Legal Document

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how [Your Company Name] ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use WapBizSuite — a WhatsApp Business automation platform. Please read this policy carefully before using our service.

1

Introduction

[Your Company Name] operates WapBizSuite, a software-as-a-service platform that enables businesses to send automated WhatsApp notifications, manage customer conversations, and integrate with e-commerce platforms via the Meta WhatsApp Business Cloud API.

This policy applies to all users of WapBizSuite, including account owners, administrators, team members, and any individual whose personal data is processed through the platform. It covers personal data collected from our website, the application itself, and data you upload or generate while using the service.

We operate as a data processor for the personal data of your customers (the people you message via WhatsApp) and as a data controller for your own account information. Our use of the WhatsApp Business Platform is governed by Meta's terms and policies in addition to our own.

2

Information We Collect

We collect the following categories of information when you use WapBizSuite:

Account Information

  • Your full name and email address provided at registration
  • Your password (stored as a one-way cryptographic hash — we never store your plaintext password)
  • Business name and role within your organisation

WhatsApp Credentials

  • WhatsApp Business Account (WABA) ID and Phone Number ID
  • Meta API access tokens — stored encrypted using AES-256-CBC at rest
  • WhatsApp Business display name and verified business information

Store Integration Data

  • Shopify store URL and API credentials (access tokens encrypted at rest)
  • WooCommerce store URL and API key/secret pairs (encrypted at rest)
  • Order and customer data received from your connected store (processed on your behalf)

Message Data

  • Conversation history between your business and your customers
  • Message content, delivery timestamps, and delivery/read status
  • Template messages you create and submit to Meta for approval

Contact Data

  • Customer names, phone numbers, and email addresses you import or that are generated via store integrations
  • Customer opt-in/opt-out status and consent timestamps
  • Custom tags and notes you attach to contacts

Usage Data

  • Login history, timestamps, and IP addresses
  • Browser type, operating system, and device information
  • Features used and actions taken within the platform (for security and audit purposes)

Payment Information

  • All payment processing is handled by third-party payment processors
  • We do not store your full credit card number, CVV, or banking details
  • We retain billing records (plan type, amount, date) for accounting and tax purposes
3

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the service: authenticating your account, enabling platform features, storing your configuration and data
  • Sending WhatsApp messages on your behalf: connecting to Meta's WhatsApp Cloud API using your credentials to deliver messages to your customers
  • Processing order notifications: receiving webhook events from your Shopify or WooCommerce store and triggering the appropriate WhatsApp notification flows
  • Email notifications: sending system alerts and account emails through your configured SMTP provider
  • Security and fraud prevention: monitoring for unauthorised access attempts, enforcing rate limits, and maintaining audit logs
  • Platform improvement: analysing aggregate, anonymised usage patterns to improve features and performance
  • Legal compliance: fulfilling our obligations under applicable law, including data protection regulations, tax law, and law enforcement requests
  • Customer support: diagnosing issues and responding to your support requests

We do not sell your personal data or your customers' data to any third party. We do not use your data or your customers' data for advertising purposes.

4

Third-Party Services We Use

WapBizSuite integrates with external services that may process your data. These are:

  • Meta Platforms (WhatsApp Cloud API): all WhatsApp messages sent through WapBizSuite are routed through Meta's infrastructure. Message content and delivery data are processed by Meta according to Meta's own privacy policy and the WhatsApp Business Terms of Service.
  • Your connected e-commerce platform (Shopify / WooCommerce): order and customer data is received from your store via API. We act as a data processor for this data on your behalf.
  • Your configured SMTP provider: system notification emails are sent via the SMTP credentials you supply. Your SMTP provider processes the email content and recipient address.
  • Cloud hosting and infrastructure: our servers and databases are hosted with a reputable cloud provider. Data is stored in encrypted form. We maintain a Data Processing Agreement with our hosting provider.
  • Payment processor: subscription billing is handled by a third-party payment processor. Their privacy policy applies to payment data.

We do not integrate Google Analytics, Facebook Pixel, or any third-party advertising or behavioural tracking tools into the WapBizSuite application.

5

Data Retention

We retain your data for the following periods:

  • Account data: retained for the duration your account is active, plus 90 days after account deletion to allow for recovery or dispute resolution
  • Message history: conversation records are retained for 12 months by default. You can delete individual conversations or export data at any time via the platform.
  • Login and security logs: retained for 90 days for security monitoring and fraud investigation
  • Opt-out records: records of contacts who have opted out of receiving messages are retained indefinitely to ensure compliance with opt-out requests and applicable regulations
  • Billing records: retained for 7 years in accordance with standard accounting and tax obligations
  • Backup data: encrypted backups may be retained for up to 30 days before being purged

After the applicable retention period, data is securely deleted or anonymised so that it can no longer be attributed to any individual.

6

Your Rights (GDPR & Data Protection)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR or UK GDPR:

  • Right of access: you may request a copy of the personal data we hold about you
  • Right to rectification: you may correct inaccurate or incomplete personal data at any time via your account settings
  • Right to erasure: you may request deletion of your account and associated data, subject to our legal retention obligations
  • Right to data portability: you may export your contacts, message history, and configuration data via the CSV/JSON export feature in the platform
  • Right to restrict processing: in certain circumstances you may request we limit how we use your data
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to object: you may object to processing based on legitimate interests

To exercise any of these rights, please contact us at [contact@yourdomain.com]. We will respond within 30 days (or within the statutory period required by applicable law). We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EU).

7

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest: all sensitive credentials (API tokens, access keys) are encrypted using AES-256-CBC before being stored in the database
  • Encryption in transit: all communication between your browser and our servers, and between our servers and external APIs, uses HTTPS/TLS 1.2 or higher
  • Password security: passwords are hashed using a strong one-way hashing algorithm; we never store plaintext passwords
  • Access controls: role-based permissions restrict which team members can access sensitive configuration, billing information, and admin functions
  • Two-factor authentication: 2FA is available for all accounts and strongly recommended
  • Brute-force protection: repeated failed login attempts result in temporary account lockout
  • Regular security reviews: we conduct periodic reviews of our security practices and access controls

While we take every reasonable precaution, no method of internet transmission or electronic storage is 100% secure. In the event of a data breach affecting your personal data, we will notify you in accordance with applicable law and our Data Processing Agreement.

8

International Data Transfers

WapBizSuite operates globally, and your data may be processed in countries outside your own. In particular, data transmitted through the WhatsApp Cloud API is processed by Meta Platforms on infrastructure that may be located in the United States or other jurisdictions.

Where personal data is transferred outside the European Economic Area or the United Kingdom to countries that do not provide an equivalent level of data protection, we rely on appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs) where applicable
  • Adequacy decisions where available

A copy of the relevant transfer mechanism can be provided on request by contacting [contact@yourdomain.com].

9

Children's Privacy

WapBizSuite is a business-to-business platform intended solely for use by individuals who are 18 years of age or older and who are acting in a business capacity. We do not knowingly collect personal data from anyone under the age of 18.

If you believe a minor has provided us with personal information, please contact us immediately at [contact@yourdomain.com] and we will take steps to delete that information promptly.

10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

  • Send a notification email to the address associated with your account
  • Update the "Last updated" date at the top of this page
  • Display a prominent notice within the application for a reasonable period

Your continued use of WapBizSuite after any changes to this policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the service and may request deletion of your account.

11

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

[Your Company Name]

[Your Address]

Email: [contact@yourdomain.com]

Website: [yourdomain.com]

We aim to respond to all privacy-related inquiries within 5 business days.