Privacy Policy

Last updated: May 9, 2026

Patra ("Patra," "we," "us," or "our") operates the Patra unified inbox platform, which connects to messaging channels — including Facebook Messenger, Instagram, WhatsApp, Telegram, web chat, and email — so businesses can manage customer conversations from a single workspace and use AI to assist with replies.

This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over your data. By using Patra you agree to the practices described here.

1. Information we collect

1.1 Account information

When you sign up for Patra, we collect:

• Your name, email address, and a hashed password
• Your business or organization name
• Profile photo (optional)
• Billing details if you subscribe to a paid plan (processed by our payment provider; we do not store full card numbers)

1.2 Channel and conversation data

When you connect a messaging channel to Patra (for example, a Facebook Page or WhatsApp Business number), we receive and store on your behalf:

• Channel identifiers and access tokens issued by the source platform
• Customer messages sent to or from the connected channel, including text, attachments, timestamps, and delivery status
• Customer profile information made available by the source platform — typically a display name, avatar, and platform-specific user identifier
• Metadata about the conversation (assignee, status, labels, notes)

1.3 Usage and device data

• Browser type, operating system, device identifiers
• IP address and approximate location derived from it
• Pages viewed, features used, action timestamps
• Cookies and similar technologies (see Section 8)

2. How we use information

• Service delivery: route messages between channels and your inbox, sync conversations, deliver replies, and provide AI-assisted suggestions
• Account management: authentication, billing, support, and account-related notifications
• Service improvement: understand how Patra is used so we can fix bugs and ship better features (analytics performed on aggregated, de-identified data wherever possible)
• Security: detect, investigate, and prevent fraud, abuse, and unauthorized access
• Legal compliance: meet our obligations under applicable law

3. How we share information

We do not sell your personal data. We share information only in these cases:

• Sub-processors and infrastructure providers who run our services on our behalf (cloud hosting, database, email delivery, error monitoring, payment processing). These providers are contractually bound to protect your data and use it only to provide their service to us.
• Messaging platforms such as Meta (Facebook, Instagram, WhatsApp), Telegram, and others — but only the data required to deliver and receive messages on your behalf.
• Legal authorities when we are required to disclose information by valid legal process, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property.
• Successor entities in the event of a merger, acquisition, or sale of assets — with continuing protection of your data under this policy.

4. Data retention

• Account data: retained while your account is active. Deleted within 30 days of an account-deletion request.
• Conversation data: retained while your account is active or as configured in your retention settings, whichever is shorter.
• Backups: deleted from backup systems within 90 days of the original record's deletion.
• Server and security logs: retained for up to 12 months for audit, security, and abuse-investigation purposes.
• Billing records: retained as long as required by tax and accounting law in our operating jurisdiction.

5. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Receive a copy of your data in a portable format
• Request correction of inaccurate data
• Request deletion of your personal data
• Object to or restrict processing of your data
• Withdraw consent at any time (without affecting processing already done)
• Lodge a complaint with a supervisory authority in your jurisdiction

To exercise any of these rights, email support@patrahq.com. We respond to requests within 30 days.

6. Data deletion (Meta and other platforms)

You can also disconnect a channel at any time from the Patra dashboard, which immediately stops new data from flowing in. Existing data is removed according to the timelines in Section 4 unless you also submit a deletion request.

7. Children's privacy

Patra is a business tool not directed at children. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected such data, we will delete it.

8. Cookies and tracking

We use a small number of cookies and similar technologies for:

• Strictly necessary functions (authentication, session management, security)
• Preferences (your selected language, theme)
• Analytics (aggregated usage patterns to improve the service)

You can control cookies through your browser settings. Blocking strictly necessary cookies may break sign-in.

9. International data transfers

Our infrastructure may be located in the United States and other regions. By using Patra, you consent to your data being processed in any country where we or our sub-processors operate. Where required (e.g., transfers from the EU), we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

10. Security

We use industry-standard measures to protect your data, including:

• TLS encryption in transit
• Encryption at rest for credential and conversation storage
• Strict role-based access controls for employees
• Regular security reviews and dependency patching

No system is 100% secure. If you discover a vulnerability, please report it to support@patrahq.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email, in-app notice, or by posting the updated policy with a new "Last updated" date. Continued use of Patra after the update means you accept the new policy.

12. Contact us