Last updated 3 May 2026
ZeFax is a business assistant for SMBs in emerging markets, that works on WhatsApp. We take privacy seriously. This page tells you exactly what we collect, why, who we share it with, and how to exercise your rights. We apply data protection rules consistent with the General Data Protection Regulation (GDPR) framework and the data protection law in your country (for example, Cameroon Loi 2024/017, Nigeria NDPA, Kenya Data Protection Act, South Africa POPIA, Senegal Loi 2008-12, Mexico LFPDPPP, Colombia Ley 1581 de 2012, Argentina Ley 25.326, Peru Ley 29733, Chile Ley 19.628, or, where applicable, the equivalent law in your jurisdiction). The strictest applicable rule wins.
We store: your phone number; your business name and the metadata you choose to enter (currency, country, city, industry); the conversations you have with the bot (so it can keep context across messages); the records you create through ZeFax (sales, expenses, inventory items, customer notes, orders); your Telegram chat ID if you link Telegram; your email if you contact support. We do NOT store payment card numbers. Cards go directly to certified payment processors who handle the settlement.
Your phone is your account identity. Conversations let the bot remember context (you say "actually 6" and the bot knows you mean the bottles you mentioned earlier). Records are the product itself. Telegram chat ID lets us deliver replies. Email is only used to reply when you write to us via the contact form.
We work with a small set of trusted processors strictly to operate the service: messaging providers (WhatsApp and Telegram, to deliver messages), AI providers (so the bot can understand and reply), payment processors (only when you transact, and only what they need to settle the payment), and our hosting infrastructure. We do NOT sell your data, and we do NOT share with advertisers. Any new processor we add for service operation is reflected in this policy with notice. See "WhatsApp data" below for what Meta sends us and how we use it.
ZeFax integrates with the WhatsApp Business Platform operated by Meta to receive and send messages on behalf of merchants who connect their WhatsApp Business number. This section explains what we receive from Meta and how we treat it. We agree to and operate under the WhatsApp Business Solution Terms and the Meta Platform Terms and Developer Policies. What we receive from WhatsApp: when a buyer messages a merchant who uses ZeFax, Meta delivers to us the message content (text, images, location, voice notes), the sender phone number, the merchant phone number, timestamps, and message delivery status. When a merchant messages the bot, the same applies in reverse. We do not receive any data about the sender beyond what is sent in the conversation. How we use it: we route inbound messages to the right merchant inbox, let the merchant reply, and record the actions a merchant takes in chat (sales, expenses, inventory updates, customer notes). We send outbound confirmations, reminders, and receipts back to buyers. We use machine learning to understand what merchants type so the bot can take the right action ("I sold 3 plates" becomes a sales record). The AI providers we use to do this understanding are pass through processors. They do not retain or train on your messages. What we do not do: we do not sell WhatsApp data. We do not use it for advertising or marketing to third parties. We do not use it to train our own AI models. We do not share it with anyone outside the processor list in the previous section. Retention: active conversations are retained while you use ZeFax so the bot can keep context. After account deletion, transcripts are kept for 90 days for support investigations, then erased. Aggregated metrics that do not identify you may be retained longer. Your rights: you can request a copy of your WhatsApp conversation data or delete your account at any time. See "Your rights" below.
You can request a copy of your data, ask us to correct it, or ask us to delete your account. Email info@cortexstride.com with your phone number and we will respond within 30 days. You can also turn off the bot and keep using the dashboard for manual entry.
Active accounts: as long as you use the service. After account deletion, we retain financial records (sales, invoices) for the period required by your country鈥檚 tax and commercial records rules (typically 5 to 10 years), and conversation transcripts for 90 days for support investigations. After those windows, everything is erased except aggregated metrics that no longer identify you.
Your data is encrypted both when it travels and when it is stored. Sensitive credentials (Mobile Money, payment) are encrypted with a key only the application can read. We verify every message that comes from our messaging and payment partners before acting on it, so a third party cannot pretend to be them. Staff access is logged, and only staff who need it can read your data.
ZeFax is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will close the account.
For privacy questions, email info@cortexstride.com or use our Contact us page. You can also file a complaint with the data protection authority in your country (for example, ANTIC in Cameroon, NDPC in Nigeria, ODPC in Kenya, the Information Regulator in South Africa, the CDP in Senegal, INAI in Mexico, the SIC (Delegatura para la Protecci贸n de Datos Personales) in Colombia, AAIP in Argentina, the Autoridad Nacional de Protecci贸n de Datos Personales in Peru, the Agencia de Protecci贸n de Datos Personales in Chile, or, where applicable, your national EU authority).
We will update this page when we change practices. Material changes are also announced via the bot to your phone, so you have a chance to review before they take effect.