Privacy policy
Unified CRM is operated by SC Technology Limited, trading as Weezboo ("we") — a company registered in England and Wales (company no. 09579805), registered office 3rd Floor, 86-90 Paul Street, London EC2A 4NE. It gathers a workspace's customer conversations from the channels that workspace chooses to connect, into one stream the workspace team can search, tag, and ask questions about. This page says what data that involves, where it goes, and how to get it removed.
What we collect
- Account basics. Name, email address, and a password hash, or your Google account identity if you sign in with Google.
- Connected-channel messages. When a workspace owner connects a channel (Gmail, Slack, Discord, Reddit, Telegram, X, GitHub, Instagram, WhatsApp, Messenger, Google Search Console), we ingest the conversations that the connection and the workspace's routing rules cover: message text, sender and recipient identifiers, timestamps, and thread structure.
- Contacts. The people behind those conversations: handles, email addresses, and display names as the channels expose them. Identities are linked across channels when they share an email address.
- Operational records. Audit events (who connected what, when) and AI usage counts per workspace.
How we use it
One purpose: giving the workspace its own conversations back, organized. Messages are tagged by product and sentiment, embedded for semantic search, and used to answer questions the workspace team asks. We do not sell data, we do not share it across workspaces, and we do not use it for advertising.
AI processing
Tagging, enrichment, and question answering run through Anthropic's Claude API under our commercial terms; embeddings are computed on infrastructure we operate. Workspaces that bring their own API key route their AI calls through that key instead. We do not train models on your data.
Google user data
Two Google integrations exist beyond sign-in, both optional and connected explicitly by a workspace owner. Unified CRM's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Gmail (scopes:
gmail.readonly,gmail.send). We read messages from the support inbox a workspace connects, to show them in that workspace's conversation stream, and we send the replies an operator writes there from the connected address. Gmail data is visible only to members of the workspace that connected the inbox. It is never used for advertising, never sold, and never used to train generalized AI or machine-learning models; humans at Weezboo do not read it except with the workspace's explicit permission for support, for security or abuse investigation, or where the law requires. - Google Search Console (scope:
webmasters.readonly). Read-only search metrics for the properties a workspace routes, shown on that workspace's Search health page. We never write to Search Console. - Google sign-in. Your name, email address, and profile picture, used only to create and authenticate your account.
AI features process Gmail messages the same way as every other channel: through Anthropic's Claude API as a service provider, solely to tag and answer questions for the workspace that owns them, with no model training (see AI processing). Disconnecting Gmail or Search Console deletes the stored OAuth tokens immediately (see Data deletion), and you can revoke Unified CRM's access at any time at myaccount.google.com/permissions.
Meta platform data (WhatsApp, Instagram, Messenger)
A workspace owner can connect WhatsApp, Instagram, or Messenger — with their own Meta app credentials, or where available in one click via Connect with Facebook (Meta Embedded Signup), in which case we act as that workspace's technology provider on Meta's platform. Our use of data received through the WhatsApp Business Platform and the Meta Messenger Platform complies with the Meta Platform Terms and Developer Policies.
- What we receive. Inbound and outbound messages on the connected number/account (text and attachment references), the counterpart's Meta-scoped id and profile display name, timestamps, and — for WhatsApp — the business phone number id and WhatsApp Business Account id.
- Why. Only to show those conversations in the connecting workspace's inbox and let its team reply within Meta's messaging window. The data is visible only to members of that workspace.
- Limits. Never used for advertising, never sold, never shared across workspaces, and never used to train generalized AI or machine-learning models. AI tagging and answers run through Anthropic's Claude API as a service provider (see AI processing), scoped to the owning workspace.
Disconnecting the channel deletes its stored credentials immediately and stops ingestion; to remove the stored messages of a specific WhatsApp, Instagram, or Messenger contact, see data deletion. You can also revoke our access from your Meta Business settings at any time.
Your responsibilities. A workspace that connects WhatsApp, Instagram, or Messenger is responsible for obtaining any legally required opt-in and consent from its contacts to message them and to share their data with Meta, for labeling marketing messages, and for complying with the WhatsApp Messaging Policy and the WhatsApp Business Solution Terms. This obligation flows to the connecting workspace as the sender of record.
Storage and security
- Data lives in our PostgreSQL database; transport is TLS.
- Channel credentials (OAuth tokens, webhook secrets, app secrets) are encrypted at rest with authenticated encryption and are never echoed back by the API.
- Conversations are visible only to members of the workspace that connected the channel, and to the platform operator for support and abuse handling.
- Retention. We retain connected-channel messages and contacts for as long as the workspace is active. Disconnecting a channel stops new ingestion and deletes its stored credentials but does not by itself erase messages already stored; those are removed when you delete the workspace or request their deletion (see data deletion), or once no longer needed for the purpose collected.
Sharing
Subprocessors, engaged only as the features that need them are used: Anthropic (AI processing), Google (Gmail and Search Console APIs when connected, Google sign-in), and the platforms of the channels a workspace connects (Slack, Discord, Reddit, Telegram, X, GitHub, Meta). Each receives only what its API requires to operate. Nothing else is shared unless the law requires it.
Data deletion
Three levels, all self-serve or one email away:
- Disconnect a channel. Connectors page, Disconnect. Ingestion stops and the channel's stored credentials are deleted immediately.
- Delete a workspace. Removes the workspace's conversations, contacts, embeddings, and channel connections.
- Ask us. Email [email protected] from the account in question (or name the Instagram, WhatsApp, or Messenger identity whose messages you want removed). We confirm completion within 30 days.
Your rights
You can access and export your workspace's data, correct your account details, and delete any of the above at any time. EU and UK users have the rights the GDPR grants them, including complaint to a supervisory authority; we honor access, portability, rectification, and erasure requests for everyone, sent to [email protected].
Changes
If this policy changes in a way that matters, we note it here with a new effective date. Questions go to [email protected].