Privacy Policy
How BizReply handles your data. Plain language, no legalese. Last updated: June 2026.
Who We Are
BizReply is a product of Crysolite Business Intelligence Services Ltd ("CBIS", "we", "us"). We provide automated customer-response services for businesses via WhatsApp and Instagram.
Contact us at info@crysolite.co.uk.
What Data We Collect
When you message a business that uses BizReply, we may collect:
- Your WhatsApp messages or Instagram Direct Messages sent to that business
- Your name, as shown on your messaging profile
- Your phone number (WhatsApp) or Instagram username and user ID
- Your email address, if you provide it during the conversation
- Conversation history with that business
Why We Collect It
We process your data to provide automated customer-response services on behalf of the business you are messaging. This includes:
- Answering your enquiries quickly and accurately
- Routing your conversation to the right person on the business's team
- Helping the business follow up on your enquiry
We act as a data processor on behalf of the business (the data controller). We do not use your data for our own marketing or sell it to anyone.
Who Sees Your Data
- The business whose WhatsApp or Instagram account you messaged. They are the data controller and decide how your enquiry is handled.
- Crysolite Business Intelligence Services Ltd (BizReply), as the service provider operating the automated response system on behalf of that business.
Third-Party Services
- Meta (WhatsApp and Instagram platforms). Your messages are transmitted through their infrastructure under their own privacy policies.
- OpenRouter (AI processing, United States). Message content may be processed by AI language models to generate responses. No personal data is retained by OpenRouter after processing.
- IONOS (cloud hosting, Germany). Our systems and stored conversation data are hosted on secured infrastructure.
How Long We Keep Your Data
We retain conversation data for 12 months after your last activity with the business. After that, your data is permanently deleted from our systems.
Instagram-Specific Disclosures
For businesses connected via Instagram, we only access the connected account's basic profile information (username, user ID and profile picture) and Instagram Direct Messages, through the official Instagram Graph API. We do not access:
- Your followers or following lists
- Post analytics or insights
- Comments on posts
- Account settings or profile information beyond what is listed above
Your Rights
Under the UK GDPR and the Nigeria Data Protection Act 2023, you have the right to:
- Access — request a copy of the data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — ask us to delete your data at any time
- Object — object to the processing of your data
To exercise any of these rights, or to request deletion of your data, email info@crysolite.co.uk and we will respond within 30 days.
Cookies
This website does not use cookies or any tracking technologies.
Changes to This Policy
We may update this policy from time to time. The latest version will always be available on this page.
© 2026 Crysolite Business Intelligence Services Ltd. All rights reserved. UK GDPR & NDPA 2023 compliant.