Privacy Policy

Last updated: May 13, 2026

Overview

This Privacy Policy describes how Joshua Chua Kah Hian, operating through joshckh.cloud, collects, uses, stores, and processes information in connection with consulting, automation, messaging, and software integration services. The services may include WhatsApp-related messaging workflows, customer support tooling, AI automation, workflow orchestration, database-backed applications, and related business systems.

In many cases, the primary data processed through these systems belongs to client businesses and their end users. In those situations, client businesses generally act as the data controller for their customer data, while joshckh.cloud acts as a service provider, processor, or technical operator on their behalf.

Information collected

Depending on the service provided, the following categories of information may be collected or processed:

• Business account information, such as company name, business contact details, business messaging setup information, and connected platform identifiers.
• End-customer contact information, such as name, phone number, email address, or other identifiers submitted by clients through their messaging or automation systems.
• Message and conversation data, including inbound and outbound WhatsApp messages, conversation history, delivery events, and customer support records where applicable.
• Operational and workflow data, such as automation inputs and outputs, lead intake records, scheduling records, webhook payloads, CRM-related fields, and activity logs.
• Technical data, such as IP addresses, browser or device data, server logs, and diagnostic information used for security, debugging, and service reliability.
• Website contact submissions and direct communications sent to joshckh.cloud.

How information is used

Information may be used to:

• Provide and maintain messaging, automation, CRM, support, and software integration services.
• Configure and operate WhatsApp Business Platform or related Meta integrations for client businesses.
• Route, store, summarize, classify, or automate communications and workflows using tools such as database systems, workflow engines, and AI-enabled processes.
• Monitor, secure, troubleshoot, improve, and support the services.
• Respond to inquiries, comply with legal obligations, enforce service terms, and protect against misuse, fraud, or unauthorized access.

Data storage and subprocessors

Service data may be stored or processed using third-party infrastructure and software providers that support service delivery. These may include:

• Supabase, for database, storage, and application backend services.
• n8n, for workflow orchestration, integrations, and automation processing.
• Meta platforms, including WhatsApp Business Platform and related developer services, where messaging integrations are used.
• Hosting, networking, analytics, security, email, and support providers as reasonably necessary to operate the services.

These providers may process data on behalf of joshckh.cloud or on behalf of client businesses as part of delivering the requested services. Data may be stored in infrastructure regions made available by those providers, subject to their technical and contractual arrangements.

Client data and responsibility

Where joshckh.cloud provides services to business clients, those clients are responsible for ensuring that they have an appropriate legal basis to collect, share, and process personal data submitted through the systems they use. This includes customer messaging data, contact lists, lead records, and communication history.

Client businesses are generally responsible for providing any required notices to their own customers and for handling requests related to access, correction, objection, or other applicable privacy rights, unless otherwise agreed in writing.

Sharing of information

Information may be disclosed:

• To infrastructure and technology providers used to operate the services.
• To client businesses or their authorized personnel where the data relates to their accounts, customers, or operations.
• To regulators, law enforcement, courts, or other parties where disclosure is required by law, legal process, or to protect rights, safety, and security.
• In connection with a business transfer, restructuring, or sale of assets, subject to appropriate safeguards where required.

Information is not sold as a data broker.

Retention

Information is retained for as long as reasonably necessary to provide the services, support client operations, comply with legal obligations, resolve disputes, enforce agreements, or maintain appropriate backup, audit, and security records.

Because much of the data processed through the services belongs to client businesses, retention periods may depend on client instructions, the service configuration, and legal or operational requirements.

Security

Reasonable administrative, technical, and organizational measures are used to protect information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

International processing

Depending on the services used, information may be processed in jurisdictions outside the country where the data was originally collected. Such processing may occur through cloud providers, messaging platforms, or support infrastructure used in the ordinary course of providing the services.

Your choices and rights

Depending on the applicable law and the relationship to the data, individuals may have rights to request access, correction, deletion, or other actions regarding personal information. When the data is controlled by a client business, requests should usually be directed to that client business first, because it determines the purpose and means of processing.

Requests relating directly to data controlled by joshckh.cloud, such as website inquiries or direct business communications, may be submitted using the contact details below.

Data deletion requests

Information about requesting deletion is available at the data deletion page. Where data is processed on behalf of a client business, deletion requests may need to be routed to the relevant client account owner or authorized business contact before action is taken.

Changes to this policy

This Privacy Policy may be updated from time to time to reflect operational, technical, legal, or service changes. The updated version will be posted on this page with a revised effective date.

Contact

For privacy-related questions or requests:

• Website: joshckh.cloud
• Email: Contact through the website or the business contact channel used for the relevant service