Kharyo Data security and privacy | Kharyo AI - Kharyo
Kharyoharyo AI
Platform security

How we protect your data

The technical and operational measures we apply so your operation in Kharyo stays yours. No inflated claims, just what we actually do today.

Encryption in transit and at rest

All traffic travels over TLS 1.2+. Knowledge bases, operational logs, and receipts are stored encrypted at rest.

Multi-tenant isolation

Each customer's information is logically segmented. Queries, workflows and credentials stay scoped to the owning tenant.

Configurable retention

Logs and conversations are kept for the period defined by your plan. You can request a full export or permanent deletion whenever you need.

Meta-certified Tech Provider

WhatsApp Business runs through Meta's official Cloud API via our certified Tech Provider integration.

Encryption and transport

All communication between the dashboard, the backend, and external providers travels over TLS 1.2 or higher. Service credentials (Meta, Stripe, AI providers) are stored encrypted and rotated whenever the provider supports it.

  • TLS in transit for the dashboard, internal API, and external webhooks.
  • Encryption at rest for knowledge bases, receipts, and operational logs.
  • WhatsApp messages are processed through Meta's official Cloud API. Kharyo does not store end-to-end encrypted history outside the active context.

Multi-tenant isolation

Each customer operates inside their own logical tenant. Workflows, integrations, templates, conversations, and metrics are scoped to that tenant. Internal processes validate the tenant on every operation, preventing cross-tenant leaks.

What data we process

We process only what is necessary to keep the platform running:

  • Account data: email, name, billing details. Kharyo is the controller.
  • Messages and conversations: WhatsApp, Instagram, voice and email. The customer is the controller; Kharyo processes on their behalf.
  • Receipts and banking data: Payment images and notifications are processed for metadata extraction. We are not a financial institution and we do not hold funds.

The full detail, sub-processors, and data subject rights live in the Privacy Policy.

AI: privacy in processing

We configure AI provider integrations under zero retention policies for training. Your conversations and knowledge bases stay private and isolated from other customers and from the public model.

Meta operational compliance

Kharyo operates as a Meta-certified Tech Provider. This means access to the WhatsApp Business Cloud API and WhatsApp messaging operations follow the commerce and messaging policies Meta requires from its technology partners in 2026.

Retention and deletion

Operational logs and conversations are kept for the period configured by your plan, 30 days by default. You can request a full export of your data or the permanent deletion of your instance by writing to [email protected].

Report a security issue

If you discover a vulnerability or have an operational concern, write to [email protected]. We handle responsible disclosure and reply through the same channel.

Honesty about certifications: We do not currently hold SOC 2, ISO 27001, or PCI DSS audits. If your purchase requires one of those certifications, write to [email protected] and we will build a compliance plan aligned with your procurement process.