Privacy Policy

1. Information We Collect

We collect the following types of information:

1.1 Information You Provide to Us

• Account registration details (name, email address, password or login token)
• Business information (clinic name, contact details, social media usernames)
• Messages you send to our support team

1.2 Information from Connected Social Accounts

When you connect Instagram or WhatsApp to Esteti, we may receive:

• Instagram Business Account ID and username
• Page ID associated with your Instagram business account
• Conversations and messages sent to your Instagram business account
• Message metadata (timestamps, sender type, etc.)
• Instagram profile information authorised via Meta's permissions

We only access this information with your explicit permission.

1.3 Automatically Collected Information

• Log data (IP address, browser type, device information)
• Usage statistics (pages viewed, features used)
• Cookies required for secure login and session management

2. How We Use Your Information

We use collected data to:

• Provide our messaging and customer engagement services
• Display and organise Instagram and WhatsApp messages in your inbox
• Enable you to reply to conversations from within Esteti
• Improve platform performance and functionality
• Provide customer support
• Maintain platform security and prevent abuse

We never sell your data.

3. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

• Performance of a contract — to provide the Esteti service
• Consent — for connected social accounts and marketing preferences
• Legitimate interest — platform security, analytics and service improvement
• Legal obligation — where required by applicable law

4. How We Share Information

We only share data with:

• Meta (Facebook/Instagram) — when required for API functionality
• Service providers who help us operate Esteti (hosting, analytics, support tools)
• Law enforcement only where required by law

We do not share customer data with advertisers or unrelated third parties.

All service providers are contractually bound to GDPR-compliant processing.

5. Storage & Security

We store data on secure servers in the EU or equivalent jurisdictions.

We use:

• Encryption in transit (HTTPS)
• Encrypted tokens for social account access
• Access controls and audit logs
• Regular security reviews

If a security incident occurs, we will notify affected users promptly.

6. Data Retention

We retain:

• Account information until your account is deleted
• Message data only while your connected accounts remain active
• Backups for a limited period for security and continuity

You may delete your account at any time.

When deleted, connected social account data is removed from Esteti.

7. Your Rights (EU/UK GDPR)

You have the right to:

• Access your data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Export your data
• Withdraw consent

To exercise these rights, email contact us.

8. Children's Privacy

Esteti is intended for professional use and is not directed at individuals under 16.

9. Connected Instagram & WhatsApp Data

Esteti uses Meta's approved APIs. We only access your Instagram/WhatsApp messaging data to enable:

• Viewing incoming messages
• Sending replies
• Organising message history

We do not access:

• Personal Instagram account messages
• Private user data beyond what you explicitly grant via Meta Permissions

You can revoke Esteti's access at any time from:
Meta Business Integrations → Remove Esteti

10. Changes to This Policy

We may update this Privacy Policy from time to time.

We will notify you of any significant changes via email or in-app.

11. Contact Us

Guarda de Productos S.L.
(Business entity operating Esteti)
Email: contact us