New🔥 Be among the first to join our closed beta for free!Access Closed Beta

Konectus

Privacy Policy

Effective: April 29, 2026Last updated: April 29, 2026
1

1. Introduction

At Konectus («Konectus», «we», «our» or the «Platform»), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and protect personal information from users who access our website https://konectus.io and the Konectus platform (collectively, the «Services»).

This document is drafted in accordance with:

  • The Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations.
  • Applicable data protection laws in the Latin American countries where we operate.
  • The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) in the United States.
  • The European Union General Data Protection Regulation (GDPR), applicable when we process data of residents in the European Economic Area.
2

2. Identity of the Data Controller

Data ControllerKonectus
Trade NameKonectus
Websitehttps://konectus.io
Privacy contact email[email protected]
3

3. Definitions

Personal Data
any information relating to an identified or identifiable natural person.
Data Subject
the natural person to whom the personal data relates.
Processing
any operation performed on personal data, including collection, use, disclosure, storage and deletion.
User
the individual or company that registers and uses Konectus Services.
End Contact
a person whose data is managed by a User within the Platform for the purpose of communicating through conversational channels (Messenger, Instagram, Telegram).
Controller / Processor
under LFPDPPP and similar laws, the Controller decides how data is processed; the Processor processes data on behalf of the Controller.
4

4. Information We Collect

Konectus applies the data minimization principle: we only collect and process information strictly necessary to provide the requested service. Data received through the Meta API is limited to the permissions explicitly granted by the User.

4.1 Information you provide directly

When you register or use our Services we collect:

  • Full name
  • Email address
  • Phone number
  • Company name
  • Payment information (processed directly by our payment provider; Konectus does not store card numbers)
  • Any other information you choose to share when contacting us

4.2 Information collected automatically

When you browse or use the Platform we automatically collect:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent
  • Date, time and time zone of access
  • Referrer URL
  • Cookie identifiers and similar technologies (see Section 11)

4.3 Information we manage on behalf of our Users

When a User uses Konectus to communicate with their customers through the Meta Platforms API (Facebook Messenger, Instagram Direct) or Telegram, the Platform processes End Contact data: name, Facebook/Instagram profile identifiers, message content, attachments, timestamps, and read status.

In these cases Konectus acts as the Data Processor and the User is the Data Controller. See Section 13 for details.

4.4 Data we do NOT collect

We do not collect special categories or sensitive data (racial or ethnic origin, health status, biometric data, religious beliefs, political opinions, sexual orientation, financial data beyond what is necessary for billing). We also do not use session recordings, heatmaps or similar tracking tools.

5

5. Purposes of Processing

5.1 Primary purposes (necessary to provide the service)

  • Create, authenticate and manage your account
  • Provide, operate and maintain the Services
  • Process payments and issue receipts
  • Respond to requests, questions and provide technical support
  • Send operational notifications (service changes, security alerts, billing reminders)
  • Comply with legal, tax and accounting obligations
  • Prevent fraud, abuse, spam and violations of our Terms of Service
  • Ensure security and integrity of the Platform

5.2 Secondary purposes (optional)

  • Send marketing communications about new features, promotions, use cases or educational content
  • Conduct statistical and behavioral analytics to improve the Platform
  • Invite you to participate in surveys, events, beta programs or webinars

You may object to processing for secondary purposes at any time by emailing [email protected]. This will not affect the provision of the core service.

5.3 Specific purposes for data received from the Meta Platforms API

End Contact data received through the Meta API (messages, profiles, attachments) is used exclusively to:

  • Deliver and manage messages between End Contacts and the User who contracted the service.
  • Display conversation history to the User within the Konectus Platform.
  • Facilitate manual or automated responses from the User to their End Contacts.
  • Generate aggregate service usage metrics (message volume, response times) without linking them to individual profiles.

This data is not used for any other purpose, including advertising, market research, AI model training, or disclosure to third parties outside the scope described in Section 7.

6

6. Legal Basis for Processing

  • Your consent, given when accepting this Policy or registering on the Platform.
  • Performance of a contract to which you are a party (the Terms of Service).
  • Compliance with legal obligations that apply to Konectus.
  • Our legitimate interests: service improvement, Platform security, fraud prevention, defense against claims.
7

7. Sharing with Third Parties (Sub-processors)

We share information with the providers that help us operate the Platform. Each acts as a Sub-processor and is contractually obligated to protect your data and use it only for the purposes we instruct.

ProviderPurposeLocation
Contabo GmbHHosting / VPS serversGermany / United States
Stripe, Inc.Payment processingUnited States
Google LLC (Google Analytics)Website analyticsUnited States
Meta Platforms, Inc.Messenger and Instagram APIsUnited States
Telegram Messenger Inc.Telegram messaging APIUnited Arab Emirates / International
Konectus does NOT sell or rent your personal data to third parties for advertising or commercial purposes.

Additionally, we may disclose information when:

  • Required by a competent authority or court order.
  • Necessary to protect the life, integrity or rights of any person.
  • Necessary to defend ourselves legally against claims.
  • Expressly authorized by the Data Subject.
  • A merger, acquisition or corporate reorganization occurs (in which case we will notify you).
8

8. International Data Transfers

Some of our providers are located outside your country of residence, primarily in the United States and the European Union. As a result, your personal data may be transferred and stored internationally.

To protect these transfers, we:

  • Select providers with internationally recognized data protection standards.
  • Sign Standard Contractual Clauses (SCCs) approved by the European Commission and Data Processing Agreements (DPAs) ensuring adequate protection levels for all international transfers.
  • Rely on the EU-US Data Privacy Framework or other valid transfer mechanisms under GDPR (Art. 46) for transfers from the European Economic Area to the United States.

By using the Services, you expressly consent to these international transfers in accordance with articles 36 and 37 of the LFPDPPP and equivalent provisions in other jurisdictions.

9

9. Data Retention

We retain your personal data for as long as your account is active and for up to 5 (five) years after account cancellation, in order to comply with tax, accounting, legal obligations and to defend against potential claims.

Once that period ends, your data will be securely deleted or irreversibly anonymized.

When you exercise your right to deletion, we will retain only the data strictly necessary to comply with legal obligations, for the minimum required period.

Data received through the Meta Platforms API (Messenger and Instagram Direct messages, profile identifiers, attachments, and timestamps) is retained for up to 2 (two) years from the date of the message or last interaction, unless the User or End Contact requests deletion earlier, or applicable law requires a different period.

10

10. Your Rights

11

11. Cookies and Similar Technologies

We use cookies and similar technologies to operate the website, remember your preferences and understand how you interact with the Platform. We display a cookie banner the first time you visit, where you can accept, reject or customize non-essential cookies.

Types of cookies we use:

  • Essential / technical: required for the site to function (authentication, security, basic preferences). They do not require consent.
  • Performance and analytics: Google Analytics. Help us understand site usage in aggregate form.
  • Functionality: remember your preferences (language, settings).
Konectus does not use third-party cookies for advertising, remarketing or data sales purposes.

You can manage your preferences at any time from the cookie banner or your browser settings. Note that rejecting essential cookies may affect Platform functionality.

12

12. Children's Privacy

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

If a minor wishes to use the Platform, they must have express, prior and written consent from their parents or legal guardians, who will be responsible for the minor's use of the Services.

If we discover that we have collected data from a minor without the required parental consent, we will promptly delete such information. If you are a parent or guardian and believe your child has provided us data without authorization, please contact us at [email protected].

13

13. Konectus as Data Processor (B2B clients)

When a company uses Konectus as a tool to communicate with its end customers:

User (company) responsibilities

  • Obtaining necessary consents from End Contacts.
  • Informing End Contacts about the processing of their data.
  • Responding to ARCO, CCPA or equivalent rights requests from End Contacts.
  • Complying with the policies of conversational platforms (Meta Platform Terms, Telegram Terms).

Konectus commitments

  • Applying appropriate technical and organizational measures to protect such data.
  • Processing data only according to the User's instructions.
  • Reasonably assisting the User in handling End Contact requests.
  • Not using End Contact data for its own purposes other than providing the service.

Contracts between Konectus and its business clients include data processing clauses required by Article 28 of the GDPR and equivalent provisions of applicable law, formally establishing the Processor-Controller relationship in compliance with applicable regulations.

If you are an End Contact who received a message through a Konectus client and wish to exercise rights over your data, we recommend contacting the company that sent the message directly. If you need guidance, you may write to [email protected].

If you are a Facebook or Instagram user and wish to specifically request deletion of your data processed through the Meta API, you may do so directly on our data deletion page: Request Meta data deletion →

14

14. Information Security

We apply reasonable technical, physical and administrative measures to protect your data against unauthorized access, loss, alteration or destruction. These measures include:

  • Encryption in transit via HTTPS/TLS.
  • Role-based access controls and secure authentication.
  • Security monitoring and access logging.
  • Regular backups.
  • Internal training on data handling best practices.

However, no system is 100% secure. In the event of a security breach that may significantly affect your rights, we will notify you without undue delay in accordance with applicable law.

In the event of a security breach involving data received from the Meta Platforms API, Konectus will notify Meta Platforms, Inc. within a maximum of 24 (twenty-four) hours of becoming aware of the incident, in accordance with the current Meta Platform Terms, in addition to fulfilling notification obligations to authorities and data subjects required by applicable law.

15

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law or the Services. When changes are material, we will notify you through:

  • Prominent notice on the Platform or website.
  • Email (when applicable and technically feasible).

The «Last Updated» date indicates the current version. Continued use of the Services after an update implies acceptance of the changes.

16

16. Use of the Meta Platforms API (Messenger and Instagram)

16.1 Meta Permissions Requested

To operate messaging features via Facebook Messenger and Instagram, Konectus requests the following Meta Platform permissions:

PermissionDescriptionData accessed
pages_messagingSend and receive messages through Facebook PagesMessage content, sender and recipient IDs
instagram_manage_messagesSend and receive Instagram Direct messagesInstagram message content, account IDs
instagram_basicAccess basic Instagram profile informationUsername, account ID, public profile picture

16.2 Data Received from the Meta API

Through the permissions above, Konectus may receive and process the following data on behalf of its Users:

  • Usernames and profile IDs from Facebook / Instagram
  • Message content from Messenger and Instagram Direct
  • Attachments shared in conversations (images, documents, audio, video)
  • Message timestamps and read status
  • Basic public profile information of the End Contact

This data is used exclusively to provide the messaging management service to the User that subscribed to Konectus. Konectus does not use this data for advertising, user profiling, or any purpose other than those stated in this Policy.

16.3 Declaration of Compliance with Meta Platform Terms

Konectus complies with the current Meta Platform Terms and the current Meta Developer Data Use Policy. Specifically, Konectus commits to:

  • Not using Meta API data for purposes not authorized by Meta or this Policy.
  • Not selling, transferring, or disclosing Meta API data to unauthorized third parties.
  • Not using Meta API data to make automated decisions that negatively affect users without their knowledge.
  • Applying appropriate technical and organizational measures to protect data received from Meta.
  • Cooperating with any audit or review that Meta conducts under its Platform Terms.
  • Not using data received from the Meta API in other applications, products, or services — whether internal or third-party — other than the Konectus Platform, unless the Data Subject gives explicit consent.

To review the full terms, visit: Meta Platform Terms

16.4 Deletion of Meta Data

If you are a Facebook or Instagram user and wish to request deletion of data that Konectus processed through the Meta API, you may do so on our data deletion page. We will process your request within a maximum of 30 (thirty) business days.

Request Meta data deletion

16.5 Prohibition on Use for AI Training

Konectus does not use data received through the Meta API — including message content, profile identifiers, and metadata — to train, fine-tune, improve, or develop artificial intelligence or machine learning models, whether its own or third-party. This restriction applies both in real time and retroactively to historical data. Konectus contractually requires all its sub-processors to comply with this same prohibition regarding Meta API data, in compliance with the current Meta Platform Terms.

17

17. Contact

For any questions, comments, complaints or requests related to this Privacy Policy or the processing of your personal data:

Suggested subject

Privacy — [your inquiry]

If you believe your data protection rights have been violated, you may contact the competent authority in your country of residence: in Mexico, the National Institute of Transparency, Access to Information and Personal Data Protection (INAI); in California (USA), the California Privacy Protection Agency (CPPA); in the European Union, the data protection supervisory authority of your Member State (see the authority directory at edpb.europa.eu).

This document constitutes the comprehensive Privacy Policy of Konectus in accordance with applicable law.