Privacy Policy
Last Updated: June 19, 2026
Last Updated: June 19, 2026
This Privacy Policy explains how TO Solutions ("we", "us", or "our") collects, uses, stores, and shares your information when you use Arthix (the "Service") including our web platform and our Android and iOS mobile applications.
This single policy applies to all platforms on which Arthix is offered. By accessing or using the Service on any platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not access or use the Service.
Arthix is a business marketing and organizational management tool intended for business users within a registered firm. We collect profile details, business firm identifiers, device information, and media you choose to upload, in order to operate the Service within your firm. We store authentication details locally on your device, sync your business data through secure cloud servers, and rely on trusted third-party providers (such as Firebase) under confidentiality terms. We do not sell your personal or business information, we do not use it for third-party advertising, and we do not collect your precise location, your device's contact list, or use your camera.
We collect the following categories of information to provide and improve the Service:
When you register, log in, or set up your profile, we collect your full name, email address, and mobile number.
Because Arthix supports marketing and organizational management, we collect your Firm Name, Firm ID, Relation ID, User ID, and the roles, modules, and permissions assigned to you within your organization. We also process the business contact records and campaign data that your firm creates and stores within the Service.
With your explicit permission, we access and upload photos, videos, and documents that you choose to select from your device's gallery or files in order to send them in chat messages or attach them to your profile or campaign settings. We only access the specific files you choose.
To ensure secure sessions and proper functionality, we automatically collect a device identifier, operating system version, and hardware model, and (for push notifications) a Firebase messaging token. On the web platform, this includes standard technical data such as browser type and information stored in your browser's local storage.
Arthix is a WhatsApp Business messaging and marketing tool. To deliver the Service, we process the WhatsApp message content, templates, and campaigns you create, together with the business contact records (such as customer names and phone numbers) that your firm uploads or imports into the Service. This data is sent and received through the WhatsApp Business Platform operated by Meta.
Messages, templates, and campaigns you send or receive through Arthix are transmitted via the WhatsApp Business Platform provided by Meta Platforms, Inc. Your and your contacts' use of WhatsApp is also governed by Meta's terms and privacy policy. We use Meta's services only to provide the messaging features you request.
For account and profile data of our registered users, TO Solutions acts as a data controller. For the business contact data and message content that a firm uploads about its own customers, the firm is the data controller and TO Solutions acts as a data processor, handling that data only on the firm's instructions to provide the Service. Each firm is responsible for having a lawful basis and any required consent to message its contacts and to upload their data to the Service.
Arthix is intended for lawful business communication and customer engagement.
Users and organizations are solely responsible for ensuring that they have obtained any necessary consent, permission, or other lawful basis required under applicable laws before uploading contacts or sending messages through the Service.
The Service may not be used for spam, unsolicited communications, fraudulent activities, misleading content, harassment, illegal marketing practices, or any activity that violates applicable laws, regulations, WhatsApp policies, or Meta platform requirements.
We reserve the right to suspend or terminate accounts that misuse the Service or violate these requirements.
To be clear about our practices, Arthix does not:
On the Arthix web platform we use cookies and similar technologies (such as your browser's local storage and session storage) that are necessary to keep you signed in, remember your preferences, and keep the Service secure. We do not use advertising or cross-site tracking cookies. You can control or clear cookies through your browser settings; disabling essential cookies may prevent parts of the Service from working. The mobile apps do not use browser cookies but store equivalent session data locally on your device.
The Android and iOS apps request the following permissions only to enable specific features. You can grant or revoke them at any time in your device settings.
| Permission | Why it is used |
|---|---|
| Internet (INTERNET) | Connect to our backend APIs, Firebase Realtime Database, and Firebase Authentication. |
| Notifications (POST_NOTIFICATIONS) | Deliver real-time alerts about campaigns, incoming chats, and account activity (Android 13+ and iOS). |
| Boot Completed (RECEIVE_BOOT_COMPLETED) | Restore scheduled local notifications after the device restarts. |
| Photos & Videos (READ_MEDIA_IMAGES, READ_MEDIA_VIDEO; legacy READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE on Android 12 and below; iOS NSPhotoLibraryUsageDescription and NSPhotoLibraryAddUsageDescription). We do not request camera access. |
Requested only when you choose to pick, upload, or save photos and videos in chats, profiles, or campaign cards. We access only the items you select. |
We store configuration details and session tokens locally for a seamless experience including authentication tokens, account details (such as user ID, firm ID, and name), app state, and cached images. On the web, comparable data is kept in your browser's local storage.
Your profile information, chat messages, campaign data, and media uploads are stored securely on our cloud servers and through services such as Firebase Authentication, Firebase Realtime Database, and secure cloud storage, keeping your firm synced across devices. Data is transmitted over encrypted (HTTPS/TLS) connections.
We apply appropriate administrative, technical, and physical safeguards to protect your data against unauthorized access, loss, or alteration. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
We and our service providers (including Firebase / Google) may store and process your information on servers located in countries other than your own, including the United States. Where we transfer personal data out of the European Economic Area, the United Kingdom, or other regulated regions, we rely on appropriate safeguards such as standard contractual clauses or the provider's certified transfer mechanisms to protect your data.
You can request deletion of your account and all associated personal and business data at any time:
Upon a verified request, we will delete your personal data from our active systems within 30 days, except where we are required to retain certain information to comply with legal, accounting, or security obligations. Locally stored tokens and cached files are removed when you clear the app/browser cache or uninstall the app. Note that some business records (for example, messages you sent to colleagues, or records owned by your firm) may be retained by your organization in accordance with its own policies.
We retain your personal and business data for as long as your account or organization remains active with the Service, or as needed to provide the Service and comply with our legal obligations, after which it is deleted or anonymized.
We do not sell your personal or business information. We share information only in the following limited circumstances:
Provider privacy policies: Firebase | Google | WhatsApp Business
All customer contact records, business data, campaign information, message content, uploaded files, and related information remain the property of the organization or user that uploaded such information to the Service.
TO Solutions does not claim ownership of customer business data and processes such information solely for the purpose of providing and maintaining the Service.
If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases: performance of a contract (to provide the Service you sign up for); your consent (for example, granting device permissions, which you may withdraw at any time); legitimate interests (to secure, maintain, and improve the Service); and compliance with legal obligations. Where we act as a processor for a firm's contact data, the firm is responsible for establishing the legal basis for that processing.
The Service is a business tool intended for users aged 18 and older and is not directed at children. We do not knowingly collect personal information from anyone under the age of 18 (or under 13 where applicable under the Children's Online Privacy Protection Act). If you believe a child has provided us with personal data, please contact us at support@arthix.ai and we will delete it.
We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last Updated" date above. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or our practices, please contact: