Trợ Lý Page
Tiếng Việt Back to Home

Privacy Policy

Last updated: April 15, 2026

1. Introduction

Trợ Lý Page (trolypage.com), a product of SkyNet Solution (skynetsolution.click), operated by SkyNet Solution ("we", "our", "us"), is committed to protecting your privacy and personal data. This Privacy Policy clearly explains how we collect, use, store, share, and protect personal information when you use the Trợ Lý Page platform and related services.

This policy complies with:

By using our Service, you confirm that you have read, understood, and agreed to this Privacy Policy.

2. Data We Collect

2.1. Information You Provide Directly

  • Account registration information: Full name, email address, phone number, password (stored as a one-way hash — never stored in plain text).
  • Payment information: Transaction history and invoice information. We do not directly store credit/debit card numbers; payments are processed through certified third-party payment gateways.
  • Content you create: AI Agent scripts, automated response templates, AI training documents (knowledge base), product information, appointments, and platform configurations.

2.2. Data from Facebook/Meta When You Connect a Fanpage

When you connect a Facebook Page (Fanpage) or business Instagram account to Trợ Lý Page, we request the following permissions from Meta and collect the corresponding data:

Permission Purpose Data Collected
pages_show_list Display a list of your Facebook Pages so you can choose which to connect Page ID, Page name
pages_read_engagement Read Page engagement information so the AI Agent can respond accurately in context Public Page information, engagement metrics
pages_messaging Receive and send Messenger messages on behalf of your Page — core Service functionality Message content (sent/received), attachments, sender ID (PSID), display name, profile picture
pages_manage_metadata Subscribe webhooks for the Page to receive Messenger messages in real-time Page webhook subscription status
pages_manage_posts Create and edit Page posts (Auto-Post feature — only when you activate it) Post data you or AI compose through the platform
instagram_basic Read business Instagram account information linked to the Page Instagram account ID, username, display name
instagram_manage_messages Receive and reply to Instagram Direct messages on behalf of the business account Instagram DM message content, attachments, sender ID
instagram_content_publish Publish content to Instagram (Auto-Post feature — only when you activate it) Post content you or AI compose through the platform

2.3. Data from Customers Interacting Through Your Fanpage

When customers message your Facebook Page or business Instagram account, we collect and process:

  • Identification information: Page-Scoped User ID (PSID), display name, profile picture, language, gender, timezone — provided by the Meta API.
  • Message content: All text, images, videos, and attachments sent by customers to your Page via Messenger or Instagram DM.
  • Contact information (if voluntarily provided by the customer in conversation): Phone number, email, address — automatically recognized from message content to support customer relationship management (CRM).
  • Interaction data: Message timestamps, interaction frequency, complete conversation history, button responses (postback).

2.4. Data from Other Channels (Optional — Only When You Connect)

  • Zalo Official Account: Zalo user ID, display name, messages.
  • Telegram Bot: Telegram user ID, name, messages.
  • Web Chat (widget): Conversation content from the chat widget on your website.
  • SePay (payments): Bank transaction information (when you connect a SePay account).

2.5. Automatically Collected Data

  • Access logs: IP address, browser type, operating system, access time, pages viewed on the platform.
  • Session cookies: To maintain login sessions and CSRF security (see the Cookie section below).

3. How We Use Your Data

We use collected data only for the following purposes:

  • AI Chatbot operation: Process incoming customer messages, send them to the AI model to generate appropriate responses, and send reply messages via Messenger/Instagram DM/connected channels.
  • Customer relationship management (CRM): Organize and store customer records, conversation history, and contact information so you can manage customer care effectively.
  • Conversation summary and analysis: AI automatically summarizes conversations, extracts topics, outcomes, and satisfaction ratings.
  • Automatic order processing: Process order information from conversations when customers place product orders.
  • Auto-posting: Use Page access to publish content you or AI compose to Facebook/Instagram.
  • Follow-up messaging: Send follow-up messages to customers on schedules you configure, complying with Meta's 24-hour messaging window rules.
  • Appointment scheduling: Manage appointments booked by customers through the chatbot.
  • Technical support: Handle support requests, diagnose and resolve issues.
  • Security: Detect unauthorized access, prevent fraud, and protect the system.
  • Service improvement: Analyze aggregated (anonymized) usage data to improve AI quality and user experience.
  • Legal compliance: Respond to requests from competent government authorities when legally required.

We are committed to NOT using Facebook/Meta data for:

  • Advertising, marketing for third parties, or ad targeting.
  • Selling, renting, exchanging, or licensing data to third parties for commercial purposes.
  • Building user profiles (profiling) for surveillance or tracking purposes outside the scope of the Service.
  • Training general-purpose AI models outside our system.
  • Any purpose that violates Meta Developer Policies.

4. Data Sharing with Third Parties

We do not sell, rent, or exchange your personal data or your customers' personal data with any third party. Data is only shared to the minimum extent necessary to provide the Service:

Data Recipient Data Shared Purpose
OpenAI (api.openai.com) Message content, conversation context, system prompt Generate AI chatbot responses, conversation summaries
Google Gemini Message content, conversation context, system prompt Alternative AI provider (if you select it in settings)
Anthropic Claude Message content, conversation context, system prompt Alternative AI provider (if you select it in settings)
OpenRouter Message content, conversation context, system prompt Multi-provider AI router (if you select it in settings)
Meta Platform (graph.facebook.com) Reply messages, post content Send messages via Messenger/Instagram DM, publish posts to Pages
Hosting/infrastructure provider All data on the server (encrypted at rest) Storage and technical infrastructure operations

About AI providers: Message content is sent to AI providers over encrypted HTTPS/TLS connections. Leading AI providers (OpenAI, Google, Anthropic) are committed to not using API data to train their AI models. You have full control to choose your AI provider in the AI Agent configuration settings.

Beyond the cases above, data is only shared when:

  • There is a valid request from a competent government authority following proper legal procedures.
  • Necessary to protect the rights, property, or safety of Trợ Lý Page, users, or the public.
  • You provide explicit written consent.

5. Meta (Facebook/Instagram) Policy Compliance

Trợ Lý Page strictly complies with Meta Platform requirements, including:

  • Data minimization principle: We only request and use permissions necessary for the features you activate. No excessive permissions are requested.
  • Messenger Platform Policy compliance: The AI Agent complies with the Messenger Platform Policy, including the 24-hour Standard Messaging window rules and no promotional messages outside the window.
  • No data abuse: Data received from the Meta API is never used for targeted advertising, sold to third parties, or used for any purpose outside the scope of the Service described in this policy.
  • Data deletion on disconnect: When you remove the Trợ Lý Page app from Facebook or disconnect a Page, we immediately delete/invalidate the Page Access Token and stop collecting data from that Page. Historical data will be deleted upon request (see Data Deletion Instructions).
  • Data Deletion Callback: We support the data deletion mechanism required by Meta for Facebook users (see the Data Deletion page).
  • Transparency: This Privacy Policy is publicly available and always accessible from the trolypage.com homepage.

6. Data Protection

We implement technical and organizational security measures that meet industry standards:

  • Transport encryption: All data transmitted between browsers/applications and our servers is encrypted using TLS 1.2+.
  • Storage encryption: Access Tokens (Facebook, Instagram, Zalo…), API Keys, and passwords are encrypted at rest in the database using strong algorithms.
  • Data isolation (Multi-tenant Isolation): Each account can only access its own data. Data between accounts is fully isolated at the application level.
  • Webhook authentication: All webhooks from Meta are verified using digital signatures (X-Hub-Signature) to ensure authenticity and prevent tampering.
  • Regular backups: Data is backed up daily with secure backup retention policies.
  • Audit logging: All access activities, configuration changes, and important system operations are logged.
  • Access controls: Multi-level permission system (account owner, team members, restricted permissions).

7. Data Storage

  • Location: Data is stored on servers in Vietnam and/or Asia-Pacific region data centers.
  • Retention periods:
    • Account data: Throughout the duration of Service use + 7 days after account deletion is scheduled.
    • Conversation history: According to your configuration; stored throughout the duration of use by default.
    • Access Tokens: Until you disconnect the channel, revoke permissions, or the token expires.
    • Payment transactions: Minimum 5 years (Vietnamese accounting law requirements).
    • System logs: Maximum 12 months, then automatically deleted.

8. Your Data Rights

Under Decree 13/2023/ND-CP and Meta policies, you have the following rights:

  • Right to be informed: Know exactly what information is being collected, used, stored, and shared.
  • Right to consent: Consent to or refuse processing of your personal data.
  • Right of access: Request to view all personal data we currently store.
  • Right to correction: Request to update or correct inaccurate information.
  • Right to deletion: Request deletion of all or part of your personal data (see Data Deletion Instructions).
  • Right to restrict processing: Request restriction of data processing in certain specific circumstances.
  • Right to data portability: Request to receive a copy of your data in a common format (JSON, CSV).
  • Right to object: Object to data processing for specific purposes.
  • Right to withdraw consent: Revoke Fanpage and social channel access at any time from Facebook settings or the Trợ Lý Page platform.
  • Right to complain: File a complaint with the relevant competent authority if you believe your rights have been violated.

To exercise any of these rights, please email [email protected]. We commit to responding within 72 business hours.

9. Children's Data Protection

Our Service is not directed at children under 16 years of age and we do not intentionally collect personal data from children. If we discover that we have inadvertently collected data from a child under 16, we will delete that data immediately. If you believe we have data belonging to a child, please contact: [email protected].

10. Cookies

  • Essential cookies (required): Maintain login sessions, CSRF security, and remember your preferences. These cannot be disabled as they are necessary for the Service to function.
  • Analytics cookies (optional): Help us understand how you use the platform to improve the service. These can be disabled through your browser settings.

We do not use advertising cookies, behavioral tracking cookies, or third-party advertising pixels.

11. International Data Transfer

When using third-party AI providers (OpenAI with servers in the United States, Google with global servers, Anthropic with servers in the United States), message content may be processed on servers outside Vietnam. This transfer:

  • Is protected by TLS encryption throughout the entire transmission process.
  • Complies with each provider's API data usage policy (not used for model training).
  • Only sends the minimum data necessary for AI language processing functionality.
  • Complies with Vietnamese regulations on cross-border data transfer.

12. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When significant changes are made:

  • Notification via email to your registered address at least 15 days in advance.
  • A prominent notice displayed on the platform when you log in.
  • The "Last updated" date at the top of this page will be updated.

If you disagree with the changes, you have the right to discontinue using the Service and request deletion of all your data.

13. Data Privacy Contact

For any questions, requests, or complaints related to this Privacy Policy and personal data protection:

Response commitment: Within 72 business hours of receiving your request.