1. Introduction
FutureFy (Pty) Ltd ("FutureFy", "we", "us", or "our") operates the website futurefy.com and provides AI-powered WhatsApp messaging services that help businesses communicate with their customers, manage bookings, and automate customer enquiries.
This Privacy Policy explains how we collect, use, store, share, and protect personal information when you:
- Visit our website
- Communicate with a business through a WhatsApp number powered by FutureFy
- Register as a business to use our platform
We are committed to protecting your privacy and complying with the Protection of Personal Information Act, 2013 ("POPIA"), the Electronic Communications and Transactions Act, 2002 ("ECTA"), and all other applicable South African legislation. We also comply with Meta's WhatsApp Business Policy, Meta Platform Terms, and WhatsApp Business Data Processing Terms.
2. Responsible Party
For the purposes of POPIA, the responsible party for processing your personal information is:
- FutureFy (Pty) Ltd
- Registration number: [CIPC Registration Number]
- Address: [Physical Address, City, Province, Postal Code]
- Email: privacy@futurefy.com
- Website: futurefy.com
Our designated Information Officer can be reached at privacy@futurefy.com.
Where FutureFy processes personal information on behalf of a business that uses our platform, that business is the responsible party and FutureFy acts as an operator under POPIA. In such cases, processing is governed by a written data processing agreement between FutureFy and the business, in accordance with POPIA Section 21.
3. Information We Collect
In accordance with POPIA Section 18, we inform you that we collect the following categories of personal information. The provision of personal information is voluntary, but failure to provide certain information may mean that we or the business you are contacting cannot deliver the requested service (for example, we cannot process a booking without your phone number). Our collection and processing of personal information is authorised by POPIA and governed by the conditions for lawful processing set out in Chapter 3 of POPIA.
3.1 End users (customers messaging a business via WhatsApp)
When you send a message to a business that uses FutureFy, we may collect:
- Contact information: your phone number and WhatsApp display name as provided by the WhatsApp Business Platform
- Message content: the text, images, documents, or other media you send during the conversation
- Booking and service data: appointment details, service preferences, and scheduling information that arise from the conversation
- Interaction data: message timestamps, delivery and read receipts, and conversation history
3.2 Business users
When you register to use FutureFy as a business, we collect:
- Account information: business name, contact person name, email address, and phone number
- Business details: services offered, pricing, operating hours, location, and availability information
- WhatsApp Business Account details: account identifiers and access credentials generated through the Meta onboarding process
- Billing information: payment and invoicing details as required to process transactions
3.3 Website visitors
- Device and usage data: IP address, browser type, operating system, pages visited, referral source, and time spent on pages
- Cookies: we use essential cookies to operate the website and analytics cookies to understand how visitors use it. You may control cookie preferences through your browser settings
3.4 Sensitive and prohibited information
We do not knowingly collect special personal information as defined in POPIA Section 26 (such as religious beliefs, race, health, or biometric data) unless strictly necessary and with your explicit consent. In accordance with the WhatsApp Business Policy, businesses using FutureFy must not share or request full-length payment card numbers, financial account numbers, national identity numbers, or other sensitive identifiers through WhatsApp conversations. FutureFy is not intended for transmitting protected health information that is subject to heightened regulatory security requirements, and businesses should not use the platform for telemedicine or clinical communications where prohibited by applicable law.
4. How We Use Your Information
4.1 To provide and operate our services
- Delivering AI-assisted WhatsApp conversations between businesses and their customers
- Processing and managing bookings, appointments, and customer enquiries
- Sending transactional messages such as booking confirmations and appointment reminders
4.2 To support business accounts
- Managing business registrations, onboarding, and account administration
- Providing reporting, analytics, and customer support to business users
- Processing payments and managing billing
4.3 To send marketing communications
- With the end user's prior opt-in consent, businesses may use FutureFy to send promotional messages and marketing campaigns via WhatsApp, in compliance with POPIA Section 69
- You may opt out of marketing messages at any time (see Section 10 below)
4.4 To improve and secure our services
- Analysing aggregated usage patterns to improve platform functionality
- Detecting and preventing fraud, abuse, or security threats
- Meeting our legal and regulatory obligations
We do not use data obtained from WhatsApp conversations for any purpose other than as reasonably necessary to support the messaging services described above, in strict compliance with Meta's WhatsApp Business Policy. Where we process data on behalf of a client business, we use that data solely for the benefit of that business and never for our own independent purposes. We do not sell, license, or purchase personal information. We do not use personal information to build or augment user profiles, make eligibility determinations (such as for housing, employment, insurance, or credit), perform surveillance, or for targeted advertising.
5. Artificial Intelligence and Automated Processing
FutureFy uses artificial intelligence (AI) and large language models to process and respond to WhatsApp messages on behalf of businesses. This means:
- Your messages may be processed by AI systems to generate responses, manage bookings, and handle enquiries
- AI-generated responses are based on the business's configuration, service catalogue, and the content of your conversation
- No fully automated decisions with legal or similarly significant effects are made about you without human oversight. Businesses retain the ability to review and override AI-generated actions
- In accordance with POPIA Section 71, you have the right to request that any decision made solely on the basis of automated processing be reconsidered by a human. To exercise this right, contact us at privacy@futurefy.com or contact the business directly
AI processing is performed by trusted third-party AI model providers. Message content sent to these providers is used solely to generate responses and is not used to train their models or for any other purpose.
6. Legal Basis for Processing
Under POPIA, we process personal information only where at least one of the following conditions applies:
- Consent: you have given your voluntary, specific, and informed consent to the processing—for example, by opting in to receive WhatsApp messages from a business
- Contract: processing is necessary to perform our obligations under a contract with you, or to take steps at your request before entering into a contract
- Legal obligation: processing is necessary for us to comply with a legal duty
- Legitimate interest: processing is necessary for a legitimate interest we pursue, provided it does not prejudice your rights and freedoms—for example, maintaining platform security and preventing fraud
7. WhatsApp Business Platform and Meta
FutureFy is a registered Tech Provider on the WhatsApp Business Platform operated by Meta Platforms, Inc. Our services are built on Meta's WhatsApp Cloud API. By using our services, you acknowledge that:
- Messages are transmitted through Meta's infrastructure in accordance with the WhatsApp Privacy Policy
- Meta may process certain data (such as phone numbers, message metadata, and delivery information) in order to operate the WhatsApp service
- Businesses using FutureFy connect their WhatsApp number through Meta's official Embedded Signup process, which grants FutureFy permission to send and receive messages on the business's behalf
- Each business retains ownership of their own WhatsApp Business Account (WABA) and phone number. If a business discontinues using FutureFy, their WABA and conversation history remain theirs
- We comply with Meta's WhatsApp Business Policy, Meta Platform Terms, and the WhatsApp Business Data Processing Terms at all times
8. How We Share Your Information
We do not sell, rent, license, or trade your personal information. We may share personal information only in the following circumstances:
- With the business you are messaging: the business that operates the WhatsApp number you contacted can access your conversation history, booking details, and contact information. Each business can only access data from its own customers
- With Meta: message data is transmitted through the WhatsApp Business Platform as required to deliver the messaging service
- With service providers: we use trusted third-party service providers to help operate our platform, including cloud hosting providers, AI model providers for message processing, payment processors, and analytics services. These providers are contractually bound to process your data only on our instructions and to maintain appropriate security measures
- For legal reasons: where required by law, regulation, court order, or governmental request, or where necessary to protect our rights, property, or safety, or that of our users or the public
We do not share information from one customer's chat with any other customer, in accordance with the WhatsApp Business Policy. Strict tenant isolation ensures each business can only access its own customer data.
9. Consent and Opt-In for WhatsApp Messages
We require that businesses using FutureFy obtain valid opt-in consent from individuals before sending them WhatsApp messages, as required by the WhatsApp Business Policy and POPIA Section 69. This means:
- You must have provided your phone number to the business and agreed to receive WhatsApp messages from them
- The business must clearly identify itself and the types of messages you will receive when obtaining consent
- The business is responsible for maintaining records of consent in accordance with applicable law
- Consent for marketing messages is separate from consent for transactional messages (such as appointment confirmations)
10. Opt-Out and Data Deletion Requests
10.1 Opting out of messages
You have the right to stop receiving WhatsApp messages at any time. To opt out:
- Reply "STOP" to the WhatsApp conversation
- Contact the business directly and ask them to remove you from their messaging list
- Email us at privacy@futurefy.com with your phone number and we will ensure you are opted out
We respect and promptly action all opt-out requests in compliance with POPIA Section 69 and Meta's WhatsApp Business Policy. Once you opt out, no further messages will be sent to you unless you opt in again.
10.2 Requesting deletion of your data
You have the right to request the deletion of your personal information. To request deletion:
- Email privacy@futurefy.com with the subject line "Data Deletion Request" and include your phone number or other identifying details
- Contact the business you were messaging and request that they delete your data
Upon receiving a valid deletion request, we will delete or de-identify your personal information within 30 days, unless we are required by law to retain it. We will also instruct relevant service providers to delete the data. Where we are acting as an operator, we will direct the request to the relevant business and assist in processing the deletion.
11. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Conversation data: retained for as long as the business maintains an active account with FutureFy, unless you or the business requests earlier deletion
- Business account data: retained for the duration of the business relationship and for a reasonable period thereafter to comply with legal and accounting obligations
- Website analytics: retained in accordance with our analytics provider's standard retention periods
When personal information is no longer required, it is securely deleted or de-identified so that it can no longer be linked to you. When a business discontinues its use of FutureFy, we delete the business's customer data within a reasonable period unless required by law to retain it.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration, as required by POPIA Section 19. These measures include:
- Encryption of data in transit (TLS) and at rest
- Strict tenant isolation so that each business can only access its own customer data
- Authentication and authorisation controls for all platform access
- Regular review of our security practices and infrastructure
- Access controls limiting employee access to personal information on a need-to-know basis
No method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.
13. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right to access: request confirmation of whether we hold personal information about you and request a copy of that information (Section 23)
- Right to correction: request the correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, or misleading (Section 24)
- Right to deletion: request the destruction or deletion of personal information that we are no longer authorised to retain (Section 24)
- Right to object: object to the processing of your personal information on reasonable grounds relating to your particular situation (Section 11(3))
- Right to withdraw consent: where processing is based on your consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal
- Right not to be subject to direct marketing: object to receiving any direct marketing communications (Section 69)
- Right regarding automated decisions: request that a decision made solely on the basis of automated processing be reconsidered by a competent person (Section 71)
- Right to submit a complaint: lodge a complaint with the Information Regulator if you believe your rights have been infringed
To exercise any of these rights, email us at privacy@futurefy.com. We will verify your identity and respond within 30 days. If we are acting as an operator on behalf of a business, we may direct your request to the relevant business as the responsible party.
14. Cross-Border Data Transfers
Some of our service providers, including Meta (United States), cloud hosting providers, and AI model providers, may process personal information outside of South Africa. Where this occurs, we ensure that adequate safeguards are in place, including:
- Written agreements requiring the recipient to uphold protections substantially similar to those in POPIA
- Confirming that the recipient is subject to binding data protection laws, rules, or agreements that provide an adequate level of protection, in accordance with POPIA Section 72
- Obtaining your consent for the transfer where required
Data transmitted through the WhatsApp Business Platform is subject to Meta's data processing and transfer arrangements as set out in the WhatsApp Business Data Processing Terms.
15. Children's Privacy
Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us at privacy@futurefy.com and we will take steps to delete it. Where the personal information of a child is processed, we require that a competent person (such as a parent or guardian) has consented, in accordance with POPIA Section 35.
16. Security Compromise Notification
In the event of a security compromise that affects your personal information, we will notify the Information Regulator and, where there are reasonable grounds to believe that you may be affected, notify you as soon as reasonably possible, in accordance with POPIA Section 22. The notification will include a description of the possible consequences, the measures we have taken or intend to take, and a recommendation of what you can do to mitigate any adverse effects.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.
18. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
You also have the right to lodge a complaint with the Information Regulator (South Africa):
19. Promotion of Access to Information Act (PAIA)
In terms of Section 51 of the Promotion of Access to Information Act, 2000 ("PAIA"), FutureFy has a PAIA manual available upon request. To request a copy, or to submit an information access request, email privacy@futurefy.com. PAIA requests may also be directed to the Information Regulator at PAIAComplaints@inforegulator.org.za.