Legal

Privacy policy

Last updated: 12 May 2026 · Effective immediately

This policy explains what data Risolva collects when you use our platform, how we use it, who we share it with, and the rights you have over it. We've tried to keep it short and concrete. If anything is unclear, write to us at [email protected].

Who we are

"Risolva" is a product of Century 21 Computer Systems (century21.com.pk), based in Karachi, Pakistan. We are the data controller for the personal data we collect through our website and the data processor for messages that pass through our platform on behalf of our customers.

Legal entity

Century 21 Computer Systems

608 Progressive Square, Shahra-e-Faisal
Block 6, P.E.C.H.S., Karachi 75350
Pakistan
+92 21 3431 2270 · [email protected]

What we collect

Account data: name, work email, company, role, and password hash.
Workspace data: the messaging-channel credentials, knowledge-base documents, and contact records you connect to Risolva.
Conversation data: the messages exchanged between your customers and your team or AI agent on our platform, including timestamps and metadata.
Usage data: log entries, IP address, browser type, and pages visited — used to keep the service running and secure.
Billing data: billing contact and invoice records. Card details are handled by our payment processor and never stored on our servers.

How we use it

To provide the service: route messages, generate AI responses, and surface them to your team.
To improve the service: aggregate, anonymised analytics. We do not train foundation models on your customer conversations.
To keep things secure: detect abuse, fraud, and policy violations.
To talk to you: product updates, billing, and security notices. Marketing email is opt-in only.

Meta integrations

When you connect a Facebook Page, Instagram Business account, or WhatsApp Business account to Risolva, we receive data from Meta's Graph API under the permissions you grant during the OAuth consent flow. The specific data we read and how we use it:

Account profile metadata (account ID, username, page name) — used to display the connected channel in your dashboard so you can confirm the integration is pointing at the correct account, and to route inbound webhook events to the right tenant.
Page posts (text content, timestamps, permalinks) — fetched on a recurring schedule from your connected Facebook Page and surfaced in your "Pending approvals" queue. Posts only enter your AI assistant's knowledge base after you explicitly approve them.
Direct messages and Page messages (sender ID, message content, timestamps, attachments) — delivered via webhook to your shared inbox so your team and the AI agent can read and reply.

For Meta data, you (the connecting business) are the data controller; Risolva is the processor. Each business's data is isolated server-side by tenant — one customer cannot see, read, or send to another customer's connected accounts. We retain Meta data for as long as the integration is active and delete it within 30 days of channel disconnection or account closure. We do not use Meta data to train foundation models, for advertising, or for any purpose other than running your inbox.

Recipient opt-out and STOP keywords

Meta's WhatsApp Business Messaging Policy requires businesses to honor opt-out requests from message recipients. Risolva enforces this automatically on every connected channel and tenant:

Keyword detection on every inbound message. When a customer replies with STOP, UNSUBSCRIBE, OPT OUT,CANCEL, END, QUIT, or their Roman-Urdu and Arabic equivalents, the platform records the opt-out and blocks all subsequent outbound messages on that channel — including AI replies, agent replies, broadcasts, and approved-template sends.
Mandatory policy acknowledgment. A short confirmation is sent back to the customer in the language of the matched keyword (English, Urdu, or Arabic), telling them the unsubscribe was received and how to re-subscribe.
Per-channel scope. Opting out on WhatsApp does not silence WebChat or other channels — Meta's enforcement boundary is per-WhatsApp-Business-Account, and we mirror it. Recipients control each channel independently.
Re-opt-in path. A customer can re-subscribe by replyingSTART (or SUBSCRIBE / RESUME / their localized equivalents). A tenant's agents can also manually re-opt-in a customer from the conversation panel after capturing the customer's out-of-band consent; every manual override is recorded in the tenant's audit log.
Auditable trail. Every opt-in / opt-out transition is logged with the trigger source (keyword, agent action, or platform notification), the matched word, and a timestamp. Tenants can produce this trail on demand for Meta or regulatory inquiries.

Sub-processors

We use the following vendors to run Risolva. Each is bound by data-processing terms consistent with this policy.

Amazon Web Services, Inc. (United States, Singapore region) — cloud hosting, application servers, and SQL Server database.
OpenAI, L.L.C. (United States) — large-language-model inference for AI replies, knowledge classification, and semantic embeddings of message content.
Cohere Inc. (United States, Canada) — reranking model for retrieval-augmented generation.
Qdrant Solutions GmbH (Germany, Frankfurt region) — managed vector database storing embeddings derived from message and knowledge content.
Stripe, Inc. (United States) — billing and payment processing. Stripe does not receive any Meta data or conversation content.

Data location and retention

Application servers and your primary workspace database are hosted in the AWS Asia Pacific (Singapore) region. Vector embeddings of your knowledge content are stored in the Qdrant Cloud Frankfurt (Germany) region. We retain conversation and workspace data for as long as your workspace is active. When you close your account, we delete it within 30 days unless we're required to retain it for legal reasons.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise any of these, email [email protected] from the address on file. We respond within 30 days.

Cookies

We use a small number of first-party cookies to keep you signed in and to measure anonymous traffic. We do not use third-party advertising cookies.

Children

Risolva is a B2B product. It is not directed at children, and we do not knowingly collect data from anyone under 16.

Changes

If we make material changes to this policy, we'll email account owners at least 14 days before they take effect. The "last updated" date at the top always reflects the current version.

Contact

Questions, concerns, or rights requests: [email protected].