Privacy Policy
Last Updated: February 15, 2026
[Company Name] ("we", "us", "our", or the "Company")
[Registered Address]
[Website URL]
1. Introduction
This Privacy Policy describes how [Company Name] collects, uses, stores, and protects personal data when you use our cloud-based WhatsApp contact center platform (the "Service"). The Service provides businesses with a multi-channel messaging solution that includes agent dashboards, manager analytics, message routing, AI-assisted agent tools, and chatbot automation, all powered by the WhatsApp Cloud API provided by Meta Platforms, Inc.
We are committed to protecting the privacy and security of all personal data processed through our platform. This policy applies to all users of our Service, including end-customers who communicate via WhatsApp, agents, managers, and administrators.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you are a business customer using our platform, you are responsible for ensuring that your own end-users are informed about how their data is processed.
2. Data We Collect
We collect and process the following categories of personal data:
2.1 End-Customer Data (WhatsApp Users)
- Phone numbers (as provided via WhatsApp)
- WhatsApp display names and profile information
- Message content (text, images, documents, audio, video)
- Message metadata (timestamps, delivery status, read receipts)
- Conversation history and interaction records
2.2 Agent and Administrator Data
- Full name, email address, and role designation
- Authentication credentials (securely hashed passwords)
- Activity logs (login times, conversation assignments, actions taken)
- Performance metrics (response times, resolution times, conversation volumes)
2.3 Business and Tenant Data
- Organization name and identifier
- WhatsApp Business Account configuration data
- Chatbot flow definitions and automation configurations
- Auto-greeting templates and knowledge base content
2.4 Technical and Analytics Data
- Aggregated conversation volume and traffic patterns
- Queue depth and wait time statistics
- System performance metrics
- Browser type, IP address, and device information (for platform access)
3. How We Use Your Data
We process personal data for the following purposes:
- Service Delivery: To facilitate messaging between businesses and their customers via WhatsApp, including message routing, queue management, and conversation assignment.
- AI-Assisted Features: To generate suggested replies, conversation summaries, and sentiment analysis for agents using artificial intelligence service providers. Message content may be processed by AI systems to provide these features.
- Chatbot Automation: To execute automated conversation flows configured by business administrators, including welcome messages, department routing, and interactive menus.
- Analytics and Reporting: To provide managers and administrators with operational insights, including agent performance metrics, conversation volumes, and response time analytics.
- Account Management: To authenticate users, manage roles and permissions, and maintain platform security.
- Service Improvement: To monitor system performance, identify issues, and improve the reliability and functionality of our platform.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. Legal Basis for Processing
We process personal data under the following legal bases in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws:
- Contractual Necessity: Processing is necessary for the performance of our contract with business customers to provide the Service.
- Legitimate Interest: Processing is necessary for our legitimate interests in operating, maintaining, and improving the Service, provided these interests are not overridden by the data subject's rights.
- Consent: Where required, we obtain consent for specific processing activities. End-customers consent to data processing by initiating or continuing communication via WhatsApp with a business that uses our platform.
- Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
5. Data Sharing and Third-Party Services
We may share personal data with the following categories of third parties:
- Meta Platforms, Inc.: Message content and phone numbers are transmitted via the WhatsApp Cloud API, which is operated by Meta. Meta's use of this data is governed by its own privacy policies and the WhatsApp Business Terms of Service.
- Cloud Infrastructure Providers: We use reputable cloud hosting services to store and process data. All data is stored in secure, professionally managed data centers.
- AI Service Providers: Message content may be processed by third-party AI service providers to generate suggestions, summaries, and analytical insights for agents. We select providers that maintain appropriate data protection standards.
- Business Customers (Tenants): As a multi-tenant platform, the business customer that operates the WhatsApp number has access to conversation data, agent performance metrics, and analytics for their own tenant.
We do not sell personal data to third parties. We do not share data across tenants. Each business customer's data is logically isolated from other customers on our platform.
6. Data Retention
We retain personal data in accordance with the following principles:
- Conversation Data: Message content and conversation records are retained for the duration of the business customer's subscription, plus a reasonable period thereafter (not exceeding 90 days) to facilitate service continuity and account recovery.
- Agent and Administrator Data: Account data is retained for the duration of the user's active account. Upon account deletion, personal data is removed within 30 days, except where retention is required for legal or audit purposes.
- Analytics Data: Aggregated and anonymized analytics data may be retained for up to 24 months for service improvement purposes.
- Backup Data: Encrypted backups may retain data for up to 30 days beyond the primary deletion date for disaster recovery purposes.
Business customers may request earlier deletion of their data by contacting us at [Contact Email].
7. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption of data in transit using TLS/SSL protocols
- Secure hashing of authentication credentials (bcrypt)
- Role-based access controls with principle of least privilege
- Multi-tenant data isolation at the application and database levels
- Regular security assessments and vulnerability monitoring
- Rate limiting and abuse prevention mechanisms
- Webhook signature verification for WhatsApp API communications
- Secure infrastructure deployed in professionally managed cloud environments
8. Your Rights
Under applicable data protection laws, including the GDPR, you have the following rights:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You may request the deletion of your personal data, subject to legal retention obligations.
- Right to Restrict Processing: You may request that we limit the processing of your personal data in certain circumstances.
- Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: You may object to the processing of your personal data where we rely on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
To exercise any of these rights, please contact us at [Contact Email]. We will respond to your request within 30 days, as required by applicable law.
If you are an end-customer who communicated with a business via WhatsApp, please direct your data rights requests to the business you communicated with, as they are the data controller for your conversation data. We will cooperate with the business to fulfill such requests.
9. Data Deletion Instructions
How to Request Deletion of Your Data
If you wish to have your data deleted from our system, you may do so through any of the following methods:
- Email Request: Send an email to [Contact Email] with the subject line "Data Deletion Request". Include the phone number or email address associated with your data so we can locate and remove your records.
- Business Contact: Contact the business you communicated with via WhatsApp and request that they delete your conversation data through their administrator dashboard.
- Administrator Self-Service: Business administrators can delete conversations, agent accounts, and associated data directly through the platform's management interface.
Upon receiving a valid deletion request, we will:
- Delete or anonymize all personal data associated with the request within 30 days
- Remove the data from all active systems and databases
- Ensure the data is purged from backups within 90 days
- Confirm the deletion to the requestor via email
Note: Certain data may be retained where required by applicable law, regulation, or legitimate legal claims.
10. International Data Transfers
Our Service operates using cloud infrastructure that may process data in various geographic locations. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.
11. Children's Privacy
Our Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify business customers of material changes via email or through the platform. The "Last Updated" date at the top of this policy indicates when it was last revised. Continued use of the Service after such changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
[Company Name]
[Registered Address]
Email: [Contact Email]
Website: [Website URL]
You also have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection laws.