Privacy Policy | Chính Sách Bảo Mật
English Version
1. Introduction
This Privacy Policy describes how Blue Wings International Company Limited ("Blue Wings", "we", "our", or "us") collects, uses, stores, and protects personal information in connection with the Centrify Chatbot & Smart CRM service (the "Service") and the marketing website at www.centrify.io.
Blue Wings is the data controller for personal information processed through the Service. The Service helps businesses manage customer conversations across Facebook Messenger, Instagram Direct, Zalo, and web chat from a single dashboard.
By using the Service or by sending a message to a business that uses the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information from Meta Platforms (Facebook & Instagram)
When a business connects its Facebook Page or Instagram Business Account to the Service, we receive the following from Meta:
- Page or Instagram account access tokens granted through Facebook Login (OAuth)
- Public profile information of customers who message the connected page or account: name, profile picture, platform-scoped user ID
- The content of messages exchanged between customers and the connected page or account (including text, attachments, stickers, reactions)
- Comments posted by customers on the connected page's public posts
- Conversation metadata: timestamps, delivery and read receipts, thread identifiers
- Page or Instagram account metadata: page name, profile picture, IDs
- Webhook event payloads delivered by Meta in real time (incoming messages, message echoes, comment notifications)
We only receive this information for pages and accounts whose administrators have explicitly authorized the Service via Meta's official OAuth flow.
2.2 Information from Zalo
When a business connects its Zalo Official Account, we receive analogous information: OA access tokens, follower profile information, message content, and webhook events delivered by Zalo.
2.3 Information from web chat embeds
- Name, email, or other contact information voluntarily entered into a chat widget
- Message content sent through the widget
- Page URL where the widget was loaded
2.4 Contact information shared in conversations
- Phone numbers, alternative email addresses, physical addresses voluntarily shared by customers during a conversation
- Preferences and notes recorded by the business's staff
2.5 Transaction and appointment data
- Booking and appointment records created through the conversation flow
- Service preferences, package selections
- Payment status references (we do not store full payment card numbers)
2.6 Technical data about business users
- Authenticated session data for business staff who sign in to the dashboard
- Device information, IP address, browser type
- Usage logs and analytics for the dashboard application
3. How We Use Your Information
3.1 To deliver the Service
- Display inbound messages and comments in the business's shared inbox so staff can respond
- Send replies composed by business staff back to customers through the relevant platform's messaging API
- Persist conversation history and contact records so staff can resume conversations and maintain continuity
- Generate AI-assisted reply suggestions and intent classifications to help staff respond faster
- Process booking, appointment, and order requests captured through conversations
3.2 To communicate with customers
- Send appointment confirmations and reminders
- Provide customer support and follow-up
- Marketing communications only with the customer's explicit consent and in compliance with the originating platform's rules
3.3 To improve the Service
- Analyze aggregated usage patterns to improve features
- Train and evaluate AI models on anonymized or aggregated data (we do not use the content of customer conversations to train third-party foundation models)
- Detect abuse, fraud, and policy violations
4. Data Storage, Security, and Sub-Processors
4.1 Storage
Your data is stored in a managed PostgreSQL database operated by Supabase, hosted in Supabase's cloud infrastructure. We use industry-standard encryption in transit (TLS) and at rest.
4.2 Sub-processors
We engage the following service providers to process personal data on our behalf, each under contractual data-protection commitments:
- Supabase Inc. — managed PostgreSQL database, authentication, and realtime infrastructure
- Anthropic, PBC — AI processing of message content for reply suggestions and intent classification (data is not used to train Anthropic's foundation models)
- Vercel Inc. — hosting of the dashboard and marketing web applications
- Railway Corp. — hosting of the API gateway and webhook receivers
- Meta Platforms, Inc. — the source of Facebook and Instagram data we process
- VNG Corporation — the source of Zalo data we process
4.3 Security measures
- Encryption of data in transit (TLS) and at rest
- Row-Level Security (RLS) enforced in PostgreSQL so each business can only access its own data
- Single sign-on via Supabase Authentication with per-account passwords
- Access controls limited to authorized staff of the data controller and the relevant business
- Regular security reviews and infrastructure updates
4.4 Data retention
- Active conversations: retained while the connected page or account remains active in the Service
- Closed conversations: retained for up to 24 months after the last message, then archived or deleted
- Account deletion: when a business disconnects its page/account or closes its account, personal data is removed from active systems within 30 days and from operational backups within an additional 35 days
- Backups: standard backup rotation up to 35 days
- Records subject to Vietnamese tax or legal retention: kept for the period required by law
5. Data Sharing
We do not sell, rent, or trade personal information. We do not share personal information with third parties for their independent marketing purposes.
We disclose personal information only:
- To the sub-processors listed in Section 4.2, strictly to provide the Service
- To comply with applicable Vietnamese law, court orders, or regulatory requirements
- To protect the rights, property, or safety of Blue Wings, our customers, or others
- In connection with a corporate transaction (merger, acquisition, asset sale) with reasonable advance notice
6. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correct — request correction of inaccurate or incomplete data
- Delete — request deletion of your personal data (see Data Deletion Instructions)
- Object or restrict — object to or restrict certain processing
- Withdraw consent — withdraw consent at any time where processing is based on consent
- Data portability — receive your personal data in a structured, machine-readable format
- Opt out of marketing — unsubscribe from marketing communications at any time
To exercise these rights, contact us at contact@centrify.io. We will respond within 30 days.
7. Cookies and Tracking
Our website and dashboard use cookies and similar technologies for session management, security, and basic analytics. You can manage cookie preferences through your browser settings. We do not use cross-site advertising cookies.
8. Children's Privacy
The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.
9. International Data Transfers
Personal data may be stored or processed on servers located outside Vietnam (including, for example, server regions operated by Supabase, Vercel, Anthropic, and Meta). Where personal data is transferred internationally, we rely on appropriate safeguards (such as standard contractual clauses) and the recipient's published data-protection commitments.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced through the Service or by email at least 30 days before they take effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Blue Wings International Company Limited
Operator of Centrify Chatbot & Smart CRM
Email: contact@centrify.io
Website: www.centrify.io
Data deletion: www.centrify.io/data-deletion/crm
© 2026 Blue Wings International Company Limited. All rights reserved. | Bảo lưu mọi quyền.