Privacy Policy

Effective Date: June 10, 2026

NextGenSwitch ("Company", "we", "us", or "our") operates a cloud-based contact center and unified communications platform that enables businesses to manage voice calls, SMS, Facebook Messenger, and WhatsApp Business messaging through a single interface. This Privacy Policy explains how we collect, use, store, share, and protect information when you interact with our platform, including through our Meta integrations.

By using NextGenSwitch or authorizing the NextGenSwitch Meta application, you agree to the practices described in this Policy.

1. Scope of This Policy

This Policy applies to:

  • Administrators and users who log in and manage the platform.
  • End users (contacts) who communicate with Organizations via Facebook Messenger or WhatsApp Business.
  • Any person whose data is processed through the NextGenSwitch platform as a result of those interactions.

2. Information We Collect

2.1 Information Collected via Facebook & Meta Integrations

When a Organization administrator connects NextGenSwitch to their Facebook account or Facebook Page, and when end users send messages through Facebook Messenger or WhatsApp Business, we receive and process the following data via the Meta Platform API:

Data Element Source Purpose
Facebook User ID Meta OAuth (Facebook Login) Authenticate organization; link Facebook identity to NextGenSwitch account
Full name Meta OAuth (Facebook Login) Display within platform; associate with organization account
Email address Meta OAuth (Facebook Login) Account identification; communication and notifications
Profile picture URL Meta OAuth (Facebook Login) Display within platform UI
Facebook Page name & Page ID Meta Graph API (GET /me/accounts) Identify and connect the correct Facebook Page for Messenger
Page Access Token (encrypted) Meta Graph API Authorize sending/receiving Messenger messages on behalf of the Page
Messenger message content & metadata Meta Messenger Webhook Deliver inbound messages to agents; store conversation history
Messenger sender PSID (Page-scoped ID) Meta Messenger Webhook Route messages to the correct conversation thread
WhatsApp phone number Meta Graph API / tenant manual entry Identify and connect the correct WhatsApp Business number
WhatsApp Business Account ID (WABA ID) Meta Graph API Subscribe WABA to webhook for inbound message delivery
WhatsApp Phone Number ID Meta Graph API Route outbound WhatsApp messages to the correct number
WhatsApp message content & metadata Meta WhatsApp Business Cloud API Webhook Deliver inbound messages to agents; store conversation history
Media attachments (images, audio, documents) Meta Messenger & WhatsApp Webhooks Display attachments within conversation view; store per retention policy

2.2 Platform Account Information

When a Tenant creates or manages a NextGenSwitch account, we collect:

  • Name, email address, and password (hashed) of platform users.
  • Organization name, billing information, and subscription details.
  • IP address, browser type, and device information for security and audit logging.
  • Configuration settings, call records, voice recordings (if enabled), and agent activity logs.

2.3 Automatically Collected Data

  • Log data (server access logs, error logs) including timestamps, endpoints accessed, and HTTP status codes.
  • Cookies and session tokens used to maintain authenticated sessions.

3. How We Use Your Information

We use the information collected for the following purposes:

  • Authentication & access control: Verify identity of Tenant administrators via Facebook Login OAuth and platform credentials.
  • Message routing: Deliver inbound Messenger and WhatsApp messages to the correct Tenant agent queue in real time via registered webhooks.
  • Conversation management: Store conversation history and display it to authorized agents within the NextGenSwitch inbox.
  • Outbound messaging: Send replies from agents to end users via the Messenger Platform API and WhatsApp Business Cloud API.
  • Platform operations: Provision accounts, manage subscriptions, process billing, and provide customer support.
  • Security & fraud prevention: Monitor for unauthorized access, abuse of messaging channels, and policy violations.
  • Legal compliance: Comply with applicable laws, regulations, and Meta Platform Policies.
We do not use message content from Facebook Messenger or WhatsApp to train machine-learning models, build advertising profiles, or sell to third parties.

4. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, our legal bases are:

  • Contract performance: Processing necessary to provide the services described in the Tenant's subscription agreement.
  • Legitimate interests: Security monitoring, fraud prevention, and platform integrity.
  • Consent: Where end users have consented to messaging interactions through the relevant platform (Facebook Messenger or WhatsApp).
  • Legal obligation: Where processing is required to comply with applicable law.

5. Data Retention

We retain personal data only as long as necessary to fulfil the purposes described in this Policy:

  • Active accounts: Message history and conversation data are retained for the duration of the Tenant's active subscription, or as configured by the Tenant administrator.
  • After account termination: Data is retained for up to 90 days after subscription cancellation to allow data export, then permanently deleted or anonymized.
  • Facebook User data (OAuth): Retained until the user revokes app authorization or submits a deletion request (see Section 7).
  • Audit & security logs: Retained for up to 12 months.
  • Legal hold: Data subject to a legal hold is retained until the hold is released.

6. Sharing of Information

We do not sell personal data. We may share data only in the following circumstances:

  • Meta Platforms, Inc.: Message data is transmitted to and from the Meta Platform APIs (Messenger Platform and WhatsApp Business Cloud API) as required to deliver the messaging service. Meta's use of that data is governed by Meta's own Privacy Policy and Platform Terms.
  • Cloud infrastructure providers: Hosting, storage, and database services used solely to operate the platform. All providers are bound by confidentiality and data processing agreements.
  • Tenant administrators: Message content and contact information is visible to authorized agents and administrators of the Tenant organization that owns the connected Facebook Page or WhatsApp number.
  • Business transfers: In the event of a merger, acquisition, or asset sale, data may be transferred subject to equivalent privacy protections.
  • Legal requirements: When required by law, court order, or governmental authority, or to protect the rights, property, or safety of NextGenSwitch, its Tenants, or the public.

7. User Data Deletion

Users who have authenticated with Facebook Login may request deletion of their data at any time. To submit a deletion request, email us at contact@nextgenswitch.com with the subject line "Data Deletion Request". We will process your request within 30 days.

Upon receiving a deletion request, we will delete or permanently anonymize:

  • All OAuth profile data (Facebook User ID, name, email, profile picture).
  • Linked Messenger and WhatsApp message history tied to the user.
  • All other personally identifiable information derived from the Meta OAuth flow.

8. Cookies & Tracking Technologies

NextGenSwitch uses essential session cookies to maintain authenticated sessions on the platform. We do not use third-party advertising cookies or cross-site tracking technologies.

  • Session cookies: Required to keep you logged in during a browser session.
  • CSRF tokens: Required to protect form submissions against cross-site request forgery.

You may disable cookies in your browser settings, but doing so will prevent you from logging in to the platform.

9. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Facebook Page Access Tokens and WhatsApp credentials are stored encrypted at rest.
  • Access to production data is restricted to authorized personnel through role-based access controls.
  • Webhook payloads from Meta are verified using HMAC-SHA256 signature validation before processing.
  • Regular security reviews and penetration testing are performed.

No method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at contact@nextgenswitch.com.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data (see Section 7).
  • Portability: Request your data in a machine-readable format.
  • Restriction: Request that we restrict processing of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Opt out: Opt out of marketing communications at any time.

To exercise any of these rights, please contact us at contact@nextgenswitch.com. We will respond within 30 days of receipt of your request.

11. International Data Transfers

NextGenSwitch operates globally. Your data may be processed on servers located outside your country of residence. Where we transfer data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries without an adequate level of protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent transfer mechanisms.

12. Third-Party Links & Services

The platform may contain links to third-party websites or integrate with third-party services (e.g., Meta, telephony carriers). We are not responsible for the privacy practices of those parties. We encourage you to review their privacy policies before sharing any personal information.

13. Children's Privacy

NextGenSwitch is a business-to-business platform intended for use by adults and organizations. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us so we can delete it.

14. Refund Policy

Refund requests must be submitted within 7 calendar days from the purchase date. Approved refunds are typically reflected in your bank statement within 6 to 10 business days. After the 7-day window, refunds are not available.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the "Effective Date" at the top of this page and notify Tenant administrators by email. Continued use of the platform after the effective date constitutes acceptance of the revised Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NextGenSwitch Support Team

Email: contact@nextgenswitch.com

Phone: +880 1734-936561

We are committed to resolving privacy concerns promptly and in good faith.