instructions in Section 11 below.

09

International data transfers

Where your data physically lives

  • Primary database and servers: Hetzner Cloud, Nuremberg, Germany (EU)
  • AI text, image, and voice processing: OpenAI, USA (in real-time, then returned)
  • WhatsApp message routing: Meta servers, USA / Ireland
  • Local payments: JazzCash and EasyPaisa servers in Pakistan
  • Error logs: Sentry, USA / Germany

We will move primary hosting to a Pakistan-region cloud the moment a credible enterprise-grade option exists locally. Today, Hetzner Germany gives us the best combination of cost, uptime, and EU-grade data protection.

10

Cookies

TypePurposeLifetimeRequired?
Session / AuthKeeps you logged in (httpOnly + CSRF)SessionYes
PreferenceRemembers language and dashboard layout1 yearNo
Analytics (internal)Anonymous page-view counts — no third-party trackers90 daysNo

We do not use Google Analytics, Facebook Pixel, or any other third-party advertising tracker on the dashboard.

11

Your rights

Pakistan's Personal Data Protection Bill (PDPB) 2023 is pending parliamentary enactment. We have voluntarily adopted the rights below now, modeled on PDPB 2023 and the EU GDPR, so you can exercise them from day one.

Right to access

Get a full copy of everything we hold about you

Right to correct

Fix anything inaccurate or out of date

Right to deletion

Have your data erased (subject to legal retention)

Right to restrict

Pause processing while a dispute is resolved

Right to export

Get your data in CSV / JSON to take elsewhere

Right to object

Opt out of cross-merchant fraud signal sharing

Response time: We aim for 7 days, and never longer than 30. Email privacy@tijarat.org.pk.

Data deletion instructions

If you are a merchant — delete your account from Dashboard → Settings → Account, or email privacy@tijarat.org.pk from your registered email with the subject "Delete my data". We confirm within 7 days and complete deletion within 30 days. Encrypted backups purge within a further 30 days. Transaction records we must keep under FBR rules (6 years) are retained only as required by law.

If you are a customer of a Tijarat AI store (a WhatsApp buyer) — ask the merchant to delete your record, or email privacy@tijarat.org.pk with the WhatsApp number you used. We will delete your identity data and de-link your conversation logs across the platform within 30 days.

12

How long we keep things

Data typeRetentionReason
AccountWhile account is activeRequired to run your store
Transaction records6 yearsFBR Income Tax Ordinance 2001 — record-keeping requirement
Customer + order dataWhile account is activeNeeded to operate your store
Conversation logs12 months rollingAudit AI replies + customer service
Hashed fraud signals24 monthsCross-merchant fraud network — hash only, no raw numbers
Support tickets2 yearsQuality improvement
Deleted accounts30 daysWindow to recover if you change your mind
Database backups30 daysDisaster recovery only
13

Children

Tijarat AI is a B2B platform for adult Pakistani business owners. We do not knowingly accept accounts from anyone under 18. If we discover a minor has created an account, we will close it and delete the data.

If you are a parent and believe your child has signed up, email privacy@tijarat.org.pk and we will act immediately.

14

Changes to this policy

If we change this policy in a way that affects you materially, we will:

  • Email you at least 30 days in advance
  • Show a banner in the dashboard
  • Update the "Effective" date at the top of this page
15

Contact

Privacy + data rights

privacy@tijarat.org.pk

General + support

support@tijarat.org.pk

Data controller: Malik Imran Ahmed, sole proprietor, Tarnol, Islamabad, Pakistan. SECP private-limited incorporation in progress.

Version 1.2 — Founding Cohort Edition · Effective June 28, 2026