Acceptable Use Policy

§ 01Purpose

Zatio provides AI-assisted, two-way messaging on WhatsApp Business Platform and the web on behalf of business Operators. The platform is designed for genuine, customer-initiated conversations and consented follow-up — not for one-way mass marketing.

§ 02Permitted use

Operators may use Zatio to:

• Reply to inbound enquiries from customers and prospects
• Send transactional messages (booking confirmations, appointment reminders, quote summaries, order updates) where the customer has consented to receive them
• Qualify and route leads to the human team, with clear AI disclosure (EU AI Act Art. 50)
• Re-engage cold leads where opt-in is on file and the message complies with WhatsApp’s 24-hour customer service window or an approved template (Utility / Marketing) within Meta’s policy

§ 03Prohibited use

Operators must not use Zatio (directly or indirectly) to:

• Send unsolicited bulk marketing or spam, in any form, on any channel
• Send messages to recipients who have not provided opt-in consent for that specific Operator and that specific channel
• Promote, sell, or facilitate any of the categories prohibited by Meta’s Commerce Policy or WhatsApp Business Policy (including but not limited to: tobacco products, weapons, illegal drugs, prescription medicine, gambling, adult content, multi-level marketing schemes, financial instruments)
• Impersonate another business, individual, or government body, or misrepresent the AI as a specific human
• Send phishing, malware, scams, or links to fraudulent destinations
• Harass, threaten, or discriminate against recipients on protected grounds
• Bypass Meta’s rate limits, quality ratings, or template approval process
• Process special-category personal data (health, religion, ethnicity, political views) without an explicit lawful basis under GDPR Art. 9
• Re-sell access to the platform, expose its API to third parties, or embed it in a product that competes with Zatio without written permission

§ 04End-user opt-in

For any outbound messaging that is not a direct reply within an open 24-hour customer service window:

• The Operator must hold a clear, freely-given, specific and recorded opt-in from the recipient
• The opt-in must name the Operator’s business and explain what messages will be sent (transactional vs marketing)
• The Operator must honour opt-out requests (“STOP”, “UNSUBSCRIBE”, equivalent) within 24 hours and never attempt to circumvent them by switching channels or numbers
• Opt-in evidence must be retained for the duration of the messaging relationship plus the period required by applicable law

§ 05AI generated messages

Zatio uses Anthropic Claude to generate replies on the Operator’s behalf. To remain compliant with the EU AI Act (Art. 50) and Meta’s platform expectations:

• The AI’s identity is disclosed to the end user before the first AI reply (web widget banner; WhatsApp greeting copy)
• The Operator is responsible for the persona, knowledge base, and claims made by the AI in their tenant configuration
• Sensitive or complex cases must be escalated to a human; Operators must keep at least one human escalation contact configured at all times
• AI replies must not impersonate a named human employee. Generic first names (“Aime”, “Rosa”) are acceptable when paired with the AI disclosure

§ 06Operator responsibility

Each Operator is the Data Controller for their conversations and is solely responsible for:

• Holding Meta Business Verification for their own Business Manager
• Maintaining accurate Display Name, Profile picture, and About text on their WhatsApp Business profile
• Configuring opt-in capture mechanisms on their own properties (forms, landing pages, in-store collection)
• Responding to data subject rights requests routed through Zatio within applicable GDPR timelines
• Compliance with sector-specific regulations (financial services, health, legal advice) where they apply

§ 07Enforcement

Zatio may suspend or terminate access to the platform — without refund — when an Operator’s conduct, in our reasonable judgment, breaches this AUP, the WhatsApp Business Policy, or applicable law. Where the breach is curable we will give written notice and a reasonable cure period before termination, except where the breach is sufficiently severe to warrant immediate suspension (e.g. spam, fraud, prohibited content).

§ 08Contact

Compliance questions or to report misuse: legal@zatio.io