Legal

Privacy Policy

FIRMDEV — firmdev.co.za Last updated: 30 May 2026

Contents

  1. 01Introduction
  2. 02Who we are
  3. 03Our products & services
  4. 04Information we collect
  5. 05How we collect information
  6. 06How we use your information
  7. 07Luwp — WhatsApp data processing
  8. 08XConnect AI — data intelligence processing
  9. 09Sharing of information
  10. 10Data retention
  11. 11Security
  12. 12Your rights
  13. 13Cookies
  14. 14Children's privacy
  15. 15Changes to this policy
  16. 16Contact us

01

Introduction

FIRMDEV ("we", "us", or "our") is committed to protecting the privacy and personal information of our clients, users, and anyone who interacts with our services. This Privacy Policy explains how we collect, use, share, and protect personal information in connection with all FIRMDEV services — including our custom software development and consulting services, and our proprietary products Luwp and XConnect AI.

This policy is governed by the Protection of Personal Information Act, 4 of 2013 (POPIA) of South Africa and, where applicable, the General Data Protection Regulation (GDPR). Our use of the WhatsApp Business Platform is additionally subject to Meta's platform policies.

By using our website, products, or services, you agree to the practices described in this policy.

02

Who we are (Data Responsible Party)

CompanyFIRMDEV
Address77 5th Avenue, Halfway Gardens, Midrand, Gauteng, 1685, South Africa
Emaillizo@firmdev.co.za
Phone+27 78 832 9139
Websitewww.firmdev.co.za

03

Our products & services

This policy covers all FIRMDEV services, including:

  • Custom software development, consulting, API integration, and DevOps services
  • Luwp — a WhatsApp business automation platform that enables businesses to manage lead qualification, customer engagement, quoting, and pipeline tracking through AI-powered conversational flows on WhatsApp
  • XConnect AI — a data intelligence platform that enables businesses to interact with their operational data using natural language, automate workflows, and generate insights across connected systems

Luwp

Luwp operates via the Meta WhatsApp Business Platform. Its data processing activities are described in detail in Section 7 of this policy. Luwp is designed to act on behalf of business clients — FIRMDEV processes WhatsApp message data as a data processor, with the business client acting as the responsible party for their end-user data.

XConnect AI

XConnect AI connects to business data sources authorised by the client and processes operational data to generate insights and automate workflows. Its data processing activities are described in detail in Section 8 of this policy.

04

Information we collect

We may collect the following categories of personal and operational information, depending on which services you use:

  • Identity data: full name, company name, job title
  • Contact data: email address, phone number, physical address
  • Communication data: messages sent to us via email, contact forms, or WhatsApp
  • Technical data: IP address, browser type, device information, cookies, and usage data collected when you visit our website
  • Project data: information shared with us during software development or consulting engagements
  • WhatsApp messaging data (Luwp): message content, phone numbers, conversation metadata, and lead qualification data processed on behalf of business clients through the WhatsApp Business Platform
  • Operational and business data (XConnect AI): data sourced from client-authorised systems including databases, spreadsheets, CRMs, APIs, and other business data stores, processed to generate insights and automate workflows
  • Financial data: billing and payment information where applicable

05

How we collect information

We collect information through the following means:

  • Direct interactions — when you contact us, complete a form, or engage us for services
  • Our website — through cookies, analytics tools, and form submissions
  • Luwp — WhatsApp Business Platform — messages processed through Meta's WhatsApp Cloud API on behalf of our business clients
  • XConnect AI — authorised data source connections — when business clients connect their data sources (databases, spreadsheets, CRMs, APIs) to XConnect AI for the purposes of data interaction and workflow automation
  • Third-party integrations — systems that clients connect to our platforms, such as Google Sheets, Airtable, HubSpot, or custom APIs

06

How we use your information

We use personal information for the following purposes:

  • To deliver software development, consulting, and platform services
  • To communicate with you about your project, enquiry, or account
  • To operate, maintain, and improve our products and platforms
  • To process payments and manage billing
  • To comply with legal obligations under South African law
  • To protect the security and integrity of our systems and clients' data
  • Luwp: to process WhatsApp conversations, qualify leads, route messages, and deliver structured operational data to our clients' systems on their behalf
  • XConnect AI: to process queries against connected data sources, generate insights, and execute authorised workflow automations on behalf of clients
We do not sell personal information to third parties. We do not use client data for advertising, profiling beyond the stated service purpose, or any purpose not authorised by the client.

07

Luwp — WhatsApp data processing

Luwp is a WhatsApp business automation platform operated by FIRMDEV. Where FIRMDEV operates as a Tech Provider and data processor on behalf of business clients using Luwp:

  • We process WhatsApp messages, phone numbers, and conversation metadata strictly on behalf of the business client whose WhatsApp Business Account (WABA) is connected to Luwp
  • Message content is processed to enable AI-assisted lead qualification, automated responses, follow-up sequencing, and pipeline tracking
  • End-user (customer) data collected through WhatsApp is stored only for as long as required by the client's service configuration and is deleted upon account termination or on the client's request
  • Data is not used for advertising, cross-client profiling, or shared with any parties not explicitly authorised by the business client
  • Our use of the WhatsApp Business Platform is subject to WhatsApp's Business Policy and Meta's Terms of Service
  • Business clients are responsible for ensuring they have obtained all necessary opt-in consents from their end-users before communicating with them via WhatsApp through Luwp
  • Luwp does not send promotional messages to end-users who have not explicitly opted in
  • Message data passes through Meta's WhatsApp Cloud API infrastructure in accordance with Meta's data processing policies

Luwp — data processor role

In the context of end-user (customer) data, FIRMDEV acts as a data processor on behalf of the business client, who is the responsible party under POPIA. Business clients are responsible for their own POPIA compliance obligations with respect to their customers' data.

08

XConnect AI — data intelligence processing

XConnect AI enables businesses to interact with their operational data using natural language and to automate data-driven workflows. Where FIRMDEV processes client data through XConnect AI:

  • XConnect AI connects only to data sources explicitly authorised and configured by the business client
  • Queries submitted by authorised users are processed against the client's connected data sources to generate responses, reports, and automated actions
  • Data retrieved from connected sources is used solely to answer the query or execute the authorised workflow — it is not retained beyond what is required for the operation
  • Query history and interaction logs may be stored to enable conversation context, audit trails, and platform improvement, with retention periods agreed with each client
  • XConnect AI does not share data retrieved from one client's connected systems with any other client or third party
  • AI model inference for XConnect AI may utilise third-party large language model (LLM) APIs. Where this occurs, only the minimum data necessary to process the query is transmitted, and such providers are bound by appropriate data processing agreements
  • Business clients remain the responsible party for any personal data held in their connected systems; FIRMDEV acts as a data processor

XConnect AI — AI model usage

Where XConnect AI uses third-party AI model providers to process natural language queries, those providers may process query content. We select providers with appropriate data protection standards and, where possible, configure them to avoid retaining query data for model training. Clients requiring specific guarantees about AI model data handling should contact us before deployment.

09

Sharing of information

We may share personal information only in the following circumstances:

  • Service providers: cloud hosting providers, payment processors, and other vendors who assist us in operating our business — all bound by confidentiality obligations and, where required, data processing agreements
  • Meta Platforms (Luwp): Luwp operates via Meta's WhatsApp Cloud API. Message data passes through Meta's infrastructure in accordance with Meta's data processing terms and WhatsApp Business Policy
  • AI model providers (XConnect AI): query data may be processed by third-party LLM providers to the minimum extent necessary to respond to the query, under appropriate agreements
  • Client-authorised integrations: data may be passed to systems such as Google Sheets, Airtable, HubSpot, or custom APIs only when the business client has configured these integrations
  • Legal authorities: where required by South African law, court order, or regulatory obligation
  • Business transfers: in the event of a merger, acquisition, or sale of business assets, personal information may be transferred as part of that transaction with appropriate notice to affected parties

We do not share personal information for third-party marketing purposes without explicit consent.

10

Data retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our standard retention periods are:

  • Client project data: retained for the duration of the engagement and for a period of 5 years thereafter for legal and accounting purposes
  • Luwp — WhatsApp conversation data: retained according to the configuration agreed with each business client; deleted upon account termination or on the client's written request
  • XConnect AI — query and interaction logs: retained for the period agreed with each client in their service configuration; default maximum of 12 months unless extended by agreement
  • XConnect AI — connected source data: not persistently stored beyond the immediate query processing window unless caching is explicitly configured by the client
  • Website and contact form data: retained for up to 3 years or until the enquiry is resolved
  • Website analytics data: retained for up to 12 months in aggregated, anonymised form

11

Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, or misuse. These include:

  • Encryption of all data in transit (HTTPS/TLS)
  • Encryption of sensitive credentials and personal data at rest
  • Role-based access controls and authentication requirements across all platform systems
  • Audit logging of access to personal and operational data
  • Secure credential management for all client-authorised data source connections in XConnect AI
  • Isolated data tenancy — each client's data is logically separated from other clients within our platforms

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and the Information Regulator as required by POPIA.

12

Your rights

Under POPIA (and GDPR where applicable), you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or outdated information
  • Delete your personal information, subject to legal and contractual obligations
  • Object to or restrict the processing of your information
  • Withdraw consent where processing is based on consent
  • Data portability — receive a copy of your data in a structured, machine-readable format where technically feasible
  • Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at lizo@firmdev.co.za. We will respond within 30 days. Note that for data processed on behalf of a business client (e.g. end-user data within Luwp), you may need to direct your request to that business client, who is the responsible party.

You may also contact the Information Regulator of South Africa at inforegulator.org.za.

13

Cookies

Our website uses cookies to improve your experience and understand how visitors use our site. We use:

  • Essential cookies: required for the website to function correctly — these cannot be disabled
  • Analytics cookies: used to understand how visitors interact with our site (anonymised where possible) — these can be disabled through your browser settings

You can control cookie settings through your browser. Disabling non-essential cookies will not affect your ability to use our website or our products.

14

Children's privacy

Our services are intended for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately at lizo@firmdev.co.za and we will take steps to delete it.

15

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our products, services, or legal obligations. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify active clients by email. Continued use of our services after any changes constitutes acceptance of the updated policy.

16

Contact us

For questions, requests, or concerns regarding this Privacy Policy or the handling of your personal information, please contact us:

Emaillizo@firmdev.co.za
Phone+27 78 832 9139
Address77 5th Avenue, Halfway Gardens, Midrand, Gauteng, 1685, South Africa

You may also contact the Information Regulator of South Africa at inforegulator.org.za if you believe your privacy rights have been violated.