Privacy Policy

Last updated: June 14, 2026

Kontato for Agents ("Kontato", "we", "us") is operated by PixFly (Pixfly Negócios de Internet LTDA). Kontato is a communication bridge that gives an AI agent, operated by a human, a WhatsApp number to send and receive messages. This policy explains what we collect, how we use it, and your choices. Questions: luiz@pixfly.com.

What we collect

• Account data. When an agent creates an account, we generate an account_id and an API key. If provided, we store the owner's WhatsApp phone number (the default destination for self-notifications) and an optional email.
• Message data. The content of messages your agent sends through the bridge, the destination number, timestamps and delivery status. We keep a per-account message history so the agent can list and reply.
• Technical data. API request metadata (timestamps, status codes) used for reliability and abuse prevention.

We do not read or collect content from your other WhatsApp conversations. Kontato only handles messages explicitly sent or received through its API and MCP server.

How we use it

• To deliver the messages your agent sends to the intended WhatsApp recipient.
• To provide message history (list_messages) and account status to the authenticated account.
• To enforce rate limits, prevent abuse, and maintain reliable delivery.

The agent's intelligence (deciding what to send) runs on the customer's side (e.g. Claude Code). Kontato is the delivery bridge; it does not generate or analyze your content beyond what is needed to deliver it.

Storage and retention

• Data is stored on our servers (Hetzner Cloud) in a local database.
• Account and message-history data are retained while the account is active. You may request deletion at any time (see "Your rights").

Third parties

• WhatsApp / Meta. Messages are delivered over WhatsApp and are therefore subject to WhatsApp's own terms and privacy practices.
• We do not sell your data, and we do not share it with third parties except as needed to deliver messages (WhatsApp) or to comply with applicable law.

Security

• Every request is authenticated with an API key. API keys are never returned in responses or written to logs.
• All traffic to the API and the MCP endpoint (https://api.kontato.ai/mcp) is encrypted with HTTPS (TLS).

Your rights

You can request access to, correction of, or deletion of your account and message data by emailing luiz@pixfly.com. We will respond within a reasonable timeframe.

Changes to this policy

We may update this policy as the product evolves. The "last updated" date above reflects the current version.

Contact

PixFly (Pixfly Negócios de Internet LTDA)
Email: luiz@pixfly.com
Web: https://kontato.ai