Data Deletion Instructions
HMV Chatbot AI respects your privacy under Decree 13/2023/ND-CP (Vietnam's Personal Data Protection regulation) and the requirements of integrated platforms (Facebook, Zalo, Google). This page explains how to request the deletion of personal data from our system.
Important: We process end-user personal data on behalf of the businesses (Tenants) that use our platform. If you are an end user who interacts with a chatbot deployed by a brand, your data is controlled by that Tenant β we forward your request to them and coordinate the deletion.
1. Who are you?
Pick the role that applies to you and follow the instructions below:
| Role | Description | How to request deletion |
|---|---|---|
| End user | You message a chatbot via Facebook Messenger, Zalo OA, or a Web widget operated by a business. | β Section 2 |
| Tenant Admin | You signed up for a business account on HMV Chatbot AI. | β Section 3 |
| Facebook-linked user | You signed in with Facebook to grant a business permission to manage Pages. | β Section 4 |
2. End user β messaging a chatbot
2.1 What data of yours do we store?
- Platform-issued user IDs (Facebook PSID, Zalo UID β opaque per-OA identifiers, not your phone number or email)
- Public display name and profile picture (retrieved via Graph API)
- History of messages you sent to / received from the chatbot
- Email and phone number, only if you VOLUNTARILY provided them in the conversation (lead form)
2.2 How to request deletion
Option 1 (fastest): Delete the conversation in Messenger / Zalo
Open the chat with the Page, then tap "Delete conversation". The messages disappear on your side and stop appearing in our future analytics.
Note: Messages on our server still exist until you request full deletion (Option 2).
Option 2: Send an email request
Send us an email with the following details:
Subject: Data deletion request β End User
- Page name you messaged (e.g. "MathCare - Δα»ng hΓ nh hα»c ToΓ‘n")
- Your Facebook / Zalo display name
- Your User ID or profile link (if available)
- Reason (optional)
We will:
- Verify your identity (we send a confirmation message via email or Messenger to prevent impersonation).
- Forward the request to the Tenant (Page owner).
- Complete deletion within 30 days of successful verification.
- Send a confirmation email when done.
3. Tenant Admin β business account owner
3.1 Self-service account deletion in the app
- Sign in at /login
- Go to Settings β System β Danger Zone
- Click "Delete account" and re-enter your password to confirm
- The system sets the
scheduled_for_deletionflag and emails a confirmation - After a 30-day grace period (during which you may undo), data is anonymised or deleted
3.2 Data that is deleted
- Admin account (email, name, password hash)
- The Tenant's dedicated PostgreSQL schema (messages, knowledge base, conversations, leads, settings)
- Encrypted integration tokens (Facebook, Zalo, Email/SMTP)
- Uploaded files (knowledge base documents)
3.3 Data retained as required by law
- VAT invoices β 5 years per Vietnamese accounting law
- Anonymised login audit log β 90 days
4. Facebook-linked user β granted Page permission via "Login with Facebook"
When you (as a Tenant Admin) sign in with Facebook and authorise our app to manage Facebook Pages, we receive and store the following from your FB account:
- Facebook User ID (used solely to authenticate the OAuth session)
- Page Access Token (encrypted with AES-256-GCM, stored in the Tenant's schema)
- Names and profile pictures of the Pages you manage (for UI display)
- The IDs of Pages you chose to connect
4.1 How to revoke permission and delete the token
Step 1: Disconnect inside the app
- Sign in at /login
- Go to Settings β Integrations β Connected Pages
- Click the page you want to disconnect β Danger Zone tab β "Disconnect"
- The token is deleted from the database immediately
Step 2: Revoke the permission on Facebook
- Go to Facebook Settings β Business Integrations
- Find the app named HMV Chatbot AI or HMV App
- Click "Remove" to revoke every permission
4.2 Request full deletion of every Facebook-linked record
If you want every record connected to your Facebook account fully deleted:
Subject: Data deletion request β Facebook Login
- Email of the Tenant account you registered
- Facebook name you used to sign in
- List of connected Pages (if you remember)
We will delete the Facebook User ID, every Page Access Token, and related records within 30 days.
5. Deletion timeline summary
| Data type | Processing time |
|---|---|
| Integration token (FB / Zalo) on disconnect | Immediate |
| Tenant account (after self-deletion) | 30-day grace period β permanent deletion |
| End-user data (request via email) | 30 days from successful identity verification |
| Database backups | Up to 90 days, then auto-deleted |
| Login audit log | 90 days, auto-pruned |
| VAT invoices | 5 years (accounting law) |
6. Contact our DPO (Data Protection Officer)
- DPO email: privacy@hmvapp.com
- Legal email: legal@hmvapp.com
- General support: support@hmvapp.com
- Hotline: +84 24 5678 9012 (business hours, GMT+7)
- Address: N&D EDU GROUP, Hanoi, Vietnam
If you are not satisfied with how your deletion request is handled, you have the right to lodge a complaint with the Authority of Information Security (Ministry of Information and Communications, Vietnam) under Decree 13/2023/ND-CP.
See also: Privacy Policy Β· Terms of Service
This English version is provided for convenience and for compliance review by international partners (e.g. Meta Platforms, Google). The Vietnamese version is the canonical text for users residing in Vietnam.