The short version: Favion operates exclusively on your business's own data. We do not use your customer data to train AI models, share it with third parties for advertising, or access it beyond what is necessary to deliver the service. Your data is yours.
1. Who We Are
Favion ("we", "us", "our") is a Conversational Operations Platform developed and operated by Favion Ltd, registered in Nairobi, Kenya. We provide AI-powered business automation services delivered through WhatsApp and a web-based administration dashboard.
For privacy enquiries: info@favion.net
2. What Data We Collect
2.1 Business Client Data
When you onboard as a business client, we collect:
- Business name, contact details, and billing information
- Configuration data: your services, pricing, staff details, operating hours
- Integration credentials (e.g. Google Calendar, payment gateway keys) stored encrypted
2.2 End Customer Data (your customers)
When your customers interact with your Favion-powered assistant, we collect and process:
- Phone numbers (via WhatsApp Business API)
- Booking and appointment details
- Payment transaction references (not full card details — we do not store raw payment credentials)
- Order and inventory interaction history
- Conversation content, for the purpose of delivering the automated service
2.3 Usage and Technical Data
- API call logs and system performance data
- Error logs for service reliability
- Admin dashboard access logs
3. How We Use Your Data
We use collected data only for the following purposes:
- Delivering the automation services your business has contracted (bookings, payments, inventory, reporting)
- Operating and maintaining the Favion platform infrastructure
- Generating financial reports, appointment summaries, and operational analytics for your admin dashboard
- Sending automated confirmations, receipts, and notifications on behalf of your business to your customers
- Providing technical support when requested
- Complying with legal obligations
We do not:
- Use your customer data to train AI models (our AI is guided by your business configuration, not your customers' personal data)
- Sell or rent data to third parties
- Use data for advertising or marketing profiling
- Share data across client accounts
- Access conversation content for any purpose beyond service delivery
4. Data Storage and Security
Your data is stored on private cloud infrastructure (Hetzner Cloud, Frankfurt/Helsinki data centres). We apply the following security measures:
- Encryption in transit (TLS 1.2+) and at rest for sensitive fields
- Environment-separated credentials and API keys
- Access limited to authorised Favion engineers on a need-to-know basis
- Regular automated backups with retention policies
- No sensitive payment data stored on Favion servers (payment processing handled by M-Pesa/Stripe under their respective security certifications)
5. Third-Party Services
Favion integrates with third-party services to deliver its functionality. Each integration operates under that service's own privacy policy:
- Meta (WhatsApp Business API): Message delivery infrastructure. Meta Privacy Policy
- Google Calendar API: Calendar synchronisation where enabled by the business client. Google Privacy Policy
- Anthropic (Claude AI): Conversational AI processing. Messages may be processed by Anthropic's API under their data handling terms. Anthropic Privacy Policy
- Moonshot AI (Kimi): AI model processing for certain conversation types.
- Safaricom M-Pesa: Payment processing for Kenya-based transactions.
- Stripe: Payment processing for international transactions.
We select third-party providers that maintain appropriate data protection standards and do not authorise them to use your data for their own purposes beyond service delivery.
6. Data Retention
- Active client data: Retained for the duration of the service contract plus 12 months
- Conversation logs: Retained for 90 days for operational purposes, then automatically deleted
- Financial records: Retained for 7 years to comply with accounting regulations
- Deleted accounts: Data purged within 30 days of contract termination, except where legal retention is required
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you or your customers
- Correct inaccurate data
- Request deletion of data ("right to be forgotten")
- Data portability — receive your data in a machine-readable format
- Object to certain types of processing
- Withdraw consent where processing is consent-based
To exercise any of these rights, contact us at info@favion.net. We will respond within 30 days.
8. Kenya Data Protection Act Compliance
Favion operates in compliance with the Kenya Data Protection Act 2019 (KDPA). As a data processor acting on behalf of our business clients (data controllers), we maintain data processing agreements and implement appropriate technical and organisational measures as required by the KDPA.
9. International Data Transfers
For international clients, data may be processed in jurisdictions outside Kenya. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent protections consistent with applicable data protection law.
10. Children's Privacy
Favion services are directed at businesses, not individuals under the age of 18. We do not knowingly collect personal data from children directly. If your business serves minors (e.g. schools), you as the data controller are responsible for obtaining appropriate consents.
11. Changes to This Policy
We may update this Privacy Policy as our services evolve. We will notify active clients of material changes by email at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.
12. Contact
For privacy questions, data requests, or concerns: