Technical Overview

This page is intended for technical, IT and operational stakeholders who want a deeper understanding of how ChatFox is implemented, integrated and governed.

If you are primarily interested in business outcomes, pricing, or use cases, you do not need to read this page.

How ChatFox Works (Technical Flow)

ChatFox is a managed AI chatbot solution that operates on WhatsApp via the official WhatsApp Business API. It securely connects to your systems, orchestrates AI responses and delivers production-ready conversational automation.

Below is the end-to-end technical flow of a typical interaction.

1. Customer Sends a Message

  • A user sends a message via WhatsApp (e.g. text and other supported message types)

  • The customer uses the standard WhatsApp app — no downloads or accounts required

  • The channel is available 24/7

2. Meta WhatsApp Business API Receives the Message

  • The message is received via Meta’s official WhatsApp Business API

  • A secure webhook notifies ChatFox in real time

3. ChatFox Receives and Processes the Message

ChatFox establishes context and applies your configured controls:

  • Conversation context is loaded (including history where enabled)

  • Agent prompts, business rules, and safety policies are applied

  • Relevant data can be retrieved from connected systems (e.g. CRM, booking, databases)

3a. External Integrations (Optional)

ChatFox can integrate with third-party systems to retrieve or update data, such as:

  • CRM platforms

  • Accounting systems

  • Calendars and email platforms

  • Custom back-office systems via APIs

4. AI Model Generates a Response

When an AI response is required:

  • The relevant message content and context is sent to your selected LLM provider (or self-hosted model)

  • The model generates a response based on your prompts, rules and available context

5. ChatFox Validates and Enhances the Response

Before a response is delivered:

  • Safety filters and validation rules are applied

  • Any configured tool actions are executed (e.g. create a lead, update a record, book an appointment)

  • Message formatting is applied for WhatsApp where required

  • Audit logs and conversation state are updated

6. Response Delivered via WhatsApp

  • ChatFox sends the validated response back through the WhatsApp Business API

  • Delivery is handled through Meta’s infrastructure

7. Customer Receives a Reply

  • The user receives an immediate response in the same WhatsApp conversation

  • The conversation continues seamlessly, with optional history retained for future context

How ChatFox Works (Technical Overview)

ChatFox is a managed AI chatbot solution designed to operate on WhatsApp via the official WhatsApp Business API. It combines AI models, system integrations and layered safety controls to deliver reliable, production-ready conversational automation.

ChatFox is not a self-service chatbot builder. Configuration, integration, deployment and ongoing management are handled by the ChatFox team to ensure stability, security, and real-world usability.

WhatsApp Integration

How ChatFox Connects to WhatsApp

ChatFox connects to WhatsApp using the official Meta (WhatsApp) Business API, ensuring a secure and compliant implementation.

The integration process works as follows:

  • You retain full ownership and control of your Meta and WhatsApp Business accounts

  • ChatFox can assist with WhatsApp Business Account (WABA) setup if required

  • ChatFox is added as a partner to your WABA, granting integration access without transferring ownership

  • Messages are sent and received via the official Meta API

  • Secure webhooks deliver incoming messages to ChatFox in real time

  • Messages are processed using configured AI models, conversation context and integrated systems before responses are sent back via WhatsApp

ChatFox never takes ownership of your accounts or customer data. Access can be revoked at any time.

AI Models & Provider Flexibility

Supported AI Model Providers

ChatFox is provider-agnostic and can operate with a wide range of Large Language Model (LLM) providers, including:

  • OpenAI (e.g. GPT-5, GPT-4, GPT-3.5)

  • Google (Gemini)

  • Anthropic (Claude)

  • Microsoft Azure OpenAI Service

  • Mistral and other open-source models

  • Self-hosted models (e.g. via Hugging Face, vLLM or private infrastructure)

Different agents or use cases can run on different models, allowing optimisation for performance, cost or compliance. You are not locked into a single AI provider.

What Happens if an AI Provider Changes Pricing or Policies?

You contract with and pay your AI provider directly. ChatFox does not resell or bundle AI usage.

If a provider changes pricing, rate limits, or policies:

  • The change is handled between you and the provider

  • ChatFox continues to operate independently

  • The ChatFox team can support reconfiguration, optimisation or provider switching if required

Data Processing, Hosting & Ownership

Where Is ChatFox Hosted and Where Is Data Stored?

ChatFox’s services and all data retained by ChatFox are securely hosted in the United Kingdom, using AWS Europe (London) – eu-west-2.

  • Data retained by ChatFox remains within UK data centres

  • ChatFox does not move or store retained data outside the UK

Please note:

  • WhatsApp messages are processed through Meta’s global infrastructure and may be handled outside the UK

  • AI processing is performed by your selected LLM provider; depending on the provider, data sent for inference may temporarily leave the UK

ChatFox follows UK data protection standards. If you have specific compliance requirements, these can be discussed during discovery.

Who Processes the Data?

Data processing is split across two layers:

  • ChatFox platform processing
    ChatFox processes messages to operate the service, manage conversation flows, store conversation history (where enabled) and support analytics and hand-off.

  • AI model processing
    When AI responses are required, relevant data is sent to your selected LLM provider.

    • For cloud-based models, processing occurs under the provider’s policies

    • For self-hosted models, all processing remains within your own infrastructure

ChatFox does not sell or share client data.

Are Prompts and Responses Stored?

Yes. Storage of prompts and responses is fully configurable by the client.

You control:

  • Whether conversation data is stored

  • How long it is retained

Conversation history can improve contextual accuracy but can be limited or disabled to meet internal or regulatory requirements.

Can We Export Prompts and Data?

Yes. All client data can be exported via the ChatFox admin interface, including:

  • Custom prompts

  • Conversation histories

  • WhatsApp user details

  • Other chatbot-related data

You retain full ownership and control of your data. Nothing is locked in.

Integrations & Automation

Can ChatFox Integrate with Third-Party or External Systems?

Yes. ChatFox can integrate with third-party and external systems to both read and write data, enabling real business process automation.

Examples include:

  • CRM platforms (Salesforce, HubSpot, Zoho CRM)

  • Accounting systems (QuickBooks, Xero, Sage)

  • Microsoft 365 (email, calendars, contacts)

  • Google Workspace (Calendar, Sheets, email)

  • Custom or proprietary systems via APIs

Integrations are scoped and configured during setup based on your requirements.

Human Handover

Can the AI Hand Off to a Human?

Yes. ChatFox supports seamless AI-to-human hand-off.

Capabilities include:

  • Manual takeover via the admin interface

  • Automated alerts when defined conditions are met

  • Pausing AI responses during human interaction

  • Returning control to the AI when appropriate

This ensures automation is balanced with human oversight.

Reliability, Monitoring & Access Control

Do You Provide SLA’s or Uptime Targets?

ChatFox aims to deliver high service uptime in line with industry standards for SaaS platforms.

  • Systems are built on robust infrastructure with multiple safeguards

  • Services are monitored 24/7 to minimise downtime and resolve issues quickly

  • Planned maintenance or incidents are communicated where possible

While occasional interruptions may occur due to factors outside ChatFox’s control (such as third-party outages), reliability is treated as a priority.

Support response times are governed by ChatFox’s internal support SLA. If you have specific support or availability requirements, these can be discussed directly with the team.

How Do You Manage Uptime, Monitoring, and Reliability?

ChatFox uses a combination of custom-built monitoring tools and industry-standard infrastructure monitoring.

This includes:

  • 24/7 monitoring and real-time alerting

  • Detailed logging of system health and message flows

  • Monitoring of message delivery and processing performance

Where appropriate, monitoring data and logs may also be available to clients for visibility into chatbot performance.

If issues are detected, the ChatFox team is alerted immediately to ensure rapid response.

How Is Portal Access Secured?

Access to the ChatFox admin portal is secured using One-Time Passwords (OTP) sent to the registered email address.

  • No passwords to manage or remember

  • OTPs are single-use and time-limited

  • Access requires both email ownership and the active OTP

This approach provides a strong balance between security and usability. If additional access control requirements are needed, these can be discussed.

Safety, Security & Compliance

Security Standards Alignment

ChatFox follows established security best practices and is actively working towards certification for:

  • ISO 27001 (Information Security Management)

  • ISO 42001 (AI Management Systems)

Security controls include independent penetration testing, regular system reviews and industry-standard data protection practices.

Safety, Audit & Validation Controls

ChatFox implements its own safety, audit and validation layers, in addition to safeguards provided by AI model providers.

These include:

  • Configurable safety filters

  • Pre-processing validation before data reaches an LLM

  • Post-processing validation before responses are sent

  • Comprehensive audit logging

  • Policy-driven configuration aligned with regulatory or internal requirements

This layered approach ensures control, traceability and compliance.

Summary for Technical Stakeholders

  • Official WhatsApp Business API integration

  • Provider-agnostic AI model architecture

  • UK-hosted platform data (AWS London)

  • Client-controlled data retention and export

  • Layered safety, audit, and validation controls

  • Third-party system integration (read/write)

  • Human hand-off and managed support

  • Continuous monitoring and reliability focus