Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how Ruwad.io(“we”, “us”) processes personal data through the hosted PocketPing service at pocketping.io and app.pocketping.io(the “Service”).

Self-hosting?If you run PocketPing’s open-source code on your own infrastructure, you are the data controller for the data it processes — this policy covers only our hosted Service.

Who is responsible

For the hosted Service, Ruwad.io is the controller of account data and a processor of the visitor data our customers collect through their chat widget. If you are a website visitor chatting through a PocketPing widget, the website operator (our customer) is the controller of your data; please refer to their privacy notice.

Data we process

  • Account data — your email and authentication identifiers (via our auth provider), organization and project settings.
  • Chat data — messages, sessions, timestamps, and any visitor identity your integration sends (name, email, custom metadata).
  • Technical data — IP address, user agent, and approximate page context needed to route conversations and prevent abuse.
  • Screen captures — only when an operator triggers the screenshot command and the project owner has explicitly enabled it (see below).
  • Billing data — for paid plans, handled by our payment processor; we do not store full card numbers.

Screen capture (important)

PocketPing offers an opt-inoperator command that captures an image of a visitor’s current screen on demand. It is off by default and must be enabled per project by the customer. When you (the customer) enable and use it, you are responsible for disclosing screen capture to your visitors and for having a lawful basis (typically consent) before capturing. We process captured images only to deliver them to you. See the operator commands documentation.

Why we process it (legal bases)

To provide the Service and the features you request (performance of a contract), to keep it secure and prevent abuse (legitimate interests), to comply with legal obligations, and on the basis of consent where required.

Sub-processors

We rely on a small set of providers to run the Service, which may include:

  • Cloud hosting and database infrastructure
  • Authentication
  • CDN and edge delivery
  • Payment processing (paid plans)
  • The messaging platforms you connect (Telegram, Discord, Slack) and any AI provider you configure with your own key

Retention

We keep chat and session data for as long as your project needs it or your plan’s history window allows, and account data for the life of your account. You can delete a project — and its sessions, messages, and connections — at any time from the dashboard.

Your rights

Subject to applicable law (including the GDPR), you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, contact us at [email protected].

Cookies & local storage

The widget uses minimal local storage to maintain a conversation across page loads. We do not use third-party advertising cookies.

Changes

We may update this policy from time to time. Material changes will be reflected by the “last updated” date above.

Contact

Questions? Email [email protected].