Privacy Policy

Privacy Policy

Effective Date: February 19, 2026

Dashi (“we”, “us”, “our”) operates the Dashi platform, which provides AI-powered customer messaging services for small businesses. This Privacy Policy explains how we collect, use, share, and protect information when you use our service.

This policy applies to all users of the Dashi platform, including business owners who connect their accounts and end users (customers) who communicate with those businesses through Meta platforms (Facebook Messenger, Instagram Direct Messages) and Google Reviews.

Information We Collect

Business Owner Information

  • Name, email address, and phone number provided during signup
  • Business details (name, address, hours, services) entered into your knowledge base
  • Social media account connections (Facebook Page, Instagram Business Account)
  • OAuth access tokens for connected Meta platform accounts

Customer Message Data (via Meta Platform APIs)

  • Messages sent by customers to your business through Facebook Messenger and Instagram Direct Messages
  • Message metadata (timestamps, conversation IDs, sender identifiers)
  • AI-generated draft responses created by our service
  • Your approved or edited responses sent back to customers
  • Google Reviews content and metadata

Usage Data

  • Response times, approval rates, and service usage metrics
  • Technical data (IP address, browser type, device information) for security and service improvement

Chrome Extension (Dashi Content Bridge)

The Dashi Content Bridge Chrome extension allows you to import your own social media posts into Dashi for cross-platform publishing. When you use the extension:

  • What it collects: Post content (text, images, videos) from your Xiaohongshu pages, and an authentication token for communicating with the Dashi platform.
  • How it’s used: Collected content is transmitted to heydashi.com solely to import your posts into Dashi for adaptation and cross-posting to other platforms (Facebook, Instagram, TikTok).
  • What it does not collect: The extension does not collect browsing history, personal information, or any data from websites other than the specific supported platforms. It only activates on pages you explicitly choose to import.
  • All data collected by the extension is handled in accordance with this privacy policy.

How We Use Your Information

We process data solely for the following purposes:

  • To receive and process customer messages on your behalf via Meta Platform APIs
  • To generate AI draft responses using your business knowledge base
  • To send you notifications (SMS/WhatsApp) with draft responses for approval
  • To post your approved responses back to customers on connected platforms
  • To improve our AI response quality and service reliability
  • To maintain the security and integrity of our service

We do not use Meta Platform Data to:

  • Build or augment user profiles for advertising
  • Transfer or sell data to advertising networks or data brokers
  • Serve advertising or target users with ads based on their message content
  • Perform surveillance or monitor individuals

Data Sharing

We do not sell, license, or otherwise commercialize your data. We share information only with the following service providers, strictly as necessary to operate our service:

  • AI Providers (Anthropic/Claude) — Customer messages and your knowledge base are sent to generate draft responses. Anthropic processes data per their privacy policy and does not use your data for model training.
  • Communication Providers (Twilio) — To deliver SMS/WhatsApp notifications to you with draft responses for approval.
  • Meta Platform APIs (Facebook/Instagram) — To receive customer messages from and post your approved responses back to your connected Facebook Pages and Instagram Business Accounts, in accordance with Meta Platform Terms.
  • Google — To receive and respond to Google Reviews on your connected business profile.
  • Hosting and Infrastructure Providers — For secure data storage and service operation.

We do not share Meta Platform Data with any third parties beyond what is described above. We require all service providers to protect your data and use it only for the purposes we specify.

Data Retention

  • Active business data is retained while your account is active.
  • Message history is retained for up to 90 days for service quality and your reference, unless you request earlier deletion.
  • Upon account deletion or disconnection of a Meta platform account, we delete all associated Meta Platform Data within 30 days.
  • Anonymized, aggregated usage statistics may be retained for service improvement.

Data Deletion

You may request deletion of your data at any time by:

  • Emailing us at [email protected] with the subject “Data Deletion Request”
  • Disconnecting your Facebook Page or Instagram Business Account from the Dashi platform, which will trigger automatic deletion of associated Meta Platform Data within 30 days

Upon receiving a valid deletion request, we will:

  1. Delete your personal information and business data from our active systems within 30 days
  2. Remove all Meta Platform Data associated with your account
  3. Confirm deletion via email once complete

We also provide a Data Deletion Callback URL for Meta platform compliance, which enables automated data deletion when users remove our app from their Facebook or Instagram settings.

Data Security

We use industry-standard security measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Encrypted storage for sensitive credentials and OAuth tokens
  • Verified webhook signatures for all platform integrations
  • Regular security reviews and access controls
  • Restricted employee access to user data on a need-to-know basis

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

All Users:

  • Access your data — request a copy of the information we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Disconnect platform accounts at any time
  • Withdraw consent for data processing

California Residents (CCPA/CPRA):

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

European Economic Area / UK Residents (GDPR):

  • Right to access, rectify, or erase your personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at [email protected].

Children’s Privacy

Our service is intended for business use and is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

International Data Transfers

Our service is operated in the United States. If you are accessing our service from outside the United States, your data may be transferred to and processed in the United States. We take appropriate safeguards to ensure your data is protected in accordance with this privacy policy.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via your registered contact method and update the “Effective Date” at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For privacy questions, data requests, or concerns, contact us at: [email protected]