Privacy Policy
Your data — and your customers' data — exactly what we touch, why, and where it lives. Bina kisi chupi baat ke.
- ›We collect the minimum needed to run your WhatsApp store — and we tell you exactly what.
- ›Your customers' phone numbers are stored encrypted. Cross-merchant fraud signals are hashed, never raw.
- ›Customer messages — including photos and voice notes — are sent to OpenAI to generate AI replies. PII is masked first. Nothing is used to train their models.
- ›We do not sell your data. We do not sell your customers' data. Ever.
- ›Servers are in Germany (Hetzner, Nuremberg). Payment processing happens in Pakistan (JazzCash/EasyPaisa) and the US/EU (Stripe).
- ›You can export everything or delete everything from your dashboard. We respond to written requests within 7 days.
Who is responsible for your data
Tijarat AI is operated by Malik Imran Ahmed, sole proprietor, based in Tarnol, Islamabad, Pakistan. SECP private-limited incorporation is in progress. Until then, Malik Imran Ahmed is personally responsible for how your data is handled.
Day-to-day operations — support, engineering, and merchant onboarding — are handled by Rehan, the founder. Malik Imran Ahmed remains the registered owner and the data controller for all personal data processed on the platform.
For any privacy question or data-rights request, contact privacy@tijarat.org.pk. Founder reads every privacy email personally.
What we collect
2.1 What you give us directly
- ›Account info: Your name, email, password (hashed with Argon2), business name
- ›Store data: Products, prices, inventory, photos you upload
- ›Payment info: JazzCash / EasyPaisa numbers and Stripe card tokens — full card numbers are never seen or stored by us
- ›Courier credentials: TCS / Leopards API keys you connect, encrypted at rest
- ›AI configuration: Your AI persona, escalation keywords, discount caps
2.2 What we collect about your customers (so the store works)
- ›WhatsApp identifier: The phone number that messaged your business number
- ›Message history: Conversation between customer and your store — stored so you can review and audit AI replies
- ›Order details: Address, items, amounts, delivery status
- ›Risk signals: A risk score per phone number used for COD fraud protection
2.3 What we collect automatically
- ›Usage logs: Which dashboard pages you opened, what actions you took
- ›Technical data: IP address, browser, OS, app version, error stack traces
- ›Cookies: Session cookies for login + minimal preference cookies (see table below)
AI transparency — what our models actually do
Tijarat AI uses two AI systems. We owe you a clear explanation of each — because algorithms that operate in the dark cause real harm. We are openly committing to algorithmic transparency.
AI #1 — The conversational agent (OpenAI GPT-4o-class models)
When a customer messages your WhatsApp number, the message text is sent to OpenAI's API to generate a reply. Before sending, we mask personally identifiable information (phone numbers, addresses) where possible. OpenAI processes the request in real-time and returns the reply text. Under our API contract with OpenAI:
- ›Your customer's messages are NOT used to train OpenAI's models
- ›OpenAI retains API logs for 30 days for abuse monitoring, then deletes them
- ›Data is processed in OpenAI's US data centres
If a customer sends a photo, the image is sent to OpenAI's GPT-4o Vision so the AI can understand it and match it against your catalogue. If a customer sends a voice note, the audio is sent to OpenAI's Whisper to transcribe it. The same protections apply — your customers' media is never used to train OpenAI's models.
If you do not want customer messages to leave Pakistan, switch the AI off from Settings → AI. The dashboard and order tools will continue to work without it.
AI #2 — Cross-merchant fraud scoring (in-house)
We compute a risk score for COD orders. The score is built from:
- ›Hashed phone-number history across the Tijarat AI merchant network (never raw numbers)
- ›Order-return rate and complaint patterns for that hashed identity
- ›Address density and unusual ordering patterns
- ›Time-of-day signals
The score is explainable — you can see which signals contributed in the order detail view. You always make the final shipping decision. The AI never auto-blocks without your rule explicitly saying so.
We will publish the full feature list and decision audit log to every merchant on request. No black box.
Your customers' phone numbers
This is the most sensitive data we hold. Here's our commitment.
- ›Full phone numbers are encrypted at rest in our database
- ›When shared into the cross-merchant fraud network, only a one-way SHA-256 hash is shared — the raw number never leaves your tenant
- ›No merchant on Tijarat AI can see another merchant's customer phone numbers
- ›We never sell, lease, or share customer phone lists with any third party for marketing
- ›You can delete a customer's record at any time from Customers → Delete
How we use this data
- ›Run your store: Process orders, send WhatsApp replies, book couriers, accept payments
- ›Protect you from fraud: Compute risk scores and alert you to known fraud patterns
- ›Support: Answer your tickets, debug issues you report
- ›Improve the product: Aggregated, anonymised metrics only — never individual customer profiling
- ›Legal compliance: Respond to lawful FBR / FIA / SBP requests where required
How we secure your data
If a breach happens
In the unlikely event that your data is exposed, we will notify you by email and WhatsApp within 72 hours of discovery, tell you exactly what was exposed, and what steps we are taking. This is a personal commitment from the founder.
Third parties we depend on
Every service we use is listed below, with what they see and where they process it. If we add a new processor, we will list it here before they go live.
Sends and receives WhatsApp messages on your connected number
Generates AI replies; also analyses customer-sent images (GPT-4o Vision) and voice notes (Whisper). Not used for training (see Section 03)
Hosts our servers and Postgres database (Nuremberg)
Processes subscription payments and customer COD-to-prepaid conversions
Processes subscription payments
Processes international card payments where used
Books and tracks shipments when you connect TCS
Books and tracks shipments when you connect Leopards
Error tracking — stack traces only, no customer PII
WhatsApp & Meta Platform data
Tijarat AI is a technology provider built on Meta's WhatsApp Business Platform. When a merchant connects their WhatsApp Business number, we receive and process the following on that merchant's behalf, solely to operate their store:
- ›The customer's WhatsApp phone number and profile name
- ›The content of messages sent to the merchant's business number
- ›Any images, voice notes, or other media the customer sends to the business number
- ›Message delivery, read, and error status returned by Meta's servers
We handle this data under the Meta Platform Terms, the WhatsApp Business Messaging Policy, and the WhatsApp Commerce Policy. Specifically:
- ›WhatsApp data — including any media — is used only to deliver the merchant's service: never for advertising, AI model training, cross-merchant profiling, or resale
- ›Messages are sent only to customers who messaged the business first or gave the merchant clear opt-in consent
- ›Free-form replies stay within WhatsApp's 24-hour customer-service window; outside it, only Meta-approved template messages are used
- ›Merchants who violate WhatsApp's messaging or commerce policies are warned, and terminated on repeat violation (see Terms of Service, Acceptable Use)
WhatsApp customers can have their data deleted at any time — see the data deletion instructions in Section 11 below.
International data transfers
Where your data physically lives
- ›Primary database and servers: Hetzner Cloud, Nuremberg, Germany (EU)
- ›AI text, image, and voice processing: OpenAI, USA (in real-time, then returned)
- ›WhatsApp message routing: Meta servers, USA / Ireland
- ›Local payments: JazzCash and EasyPaisa servers in Pakistan
- ›Error logs: Sentry, USA / Germany
We will move primary hosting to a Pakistan-region cloud the moment a credible enterprise-grade option exists locally. Today, Hetzner Germany gives us the best combination of cost, uptime, and EU-grade data protection.
Cookies
| Type | Purpose | Lifetime | Required? |
|---|---|---|---|
| Session / Auth | Keeps you logged in (httpOnly + CSRF) | Session | Yes |
| Preference | Remembers language and dashboard layout | 1 year | No |
| Analytics (internal) | Anonymous page-view counts — no third-party trackers | 90 days | No |
We do not use Google Analytics, Facebook Pixel, or any other third-party advertising tracker on the dashboard.
Your rights
Pakistan's Personal Data Protection Bill (PDPB) 2023 is pending parliamentary enactment. We have voluntarily adopted the rights below now, modeled on PDPB 2023 and the EU GDPR, so you can exercise them from day one.
Right to access
Get a full copy of everything we hold about you
Right to correct
Fix anything inaccurate or out of date
Right to deletion
Have your data erased (subject to legal retention)
Right to restrict
Pause processing while a dispute is resolved
Right to export
Get your data in CSV / JSON to take elsewhere
Right to object
Opt out of cross-merchant fraud signal sharing
Response time: We aim for 7 days, and never longer than 30. Email privacy@tijarat.org.pk.
Data deletion instructions
If you are a merchant — delete your account from Dashboard → Settings → Account, or email privacy@tijarat.org.pk from your registered email with the subject "Delete my data". We confirm within 7 days and complete deletion within 30 days. Encrypted backups purge within a further 30 days. Transaction records we must keep under FBR rules (6 years) are retained only as required by law.
If you are a customer of a Tijarat AI store (a WhatsApp buyer) — ask the merchant to delete your record, or email privacy@tijarat.org.pk with the WhatsApp number you used. We will delete your identity data and de-link your conversation logs across the platform within 30 days.
How long we keep things
| Data type | Retention | Reason |
|---|---|---|
| Account | While account is active | Required to run your store |
| Transaction records | 6 years | FBR Income Tax Ordinance 2001 — record-keeping requirement |
| Customer + order data | While account is active | Needed to operate your store |
| Conversation logs | 12 months rolling | Audit AI replies + customer service |
| Hashed fraud signals | 24 months | Cross-merchant fraud network — hash only, no raw numbers |
| Support tickets | 2 years | Quality improvement |
| Deleted accounts | 30 days | Window to recover if you change your mind |
| Database backups | 30 days | Disaster recovery only |
Children
Tijarat AI is a B2B platform for adult Pakistani business owners. We do not knowingly accept accounts from anyone under 18. If we discover a minor has created an account, we will close it and delete the data.
If you are a parent and believe your child has signed up, email privacy@tijarat.org.pk and we will act immediately.
Changes to this policy
If we change this policy in a way that affects you materially, we will:
- •Email you at least 30 days in advance
- •Show a banner in the dashboard
- •Update the "Effective" date at the top of this page
Contact
Privacy + data rights
General + support
Data controller: Malik Imran Ahmed, sole proprietor, Tarnol, Islamabad, Pakistan. SECP private-limited incorporation in progress.