Privacy policy
PureSocial is a product developed by Sixtra Chile S.A. hereinafter, it is referred to in this document as PureSocial.
PureSocial is an integrator of Social Networking and Messaging Applications with Genesys Contact Centers. PureSocial receives real time meta data for every interaction that allows businesses to identify, classify and deliver information about the interaction itself. The meta data received on every social network of the PureSocial portfolio, using official APIs, will be stored temporally for no more than 15 days with the purpose to ease the performance of the agents related to the efficient management of interactions. The received meta data is not modified in any way by PureSocial or transferred back to its issuer; it is a basic input to ease customer interactions management, while someone might be able to identify someone through a WhatsApp number or social network user by examining profile details or using third-party tools, the process is often not straightforward and depends on privacy settings.
Businesses that subscribe to Pure Social’s service use the application to provide Customer Care. PureSocial does not control the content sent in a conversation between an End User and the bot application or the Contact Center agent, nor is PureSocial responsible for the use of the information collected through the Social Media or Messaging Applications by the Contact Center.
PureSocial is a Data Processor.
The diagram in this URL shows the relationships between parties involved in an interaction flow; they are:
1. PureSocial and Genesys Cloud.
2. PureSocial and Social Networks / Messaging Apps.
3. Final users and Social Networks / Messaging Apps.
The relations between the external parties that the PureSocial service uses, is established by:
- The Terms-of-Service signed between PureSocial and the Business that provides the Contact Center service (1).
Schedule F – AppFoundry developer agreement FY24
- The Terms-of-Service signed between PureSocial and the company that owns the Social Network or the Digital Messaging Application (2).
When using APIs for PlayStore, AppStore or Social Networks and Messaging Apps (like Facebook, Twitter, Instagram, WhatsApp, or others) for business purposes, there are typically Terms and Conditions that outline the rules and responsibilities of businesses or developers accessing and using these APIs.
While these terms can vary depending on the platform, the general themes are similar across different networks. Below is a summary of what is usually covered in these terms:
1. Access and Use
· Limited Access: APIs are often only available to verified businesses or developers with specific access levels (e.g., enterprise, or approved developer accounts).
· Authorized Use: The API must be used for business purposes, such as managing ads, customer support, automating posts, and analyzing data, within the boundaries of the platform’s guidelines.
· Compliance with Policies: You must adhere to the platform’s general use policies, including content guidelines and data privacy standards.
2. Data Usage and Privacy
· User Data Protection: Businesses using APIs must comply with privacy regulations (e.g., GDPR, CCPA) when handling user data. For example, obtaining user consent for data collection and respecting data access restrictions.
· Data Ownership: Platforms retain ownership of user data, while businesses may use the data for purposes like customer engagement (like the metadata received in PureSocials’ interactions), advertising, or analytics within allowed limits.
· Prohibited Data Collection: Some APIs restrict the collection of certain types of data, especially sensitive data, like personal identification information or user behaviors that go beyond the platform’s intended use.
3. API Limitations
· Rate Limits: APIs usually have limits on the number of requests that can be made per hour or day to prevent abuse and ensure service reliability.
· Usage Restrictions: The platform may restrict certain types of usage, like scraping, spamming, or using the API in a way that could overload their servers or violate user privacy.
· Deprecation or Changes: API functionality can change, and platforms may modify or deprecate certain endpoints without prior notice.
4. Security
· Authentication and Authorization: APIs require secure authentication methods such as API keys, OAuth tokens, or other authorization mechanisms to protect the data and services. PureSocial integration resolves this kind of requirements.
· Data Security Responsibility: The business is responsible for securing any data retrieved through the API and ensuring that their implementation does not expose users or data to risks.
· Incidents and Breaches: Developers and Businesses are required to notify the platform promptly if there is a breach of security or misuse of the API, especially if user data is compromised.
5. Modification and Termination
· Terms Change: The platform can change the terms of API usage at any time, and businesses are expected to keep up with updates. Typically, users are notified of material changes to the terms.
· Suspension or Revocation: The platform reserves the right to suspend or revoke API access if the business violates the terms, engages in misuse, or the platform deems it necessary.
6. Legal Responsibilities
· Indemnity: Businesses using the API agree to indemnify the platform in case of lawsuits, claims, or damages resulting from the misuse of the API or the business’s failure to comply with legal obligations.
· Compliance with Laws: The terms will require businesses to comply with local and international laws, especially regarding data protection, intellectual property, and consumer rights.
7. Intellectual Property
· API License: Platforms typically grant businesses a limited, non-transferable license to use the API in accordance with the terms. Businesses do not own the API or any of the data accessed, and they cannot reverse-engineer or resell the API.
· Platform Rights: The platform retains ownership of its intellectual property, including its branding, API endpoints, and any proprietary technology or data used.
8. Limitations of Liability
· Platform Disclaimers: Social networks and messaging apps include disclaimers stating they are not liable for any damages, interruptions, or issues arising from using the API, especially if there are bugs, downtime, or service disruptions.
· Business Responsibility: The business assumes full responsibility for how they use the API and any consequences that arise from errors or breaches.
9. Third-party Integrations
· Use of Third-Party Tools: Many businesses integrate third-party services with the platform’s API (e.g., analytics tools, CRM systems). The terms may include guidelines for how third-party services should be used in conjunction with the API.
· No Liability for Third Parties: Platforms often disclaim any responsibility for third-party services or tools that integrate with the API.
10. Advertising and Promotional Use
· Ad Spend and Campaign Management: Businesses using social media APIs for advertising (e.g., Facebook Ads API, Instagram Ads) must adhere to additional terms specific to ad spend, targeting criteria, and measurement tools. They also must comply with rules about ad content, targeting, and reporting.
· Promotional Content: The platform may place restrictions on how businesses can use their API to promote or distribute content, ensuring that it doesn’t violate their terms for advertising or user interaction.
Following, there are links to official documentation
– X
– WhatsApp
– Youtube
– Telegram
– AppStore
- The Privacy Agreement or the Privacy Policy, accepted by End Users, showed by the Social Network or Messaging Application (3).
Privacy agreements and policies play a crucial role in social networks and messaging apps, as they outline how user data is collected, used, and protected. These documents vary by platform, but they generally cover similar areas in terms of user privacy and data handling. Below is a summary of privacy agreements or privacy policies typically accepted by users on platforms supported by PureSocial:
1. General Aspects Covered by Privacy Agreements or Policies
· Data Collection: Social networks and messaging apps typically collect various types of data, including personal information (name, email, location), usage data (app interactions, preferences), and metadata (message timestamps, IP addresses, device information).
· Data Usage: The collected data is often used for purposes such as improving service functionality, providing personalized experiences, advertising, and sharing with third-party partners for analytics and marketing purposes.
· Data Sharing: Platforms may share user data with third-party partners, advertisers, or other services to improve offerings or provide targeted advertising. This can include sharing data within the same company family (for example, Facebook sharing data between its apps like Instagram and WhatsApp).
· User Consent: By agreeing to the privacy policy, users typically consent to the platform’s data practices. In many cases, users are asked to actively opt-in to specific data uses, such as location tracking or personalized advertising.
· User Rights: Privacy policies often explain users’ rights, such as access to their data, the ability to correct or delete their data, and the ability to withdraw consent for data collection.
· Data Protection: The privacy policies usually describe the security measures in place to protect user data, including encryption, secure servers, and compliance with data protection laws (like GDPR, CCPA).
· Data Retention: Platforms often explain how long they retain user data and under what circumstances data may be deleted or anonymized.
2. Privacy Policies of Popular Social Networks and Messaging Apps
Here’s an overview of the privacy policies for some major platforms:
· Facebook and Instagram (Meta):
o Facebook’s privacy policy outlines how they collect and use personal data, including data from their social networking platform and other connected services.
o Link to Privacy Policy: Facebook Privacy Policy
o As part of the Meta family, Instagram shares similar privacy policies, with a focus on data from photo-sharing and interactions.
o Link to Privacy Policy: Instagram Privacy Policy
· WhatsApp (Meta):
o WhatsApp’s privacy policy addresses end-to-end encryption of messages and explains how user data is handled, including phone numbers and messages.
o Link to Privacy Policy, Data Privacy Framework and Channels Supplemental Privacy Policy: WhatsApp Privacy Policy
· Twitter:
o Twitter’s privacy policy provides details on how they collect data from tweets, interactions, and user profiles.
o Link to Privacy Policy: Twitter Privacy Policy
· Telegram:
o Telegram’s privacy policy focuses on its commitment to privacy and how it protects user data, including the use of end-to-end encryption in some chats.
o Link to Privacy Policy: Telegram Privacy Policy
3. Key Regulatory Compliance
Many social networks and messaging apps are required to comply with international data privacy regulations, including:
· GDPR (General Data Protection Regulation): A regulation in the European Union that mandates strict data protection and privacy practices for platforms operating in the EU.
· CCPA (California Consumer Privacy Act): A law that enhances privacy rights for California residents, including the right to request data deletion and opt-out of data sales.
· Other Regional Laws: Countries and regions may have specific data privacy laws, such as Brazil’s LGPD (Lei Geral de Proteção de Dados), that platforms need to adhere to.
4. User Consent and Opt-Out Mechanisms
· Opt-In: Many platforms ask for explicit consent before collecting certain types of data (e.g., location or marketing preferences).
· Opt-Out: Users can usually opt-out of certain data uses, such as targeted advertising or location tracking, via settings in the app or website.
· Data Portability: Platforms may offer users the ability to download or transfer their data to another service.
5. Changes to Privacy Policies
· Social networks and messaging apps are required to notify users if there are any significant changes to their privacy policies, giving users a chance to review and accept the new terms.
· Example: If a platform updates its privacy policy, users are often notified via in-app notifications or emails and may need to accept the updated terms to continue using the service.
It’s essential for users to read and understand the privacy policies of the platforms they use, as these documents help ensure transparency and allow users to make informed decisions about how their data is handled.
Mechanisms for capturing and collecting personal data:
· PureSocial uses the information of the End User provided by Social Media and Messaging Applications, which are sent to the Contact Center to provide Customer Service. This information is managed according to the policies that rule the relationships mentioned above in (2) PureSocial and Social Networks and Messaging Apps and (3) End Users and Social Networks and Messaging Apps. The metadata of every interaction is included in the interaction attributes, the list of attributes delivered by PureSocial can be consulted here: https://help.puresocial.cx/search/attributes-delivered-by-puresocial
· PureSocial stores the text of conversations between the End Users and the Bot or the Contact Center agent. PureSocial will keep the text of conversations for 15 days for context delivery purposes at the time of transferring the interaction to an agent; however, the company providing the Contact Center service may disable text message storage so that no messages are stored within PureSocial.
· For multimedia content, PureSocial does not store any multimedia objects. When the End User sends a message with multimedia content, the Social Network delivers a URL for each multimedia object, and PureSocial translates it into a new URL, within the domain puresocialcx.com .
Data processing:
Data processing in social network interactions refers to the collection, storage, and analysis of data generated by users as they engage with social media platforms. Social networks process vast amounts of data to deliver personalized experiences, improve platform performance, target advertising, and provide insights into user behavior. When it comes to PureSocial:
- Information is exchanged through a secure channel, and only for the purposes set out in the Terms-of-Service stated by (1) and (2); basic meta data is shared by social channels that is transferred to Genesys Cloud interactions.
- The information is processed only for the purpose stated in the Terms-of-Service (1); metadata is organized as attributes to be accessed by Genesys Flows or Agents.
- The Luhn algorithm is used to detect and mask personal information.
- The information is stored encrypted in a system with controlled access and is kept for the time set out in the Terms-of-Service (1) or until the End User requests its deletion.
- All meta data and information received within an interaction through any of the Social Network supported by PureSocial will not be modified in any way by PureSocial code or transferred back to its issuer.
- For WhatsApp outbound messaging the information is covered by the policies that apply in (1), (2), and (3); besides that, for outbound templates messaging, the WhatsApp Business Messaging Policy must be met. Agents can send outbound messages from their workstations, PureSocial administrators can load records into a campaign to be sent by PureSocial services and businesses can send outbound messages using PureSocial APIs.
- PureSocial’s engineers do not have access to the information.
- PureSocial’s administrators may access End User information only when required by the End User itself or by a court of law.
Possible information flows:
Below, a description of possible information flows and a diagram illustrates each one of them. Pointed green line marks the flow of each scenario, all of them involve all the components of the communication: policies of (1), (2), and (3); plus (4), which is the Genesys internal link between PureSocial and the agents’ widget; it takes part of several scenarios.
1. Use case 1: Agent assigned to an interaction.
– That’s the most complex flow, it involves PureSocial widget query to get the information required to build the context for the agents.
– The communication between Genesys Cloud Services and Agents’ Desktop is secured according to the Genesys Security Deployment Guide.
– PureSocial widget at Agents’ workstation gets the context of the last 15 days of messages to build context for the agents in real time. If Genesys Agent Desktop is used, the Context query is not required.
– The Luhn algorithm is used to detect and mask personal information as Credit Card Numbers. For a credit card number, the agents have access only to the last 4 digits using PureSocial agents’ interface even when the customer enters the whole number.
– The use case is described in this diagram.
2. Use case 2: A flow contains the client and does not transfer to a queue and an agent.
– The Context query is not required.
– The flow is described in this link.
3. Use case 3: Agent sends a proactive notification in private channels of Facebook, Instagram and X.
– It is a feature available for private channels.
– The agent searches for a finished interaction to start a new interaction with the customer; then enters the Interaction ID to get all its properties to start a new conversation.
– The Context query is not required, PureSocial database is not involved in this flow; PureSocial widget is required.
– The flow is described in this link.
4. Use case 4: Agent sends a proactive notification on WhatsApp channel.
– It is a feature that allows to send WhatsApp templates to trigger a business-initiated conversation with a customer.
– The agent selects a template, fills in the required fields and sends the message.
– PureSocial database is involved in this flow because it stores the configuration related to WhatsApp templates, previously enabled using PureSocial Admin portal; as well as the results of the outbound messaging.
– The flow is described in this link.
5. Use case 5: A campaign sends outbound WhatsApp messages.
– Agents are not involved in this flow.
– PureSocials’ database is used to store templates and campaigns configurations, as well as the results of the outbound messaging.
– The communication link between PureSocial and Genesys Cloud is optional (purple pointed line in this diagram), it is established only if agentless interactions are created.
