Privacy Policy

WapiTech Technologies Private Limited

Effective Date: January 1, 2025  |  Last Updated: January 1, 2025

Table of Contents

  1. 1. Introduction
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. WhatsApp and Meta Data Handling
  5. 5. How We Share Your Information
  6. 6. Data Security
  7. 7. Data Retention
  8. 8. Your Rights and Choices
  9. 9. Cookies and Tracking Technologies
  10. 10. Third-Party Services
  11. 11. Children's Privacy
  12. 12. International Data Transfers
  13. 13. Changes to This Privacy Policy
  14. 14. Contact Us

1. Introduction

WapiTech Technologies Private Limited ("WapiTech", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp Business API platform and related services (collectively, the "Services") available at wapitech.in.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

This Privacy Policy is effective as of January 1, 2025.

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use our Services, and information from third-party sources.

2.1 Information You Provide Directly

Account Registration: Name, email address, phone number, company name, GST number, and billing information when you create an account.

Business Information: Your WhatsApp Business Account details, business description, business category, and Meta Business Manager ID.

Contact Data: Contact lists, phone numbers, and customer data you upload to our platform for messaging purposes.

Message Content: Templates, campaign content, chatbot flows, and messages you create and send through our platform.

Communications: Messages you send to our support team, feedback, and survey responses.

2.2 Information Collected Automatically

Log Data: IP address, browser type, operating system, referral URLs, device information, and pages visited.

Usage Data: Features used, campaigns created, messages sent, API calls made, and time spent on the platform.

Cookies and Tracking: We use cookies, web beacons, and similar tracking technologies to collect information about your use of our Services (see Section 9 for details).

Performance Data: Campaign delivery rates, read rates, response rates, and other analytics data.

2.3 Information from Third-Party Sources

Meta/WhatsApp Data: We receive data from Meta Platforms Inc. about your WhatsApp Business Account, message delivery status, and API usage in accordance with our Meta Tech Provider agreement.

Payment Processors: Transaction data from our payment processor partners (Razorpay, Stripe) in connection with billing.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Services

To create and manage your account and provide you with the WhatsApp Business API platform.

To process transactions and send related information, including purchase confirmations and invoices.

To enable you to send WhatsApp messages, create chatbots, and manage campaigns through our platform.

To monitor and analyze usage patterns to improve our Services.

To detect, investigate, and prevent fraudulent transactions and other illegal activities.

3.2 Communications

To send you technical notices, updates, security alerts, and administrative messages.

To respond to your comments, questions, and requests and provide customer support.

To send promotional communications (with your consent or as permitted by law), such as information about products, services, events, and promotions.

3.3 Legal and Compliance

To comply with applicable laws, regulations, and legal processes.

To enforce our Terms of Service and other agreements.

To protect the rights, property, and safety of WapiTech, our customers, and others.

To comply with WhatsApp's Business Policy and Meta's Platform Terms of Service.

3.4 Analytics and Research

To understand how our Services are used and to improve them.

To generate aggregated, anonymized statistics about our platform usage.

4. WhatsApp and Meta Data Handling

As a Meta Tech Provider and authorized WhatsApp Business Solution Provider (BSP), we handle WhatsApp-related data with particular care and in strict compliance with Meta's policies.

4.1 Data Shared with Meta

To provide our Services, we share certain data with Meta Platforms Inc. ("Meta") including:

Your WhatsApp Business Account registration information.

Phone numbers to which messages are sent (in hashed or encrypted form as required by Meta).

Message templates submitted for approval.

API usage data and webhook configurations.

This data sharing is governed by Meta's Terms of Service and Data Policy, which you agree to when using the WhatsApp Business API through our platform.

4.2 Message Content

We transmit your messages through Meta's WhatsApp Business API infrastructure.

Message content is transmitted using industry-standard encryption (TLS in transit, and WhatsApp's end-to-end encryption where applicable).

We do not read, analyze, or use your message content for advertising purposes.

Message logs are retained for up to 90 days for delivery tracking and customer support purposes, after which they are deleted or anonymized.

4.3 End User Data (Your Customers)

When you use our platform to message your customers, you are acting as a data controller for your customers' personal data. WapiTech acts as a data processor on your behalf. You are responsible for:

Obtaining valid opt-in consent from your customers before sending them WhatsApp messages.

Providing your customers with clear information about how their data will be used.

Honoring opt-out requests and maintaining do-not-message lists.

Complying with the Information Technology Act, 2000, and applicable data protection laws in India.

4.4 WhatsApp Policy Compliance

All messages sent through our platform must comply with WhatsApp's Business Policy. We monitor for policy violations and reserve the right to suspend accounts that violate WhatsApp's messaging policies, including sending unsolicited messages (spam) or messages to users who have not opted in.

5. How We Share Your Information

We do not sell, trade, or otherwise transfer your personal information to outside parties except as described below:

5.1 Service Providers

We share your information with third-party service providers that perform services on our behalf, including:

**Meta Platforms Inc.**: To provide WhatsApp Business API services.

**Razorpay / Stripe**: For payment processing.

**Amazon Web Services (AWS)**: For cloud infrastructure and data hosting.

**SendGrid / Mailgun**: For transactional email services.

**Google Analytics**: For website analytics (anonymized data).

**Intercom / Freshdesk**: For customer support.

5.2 Business Transfers

If WapiTech is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of WapiTech, or prevent or investigate possible wrongdoing.

5.4 Aggregated Data

We may share aggregated, non-personally identifiable information with third parties for research, marketing, analytics, and other purposes.

6. Data Security

We implement robust technical and organizational measures to protect your personal information:

- Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. - Access Controls: Role-based access control (RBAC) limits access to your data to authorized personnel only. - Infrastructure Security: Our servers are hosted on AWS with SOC 2 Type II compliance and regular penetration testing. - API Security: API keys are hashed and never stored in plaintext. We support IP whitelisting and key rotation. - Monitoring: We use 24/7 automated monitoring and alerting for suspicious activities. - Incident Response: We maintain a documented incident response plan and will notify affected users within 72 hours of discovering a data breach.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

- Account Information: Retained for the duration of your account plus 3 years after account closure. - Message Logs: Retained for 90 days, then deleted or anonymized. - Billing Records: Retained for 7 years as required by Indian tax law (GST compliance). - Marketing Consent Records: Retained indefinitely to demonstrate compliance. - Support Tickets: Retained for 2 years after ticket resolution.

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Portability

You may request a copy of the personal information we hold about you. We will provide this in a structured, commonly used, machine-readable format within 30 days.

8.2 Correction

You may request that we correct inaccurate or incomplete information about you through your account settings or by contacting us.

8.3 Deletion

You may request deletion of your personal information (the "right to be forgotten"). We will comply with deletion requests subject to our legal obligations to retain certain data.

8.4 Opt-Out of Marketing

You may opt out of receiving promotional communications from us by clicking the "unsubscribe" link in any email or by contacting us. Note that you will still receive transactional emails related to your account.

8.5 Data Processing Objection

You may object to our processing of your personal data where we rely on legitimate interests as the legal basis for processing.

To exercise any of these rights, please contact us at privacy@wapitech.in. We will respond to all requests within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information and to improve and analyze our Services.

Types of Cookies We Use:

**Essential Cookies**: Required for the platform to function. Cannot be disabled.

**Performance Cookies**: Help us understand how visitors interact with our website (e.g., Google Analytics).

**Functional Cookies**: Remember your preferences and settings.

**Marketing Cookies**: Used to deliver relevant advertisements (only with your consent).

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services. We honor "Do Not Track" signals where technically feasible.

10. Third-Party Services

Our Services may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party websites, and we encourage you to review their privacy policies.

We are not responsible for the privacy practices or content of third-party services. The inclusion of a link does not imply endorsement by WapiTech.

Key third-party services we use: - Meta Platforms: WhatsApp Business API (see Meta's Privacy Policy) - Google: Analytics, Fonts (see Google's Privacy Policy) - Razorpay: Payment processing (see Razorpay's Privacy Policy) - AWS: Cloud infrastructure (see AWS's Privacy Policy)

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information from our servers.

12. International Data Transfers

WapiTech is based in India and our primary data processing occurs in India. However, some of our service providers (including Meta and AWS) may process your data in other countries, including the United States and European Union.

When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws, including standard contractual clauses where required.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: - Posting the new Privacy Policy on this page with an updated effective date. - Sending you an email notification (for registered users). - Displaying a prominent notice in our platform.

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

WapiTech Technologies Private Limited

Attn: Data Protection Officer

Mumbai, Maharashtra, India — 400001

Email: privacy@wapitech.in Phone: +91 XXXXXXXXXX General Support: support@wapitech.in

We will respond to all privacy-related inquiries within 30 days.

Questions about this policy? Contact our Data Protection Officer at privacy@wapitech.in or write to us at WapiTech Technologies Private Limited, Mumbai, Maharashtra, India — 400001.