LEGAL

Privacy Policy

Last Updated: June 19, 2026

This Privacy Policy explains how TO Solutions ("we", "us", or "our") collects, uses, stores, and shares your information when you use Arthix (the "Service") including our web platform and our Android and iOS mobile applications.

This single policy applies to all platforms on which Arthix is offered. By accessing or using the Service on any platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not access or use the Service.

1. Data Safety Summary

Arthix is a business marketing and organizational management tool intended for business users within a registered firm. We collect profile details, business firm identifiers, device information, and media you choose to upload, in order to operate the Service within your firm. We store authentication details locally on your device, sync your business data through secure cloud servers, and rely on trusted third-party providers (such as Firebase) under confidentiality terms. We do not sell your personal or business information, we do not use it for third-party advertising, and we do not collect your precise location, your device's contact list, or use your camera.

2. Definitions

  • User / You: The individual accessing or using the Service.
  • Service Provider: TO Solutions, the developer and operator of Arthix.
  • Service: The Arthix web platform and the Arthix mobile applications for Android and iOS.
  • Personal Data: Any information that can identify a specific individual.

3. Information We Collect

We collect the following categories of information to provide and improve the Service:

A. Personal Profile Information

When you register, log in, or set up your profile, we collect your full name, email address, and mobile number.

B. Business / Firm Information

Because Arthix supports marketing and organizational management, we collect your Firm Name, Firm ID, Relation ID, User ID, and the roles, modules, and permissions assigned to you within your organization. We also process the business contact records and campaign data that your firm creates and stores within the Service.

C. Media and Files

With your explicit permission, we access and upload photos, videos, and documents that you choose to select from your device's gallery or files in order to send them in chat messages or attach them to your profile or campaign settings. We only access the specific files you choose.

D. Device and Technical Information

To ensure secure sessions and proper functionality, we automatically collect a device identifier, operating system version, and hardware model, and (for push notifications) a Firebase messaging token. On the web platform, this includes standard technical data such as browser type and information stored in your browser's local storage.

E. WhatsApp Messages and Business Contact Data

Arthix is a WhatsApp Business messaging and marketing tool. To deliver the Service, we process the WhatsApp message content, templates, and campaigns you create, together with the business contact records (such as customer names and phone numbers) that your firm uploads or imports into the Service. This data is sent and received through the WhatsApp Business Platform operated by Meta.

4. WhatsApp, Meta, and Our Role

A. WhatsApp Business Platform (Meta)

Messages, templates, and campaigns you send or receive through Arthix are transmitted via the WhatsApp Business Platform provided by Meta Platforms, Inc. Your and your contacts' use of WhatsApp is also governed by Meta's terms and privacy policy. We use Meta's services only to provide the messaging features you request.

B. Our Role : Controller and Processor

For account and profile data of our registered users, TO Solutions acts as a data controller. For the business contact data and message content that a firm uploads about its own customers, the firm is the data controller and TO Solutions acts as a data processor, handling that data only on the firm's instructions to provide the Service. Each firm is responsible for having a lawful basis and any required consent to message its contacts and to upload their data to the Service.

5. Responsible Use and Anti-Spam Policy

Arthix is intended for lawful business communication and customer engagement.

Users and organizations are solely responsible for ensuring that they have obtained any necessary consent, permission, or other lawful basis required under applicable laws before uploading contacts or sending messages through the Service.

The Service may not be used for spam, unsolicited communications, fraudulent activities, misleading content, harassment, illegal marketing practices, or any activity that violates applicable laws, regulations, WhatsApp policies, or Meta platform requirements.

We reserve the right to suspend or terminate accounts that misuse the Service or violate these requirements.

6. Data We Do NOT Collect

To be clear about our practices, Arthix does not:

  • Collect your precise or background location.
  • Read, sync, or upload your device's phone contact list / address book (contacts shown in the app are business records stored by your firm, not contacts read or synced from your phone).
  • Access your camera.
  • Collect an advertising identifier or use your data for advertising.
  • Sell or rent your personal or business data to any third party.
  • Knowingly collect any data from children (the Service is for business users 18+).

7. How We Use Your Information

  • To provide and maintain the Service: authenticating users, loading firm configurations, and managing active campaigns and contact lists.
  • To enable communication: exchanging chat messages, media, and campaign updates with other users in your firm.
  • To send notifications: delivering real-time push and in-app updates about campaigns, messages, and account activity.
  • To ensure security: verifying identity, monitoring sessions, and preventing unauthorized or fraudulent access.
  • To maintain and improve the Service: investigating technical errors and analyzing device and performance information to keep the Service stable and fix bugs.

8. Cookies and Tracking Technologies

On the Arthix web platform we use cookies and similar technologies (such as your browser's local storage and session storage) that are necessary to keep you signed in, remember your preferences, and keep the Service secure. We do not use advertising or cross-site tracking cookies. You can control or clear cookies through your browser settings; disabling essential cookies may prevent parts of the Service from working. The mobile apps do not use browser cookies but store equivalent session data locally on your device.

9. Permissions We Use (Mobile App)

The Android and iOS apps request the following permissions only to enable specific features. You can grant or revoke them at any time in your device settings.

Permission Why it is used
Internet (INTERNET) Connect to our backend APIs, Firebase Realtime Database, and Firebase Authentication.
Notifications (POST_NOTIFICATIONS) Deliver real-time alerts about campaigns, incoming chats, and account activity (Android 13+ and iOS).
Boot Completed (RECEIVE_BOOT_COMPLETED) Restore scheduled local notifications after the device restarts.
Photos & Videos
(READ_MEDIA_IMAGES, READ_MEDIA_VIDEO; legacy READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE on Android 12 and below; iOS NSPhotoLibraryUsageDescription and NSPhotoLibraryAddUsageDescription). We do not request camera access.
Requested only when you choose to pick, upload, or save photos and videos in chats, profiles, or campaign cards. We access only the items you select.

10. Data Storage and Security

A. Local Storage (on your device or browser)

We store configuration details and session tokens locally for a seamless experience including authentication tokens, account details (such as user ID, firm ID, and name), app state, and cached images. On the web, comparable data is kept in your browser's local storage.

B. Cloud and Backend Storage

Your profile information, chat messages, campaign data, and media uploads are stored securely on our cloud servers and through services such as Firebase Authentication, Firebase Realtime Database, and secure cloud storage, keeping your firm synced across devices. Data is transmitted over encrypted (HTTPS/TLS) connections.

C. Security

We apply appropriate administrative, technical, and physical safeguards to protect your data against unauthorized access, loss, or alteration. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

We and our service providers (including Firebase / Google) may store and process your information on servers located in countries other than your own, including the United States. Where we transfer personal data out of the European Economic Area, the United Kingdom, or other regulated regions, we rely on appropriate safeguards such as standard contractual clauses or the provider's certified transfer mechanisms to protect your data.

12. Account and Data Deletion

You can request deletion of your account and all associated personal and business data at any time:

  • In the app: through your account/profile settings, where this option is available; or
  • By email: send a deletion request to support@arthix.ai from the email address associated with your account.

Upon a verified request, we will delete your personal data from our active systems within 30 days, except where we are required to retain certain information to comply with legal, accounting, or security obligations. Locally stored tokens and cached files are removed when you clear the app/browser cache or uninstall the app. Note that some business records (for example, messages you sent to colleagues, or records owned by your firm) may be retained by your organization in accordance with its own policies.

13. Data Retention

We retain your personal and business data for as long as your account or organization remains active with the Service, or as needed to provide the Service and comply with our legal obligations, after which it is deleted or anonymized.

14. How We Share Your Information

We do not sell your personal or business information. We share information only in the following limited circumstances:

  • Service providers (processors): trusted third parties that help us deliver authentication, database synchronization, messaging, and push notifications. They may access your information only to perform tasks on our behalf and are contractually obligated not to use it for any other purpose. These include:
    • Google Play Services
    • Firebase Authentication, Realtime Database, and Cloud Messaging (Google)
    • WhatsApp Business Platform (Meta) for sending and receiving your messages and campaigns
  • Legal and safety: when required to comply with applicable law, legal process, or government requests, or to protect the rights, property, or safety of our users or others.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.

Provider privacy policies: Firebase  |  Google  |  WhatsApp Business

15. Data Ownership

All customer contact records, business data, campaign information, message content, uploaded files, and related information remain the property of the organization or user that uploaded such information to the Service.

TO Solutions does not claim ownership of customer business data and processes such information solely for the purpose of providing and maintaining the Service.

16. Legal Bases for Processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases: performance of a contract (to provide the Service you sign up for); your consent (for example, granting device permissions, which you may withdraw at any time); legitimate interests (to secure, maintain, and improve the Service); and compliance with legal obligations. Where we act as a processor for a firm's contact data, the firm is responsible for establishing the legal basis for that processing.

17. Your Rights and Choices

  • You control whether to grant storage, media, and notification permissions, and may revoke them in your device or browser settings.
  • You may stop all data collection by uninstalling the app or discontinuing use of the web platform.
  • GDPR (EEA/UK): You have the right to access, correct, port, restrict, object to, or delete your personal data. You can access your profile directly or request changes or erasure by writing to us.
  • CCPA (California, USA): You have the right to request access to and deletion of your personal data, and to opt out of any sale of personal data. We do not sell personal data.

18. Children's Privacy

The Service is a business tool intended for users aged 18 and older and is not directed at children. We do not knowingly collect personal information from anyone under the age of 18 (or under 13 where applicable under the Children's Online Privacy Protection Act). If you believe a child has provided us with personal data, please contact us at support@arthix.ai and we will delete it.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last Updated" date above. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

20. Contact Us

If you have any questions about this Privacy Policy or our practices, please contact:

  • Company: TO Solutions
  • Email:support@arthix.ai