Privacy Policy
Last updated: May 17, 2026
1. Introduction
EngagePilot ("we", "our", or "us") provides a CRM platform that integrates WhatsApp and Instagram messaging to help businesses manage customer relationships. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use our services at engagepilot.in.
By creating an account or signing in, you agree to the practices described in this policy.
2. Information We Collect
Account Information
When you register, we collect your name, email address, and organization details. Passwords are stored as one-way hashed values and are never readable by us.
Messages & Conversations
We store WhatsApp and Instagram messages that are sent or received through the platform so you can view conversation history in the inbox.
Contact Data
Names, phone numbers, email addresses, and tags you add for your contacts and leads.
Usage Data
Login timestamps, pages visited, and feature interactions — used to improve the service.
3. How We Use Your Data
- Provide and operate the CRM and messaging features
- Authenticate your account, including via Google OAuth
- Send automated and manual messages via WhatsApp and Instagram on your behalf
- Display pipeline, campaign, and analytics data within your organization
- Improve platform performance and fix bugs
- Send important service or security notifications to your email
4. WhatsApp & Instagram Integration
EngagePilot connects to the Meta WhatsApp Business API and Instagram Graph API. When you link your WhatsApp or Instagram account, messages are routed through Meta's infrastructure. We store the access tokens you authorize — encrypted at rest using AES-256-GCM — and use them solely to send and receive messages on your behalf.
By connecting these channels, you also agree to WhatsApp Business Policy and Meta Platform Terms.
5. Data Storage & Security
- Data is stored in a PostgreSQL database hosted on Supabase
- All data in transit is encrypted via TLS (HTTPS)
- Channel access tokens are encrypted at rest with AES-256-GCM
- Passwords are hashed using bcrypt and are never stored in plain text
- Access to production systems is restricted to authorized personnel
6. Third-Party Services
We use the following third-party services to operate EngagePilot:
| Service | Purpose |
|---|---|
| Google OAuth | Optional sign-in via Google account |
| Meta (WhatsApp & Instagram) | Messaging channel integration |
| Vercel | Frontend hosting |
| Railway | Backend API hosting |
| Supabase | Database storage |
Each third party has its own privacy policy governing its handling of data.
7. Data Retention
We retain your data for as long as your account is active. If you close your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance reasons.
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Export your contact and conversation data
- Withdraw consent for messaging integrations at any time
To exercise any of these rights, email us at support@engagepilot.in.
9. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of EngagePilot after changes constitutes acceptance of the revised policy.
10. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at: