| This Privacy Policy applies to all users of Bellbee, including business owners who register on our platform and end-customers who interact with Bellbee-powered WhatsApp AI assistants. By using Bellbee, you agree to the practices described in this Policy. This Policy is published at Stacksol.com/privacy-policy and linked from bellbee.ai and dashboard.bellbee.ai. |
1. Who We Are
Bellbee is a WhatsApp Automation SaaS Platform and a product of Stacksol. Stacksol operates as two legal entities: Stacksol, a private limited company registered in England and Wales (United Kingdom), and Stacksol (Pakistan), a registered business entity in Pakistan (together referred to as “Stacksol,” “we,” “us,” or “our”). The precise inter-entity structure governing IP ownership, licensing, and operational responsibilities is subject to finalisation and will be reflected in an updated version of this Policy. In all cases, Stacksol is the Data Controller for data collected from Business Owners and acts as a Data Processor on behalf of Business Owners with respect to End-Customer data.
| [LAWYER REVIEW NOTE] Update this section once the final corporate structure is confirmed — specifically which entity (UK Ltd or Pakistan SMC-Pvt) is named as the primary contracting party and Data Controller. This placeholder language is legally safe for launch but should be finalised within 90 days. |
Contact details:
- Product: Bellbee (bellbee.ai)
- Company: Stacksol
- Privacy enquiries: [email protected]
- Support: [email protected]
- Website: stacksol.com
2. Scope of This Policy
This Policy applies to:
- Business Owners: individuals or entities who register for a Bellbee account via dashboard.bellbee.ai.
- End-Customers: individuals who send WhatsApp messages to a business using Bellbee’s AI assistant.
- Visitors: individuals who visit bellbee.ai or stacksol.com without registering.
| If you are an End-Customer with questions about how your data is handled by a specific business, contact that business directly. If the business is unresponsive, contact us at [email protected]. |
3. Data We Collect
3.1 From Business Owners
When a business owner registers and uses Bellbee, we collect:
- Identity data: full name, business name, business type, and address.
- Contact data: email address, WhatsApp Business phone number, and website URL.
- Business configuration data: services, products, pricing, working hours, and FAQs entered to train the AI assistant.
- Account credentials: password stored as a cryptographic hash — never in plaintext.
- Subscription and billing data: chosen plan, token usage history, and payment transaction references. Card details are processed exclusively by Alfa Payment Gateway and are never stored by Bellbee.
- Technical data: IP address, browser type, device information, and session logs.
- Usage data: feature adoption rates, login timestamps, and dashboard interaction metrics.
3.2 From End-Customers
When an end-customer sends a WhatsApp message to a Bellbee-powered business, we collect and process the following on behalf of the business owner:
- WhatsApp phone number — stored AES-256 encrypted (Laravel Crypt) and hashed (HMAC-SHA256) for all database lookups. Never displayed or logged in plaintext.
- WhatsApp display name (pushName) as set by the customer in WhatsApp.
- Message content — used in real-time to generate an AI reply and stored in the business owner’s chat history.
- Appointment details (name, service type, date, time) where a booking is made via the AI assistant.
- Order details (items, quantity, delivery address) where an order is placed via the AI assistant.
| End-customer phone numbers and display names are NEVER sent to any third-party AI provider. Only message text and relevant business context are transmitted to Groq Cloud for AI response generation. |
3.3 Cookies and Technical Data
When you visit bellbee.ai or use dashboard.bellbee.ai, we automatically collect:
- Session cookies necessary for authentication and dashboard functionality.
- Preference cookies to remember your settings across sessions.
- Aggregate, anonymised analytics data including page views, session duration, and feature usage.
You may control cookie settings via your browser. Disabling session cookies will prevent dashboard access. We do not use advertising cookies or share cookie data with advertising networks.
4. How We Use Your Data
4.1 To Deliver the Bellbee Service
- Connecting your WhatsApp Business number to an AI-powered automated assistant.
- Generating AI-powered replies to end-customer messages via Groq Cloud LLM.
- Storing conversation history, appointment logs, and order records in your dashboard.
- Processing subscription payments and token pack purchases via Alfa Payment Gateway.
- Sending transactional emails for password resets, payment confirmations, subscription renewals, and low token alerts from [email protected].
4.2 For Business Intelligence, Product Development, and Growth
Stacksolprocesses aggregated and anonymised data derived from platform usage for the following legitimate business purposes:
- Analysing platform usage patterns, feature adoption rates, and AI response performance to improve Bellbee’s product and AI capabilities.
- Conducting internal market research and demand analysis to inform product roadmap decisions, pricing strategy, and geographic expansion plans.
- Generating statistical insights about SMB communication behaviours across business categories. This data is always aggregated and de-identified — no individual business or customer is identifiable in any analysis.
- Informing future product launches or services offered by Stacksol, including potential marketplace features, analytics products, or new vertical offerings.
| We will never sell your personal data or your end-customers’ personal data to any third party. Business intelligence use is strictly limited to aggregated, anonymised data. You have the right to object to processing under this section — see Section 9. |
4.3 Security and Compliance
- Maintaining audit logs for security monitoring and fraud detection.
- Complying with applicable Pakistani law, Meta WhatsApp Business Policy, and international data protection frameworks where applicable.
- Investigating abuse reports, Terms of Service violations, and law enforcement requests.
5. Legal Bases for Processing
- Contract performance: processing necessary to provide the Bellbee service you have subscribed to.
- Legitimate interests: product analytics, platform improvement, aggregate market research, and business intelligence — where these do not override your rights and freedoms.
- Legal obligation: retention of payment records for 7 years as required by applicable tax and financial regulations.
- Consent: where we rely on your explicit consent, such as optional marketing communications. You may withdraw consent at any time.
For End-Customers: the legal basis for processing your WhatsApp messages is the legitimate interest of the business owner in operating their customer communications service. End-customers who contact a Bellbee-powered business have a reasonable expectation that messages will be processed by the business’s systems.
6. AI Processing Disclosure
Bellbee is an AI-powered service. When you send a WhatsApp message to a business using Bellbee:
- Your message is read and processed automatically by an AI system.
- A reply is generated by Groq Cloud’s large language model based on your message and the business’s configured context.
- The AI may not always respond accurately. Businesses are responsible for monitoring AI responses and maintaining human oversight.
- You are interacting with an automated system. Type HUMAN at any time to request a human agent.
| Businesses using Bellbee are required by our Terms of Service to disclose to their customers that AI automation is in use. Bellbee complies with Meta’s WhatsApp Business Policy on automated messaging. |
7. Third-Party Service Providers
We share limited data with the following third-party service providers under contractual data protection obligations:
| Service / Provider | Purpose | Data Shared | Location |
| Meta / WhatsApp Business API | Send & receive WhatsApp messages | Business phone number; message content | Global (Meta) |
| Evolution API (self-hosted) | WhatsApp instance management | Phone number; message content | Stacksol VPS |
| Groq Cloud LLM | AI response generation | Message text + business context ONLY — no personal identifiers sent | USA (Groq servers) |
| Alfa Payment Gateway | Subscription & token payments | Payment amount; transaction reference | Pakistan |
| Hostinger SMTP | Transactional email delivery | Email address; email content | Hostinger VPS region |
| n8n (self-hosted) | AI workflow orchestration | Internal only — no external sharing | stacksol VPS |
We do not sell data to, or share data for their own marketing purposes with, any third party. Where providers are located outside Pakistan, we implement appropriate contractual safeguards including Standard Contractual Clauses where applicable.
8. International Data Transfers
stacksol is operated from Pakistan and the United Kingdom. Certain third-party providers — notably Meta and Groq Cloud — process data on servers in the United States and other jurisdictions. By using Bellbee, you acknowledge that your data may be transferred internationally.
We mitigate transfer risks by:
- Ensuring no personal identifiers (phone numbers, names) are transmitted to Groq Cloud — only message text and business configuration.
- Requiring contractual data protection obligations from all third-party providers.
- Working towards signed Data Processing Agreements (DPAs) with all AI and cloud providers.
For users in the European Union or United Kingdom, international transfers are conducted in compliance with GDPR Chapter V. Contact [email protected] for details of applicable safeguards.
9. Data Retention
| Data Category | Retention Period | Legal Basis |
| Active account data | Duration of subscription | Contract performance |
| Cancelled / inactive accounts | 30 days post-cancellation, then deleted | Legitimate interest |
| Redis conversation memory | 24 hours of inactivity per conversation | Service delivery |
| Audit logs | 90 days | Security & compliance |
| Payment records | 7 years | Legal / tax obligation |
10. Your Rights
10.1 Rights of Business Owners
- Right of access: request a copy of all personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your account and all associated data, completed within 30 days.
- Right to data portability: export your appointment and order history directly from the dashboard.
- Right to object: object to processing based on legitimate interests, including business intelligence use described in Section 4.2.
- Right to restrict processing: request that we limit how we use your data while a complaint is under review.
10.2 Rights of End-Customers
- Request deletion of your conversation history by contacting the business you messaged.
- If the business is unresponsive within 30 days, escalate to [email protected] and we will action the request directly.
- Request confirmation of what data Bellbee holds relating to your WhatsApp number.
To exercise any right, email [email protected]. We respond within 30 days and may request identity verification before actioning sensitive requests.
11. Data Security
- AES-256 encryption (Laravel Crypt) for all stored end-customer phone numbers.
- HMAC-SHA256 hashing for all phone number database lookups — raw numbers never in logs or URLs.
- HTTPS enforced across all production services.
- API authentication via Laravel Sanctum with token expiry.
- Redis conversation memory with automatic 24-hour TTL deletion.
- Two-Factor Authentication (TOTP) protecting the admin panel.
- Admin login lockout after 3 failed attempts — 30-minute lockout period.
- Separate encrypted MariaDB database for sensitive data.
In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify you without undue delay and notify the relevant supervisory authority within 72 hours of becoming aware of the breach where required by applicable law.
12. Children’s Privacy
Bellbee is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. Business owners who serve minors (e.g. schools, clinics) are responsible for obtaining appropriate parental consent under applicable law. If you believe we have inadvertently collected data relating to a minor, contact [email protected] immediately.
13. WhatsApp and Meta Compliance
- Bellbee operates in compliance with Meta’s WhatsApp Business Policy and WhatsApp Business Terms of Service.
- Business owners must obtain appropriate consent from customers before initiating WhatsApp communications.
- Business owners must not use Bellbee for spam, unsolicited bulk messaging, or any content prohibited by Meta’s policies.
- Bellbee manages WhatsApp Business Accounts (WABAs) on behalf of business clients as a Meta Technology Provider / BSP (application in progress).
- Violations of Meta’s policies may result in WABA suspension by Meta independently of any action taken by Bellbee.
14. Where to Find This Policy
This Privacy Policy is published at:
- stacksol.com/privacy-policy — the canonical version (always the most current)
- bellbee.ai — linked in the website footer
- dashboard.bellbee.ai — linked in the dashboard footer
Business owners are responsible for making their end-customers aware that Bellbee processes communications on their behalf and for directing end-customers to this Policy where required.
15. Changes to This Privacy Policy
- We will update the Effective Date at the top of this Policy when material changes are made.
- Registered business owners will be notified by email at least 30 days before material changes take effect.
- A prominent notice will be displayed on dashboard.bellbee.ai.
- Continued use of Bellbee after the effective date of any update constitutes acceptance of the revised Policy.
16. Governing Law and Contact
This Privacy Policy is governed by the laws of the Islamic Republic of Pakistan. Any dispute arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Lahore, Pakistan. Stacksol is additionally registered in England and Wales; users in the United Kingdom or European Union may reference applicable UK/EU data protection law in their dealings with us.
- Privacy enquiries: [email protected]
- Support: [email protected]