Privacy Policy
Privacy Policy
Effective Date: January 14, 2026
Last Updated: January 14, 2026
Wappilo ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp Business API platform and related services (the "Services").
This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Meta's data protection requirements, and payment gateway compliance standards.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
Name, email address, phone number
Business name and registration details
Billing address and tax information
Job title and role within your organization
Payment Information:
Credit card or bank account details (processed by payment gateways)
Billing history and transaction records
Tax identification numbers
Profile Information:
Profile photos and business logos
Company description and industry
Business verification documents
Communications:
Messages sent through our platform
Support inquiries and correspondence
Feedback and survey responses
1.2 Information Collected Automatically
Usage Data:
IP address and device identifiers
Browser type and version
Operating system information
Pages visited and time spent
Click patterns and navigation paths
Referring URLs and exit pages
Technical Data:
Cookies and similar tracking technologies
API usage logs and metrics
Error logs and crash reports
Performance monitoring data
WhatsApp Business API Data:
Message metadata (timestamps, delivery status, read receipts)
Contact information of message recipients
Message templates and content
Conversation metrics and analytics
Quality ratings and user feedback
1.3 Information From Third Parties
Meta/WhatsApp:
Business verification status
WhatsApp Business Account information
Quality ratings and policy compliance status
Message delivery analytics
Payment Processors:
Transaction completion status
Payment method verification
Fraud detection signals
Integration Partners:
CRM data (when you connect integrations)
E-commerce platform information
Customer support system data
2. How We Use Your Information
2.1 To Provide and Improve Services
Create and manage your account
Process and fulfill transactions
Deliver WhatsApp Business API access
Provide customer support
Send service-related notifications
Develop and improve our platform
Personalize user experience
2.2 For Business Operations
Analyze usage patterns and trends
Monitor platform performance
Detect and prevent fraud
Ensure platform security
Comply with legal obligations
Enforce our Terms and Conditions
2.3 For Marketing and Communication
Send promotional materials (with consent)
Provide product updates and announcements
Conduct surveys and research
Share relevant content and resources
You can opt out of marketing communications at any time.
2.4 For Compliance and Legal Purposes
Comply with Meta's policies and requirements
Meet payment gateway compliance standards
Respond to legal requests and court orders
Protect our rights and interests
Prevent illegal activities
3. Legal Basis for Processing (GDPR)
We process your personal data based on:
Contractual Necessity:
To perform our contract with you and provide Services
Legitimate Interests:
Improving our Services
Detecting and preventing fraud
Marketing to existing customers
Ensuring platform security
Legal Obligations:
Complying with tax and financial regulations
Responding to lawful requests from authorities
Meeting data protection obligations
Consent:
Marketing communications (when required)
Non-essential cookies
Data processing for new purposes
You may withdraw consent at any time without affecting previous processing.
4. How We Share Your Information
4.1 Service Providers and Partners
We share information with trusted third parties who help us provide Services:
WhatsApp/Meta:
Business verification information
Message content and metadata
Account and quality metrics
Compliance and policy-related data
Payment Processors:
Stripe, PayPal, Razorpay, and other gateways
Billing information and transaction data
Fraud prevention signals
Cloud Infrastructure:
AWS, Google Cloud, or similar providers
For hosting and data storage
Subject to strict security standards
Analytics and Monitoring:
Platform usage and performance data
Anonymized metrics and aggregated statistics
Customer Support:
Support ticket systems
Communication platforms
All service providers are contractually required to:
Use data only for specified purposes
Implement appropriate security measures
Comply with data protection laws
4.2 Business Transfers
If we undergo a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information is transferred and becomes subject to different privacy terms.
4.3 Legal Requirements
We may disclose information when required to:
Comply with legal obligations
Respond to lawful government requests
Enforce our Terms and Conditions
Protect our rights, property, or safety
Prevent fraud or illegal activities
4.4 With Your Consent
We may share information for other purposes with your explicit consent.
4.5 Aggregated and Anonymized Data
We may share aggregated or anonymized data that cannot identify you with:
Business partners
Researchers and academics
Industry reports and publications
5. Data Retention
5.1 Retention Periods
We retain your information for as long as:
Your account is active
Necessary to provide Services
Required by legal obligations
Needed for legitimate business purposes
Specific Retention Periods:
Account data: Duration of account + 90 days
Transaction records: 7 years (tax compliance)
Message logs: 90 days (unless extended by law)
Marketing consent records: 3 years after withdrawal
Support tickets: 2 years after resolution
5.2 Deletion and Anonymization
After retention periods expire:
Data is securely deleted or anonymized
Backups are overwritten according to backup rotation
Some data may be retained in anonymized form for analytics
6. Your Privacy Rights
6.1 Rights Under GDPR (EEA/UK Users)
You have the right to:
Access: Request copies of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure ("Right to be Forgotten"): Request deletion of your data
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Objection: Object to processing based on legitimate interests
Automated Decision-Making: Not be subject to solely automated decisions with significant effects
Withdraw Consent: Withdraw consent for consent-based processing
6.2 Rights Under CCPA (California Users)
California residents have the right to:
Know: What personal information we collect, use, and disclose
Access: Request copies of specific pieces of information
Deletion: Request deletion of personal information
Opt-Out: Opt out of "sale" of personal information (we do not sell data)
Non-Discrimination: Not be discriminated against for exercising privacy rights
6.3 How to Exercise Your Rights
To exercise your rights:
Email: support@wappilo.com
Use account settings for self-service options
Contact our Data Protection Officer
We will respond within:
30 days (GDPR)
45 days (CCPA)
We may need to verify your identity before fulfilling requests.
7. Data Security
7.1 Security Measures
We implement industry-standard security measures:
Technical Safeguards:
Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Secure API authentication
Regular security audits and penetration testing
Intrusion detection and prevention systems
DDoS protection
Organizational Safeguards:
Access controls and role-based permissions
Employee security training
Background checks for personnel
Incident response procedures
Data breach notification protocols
Physical Safeguards:
Secure data centers with restricted access
Environmental controls and monitoring
Backup and disaster recovery systems
7.2 Payment Security
Payment information is processed by PCI-DSS compliant payment gateways:
We never store complete credit card numbers
Payment data is tokenized
Transactions are encrypted end-to-end
7.3 Your Responsibilities
You are responsible for:
Keeping login credentials secure
Using strong passwords
Enabling two-factor authentication
Monitoring account activity
Reporting suspicious activities immediately
7.4 No Guarantee
While we implement robust security, no system is 100% secure. You acknowledge inherent risks in transmitting information over the internet.
8. International Data Transfers
8.1 Cross-Border Transfers
We may transfer your data to countries outside your jurisdiction, including:
United States (where our infrastructure may be located)
European Economic Area
Other countries where our service providers operate
8.2 Transfer Safeguards
For transfers from the EEA/UK, we use:
Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Other lawful transfer mechanisms
8.3 Meta/WhatsApp Data Transfers
As a Meta Technology Provider, data is processed through Meta's infrastructure, which may involve international transfers subject to Meta's data transfer mechanisms.
9. Cookies and Tracking Technologies
9.1 Types of Cookies
We use cookies and similar technologies:
Essential Cookies:
Required for basic platform functionality
Session management and authentication
Security features
Performance Cookies:
Analyze platform usage
Monitor performance
Identify errors
Functional Cookies:
Remember your preferences
Personalize user experience
Save settings
Marketing Cookies:
Track advertising effectiveness
Provide targeted content
Measure campaign performance
9.2 Cookie Management
You can control cookies through:
Browser settings
Our cookie preference center
Third-party opt-out tools
Disabling essential cookies may affect platform functionality.
9.3 Third-Party Tracking
Our website may include:
Google Analytics
Social media plugins
Advertising pixels
These are subject to third-party privacy policies.
10. Children's Privacy
Our Services are not intended for individuals under 18. We do not knowingly collect information from children. If we discover we have collected a child's information, we will delete it immediately.
If you believe we have collected information from a child, contact us at support@wappilo.com.
11. Meta/WhatsApp-Specific Privacy Matters
11.1 WhatsApp Business API Relationship
As an official Meta Technology Provider:
We facilitate access to WhatsApp Business API
Message data flows through Meta's infrastructure
Meta's privacy policies also apply to WhatsApp data
We comply with Meta's data protection requirements
11.2 Message Data
What We Access:
Message metadata (timestamps, delivery status)
Message content for delivery purposes
Contact information for routing
What We Don't Access:
Personal WhatsApp messages outside Business API
End-to-end encrypted personal conversations
11.3 Your Responsibilities
When using WhatsApp Business API through Wappilo:
You are the data controller for your customer data
You must obtain necessary consents
You must provide privacy notices to your customers
You must comply with WhatsApp's policies
11.4 Meta Data Requests
Meta may request information for:
Policy enforcement
Quality monitoring
Compliance verification
Law enforcement cooperation
We will cooperate with lawful Meta requests.
12. Payment Gateway Compliance
12.1 PCI-DSS Compliance
Our payment processing complies with PCI-DSS standards:
We use certified payment processors
Cardholder data is not stored on our servers
Transactions are tokenized and encrypted
12.2 Payment Processor Privacy
Payment processors have their own privacy policies:
Stripe: https://stripe.com/privacy
PayPal: https://www.paypal.com/privacy
Razorpay: https://razorpay.com/privacy
12.3 Transaction Data
We retain transaction metadata for:
Billing and accounting
Fraud prevention
Dispute resolution
Tax compliance
13. Your Data Controller Rights
13.1 When You Are the Data Controller
If you use our Services to process your customers' data:
You are the data controller
We are the data processor
You must comply with data protection laws
You must provide privacy notices to your customers
13.2 Data Processing Agreement
Our Data Processing Agreement (DPA) covers:
Scope of processing
Data security obligations
Sub-processor arrangements
Data breach procedures
Data subject rights assistance
The DPA is available at: https://wappilo.com/dpa
14. Updates to This Privacy Policy
14.1 Notification of Changes
We may update this Privacy Policy:
Changes will be posted on this page
"Last Updated" date will be revised
Material changes will be notified via email
Significant changes may require re-consent
14.2 Review Recommendations
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
15. Contact Information
15.1 General Privacy Inquiries
Email: support@wappilo.com
Website: https://wappilo.com/privacy
15.2 Data Protection Officer
For GDPR-related matters:
Email: support@wappilo.com
16. Supervisory Authority
16.1 Right to Lodge Complaints
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
For California Users:
California Attorney General
Website: https://oag.ca.gov
17. Additional Jurisdiction-Specific Information
17.1 California Residents
Shine the Light Law: You may request information about third-party disclosures for direct marketing.
Do Not Track: Our Services do not currently respond to Do Not Track signals.
17.2 Nevada Residents
Nevada law allows you to opt out of the sale of personal information. We do not sell personal information as defined by Nevada law.
17.3 Other US States
We comply with applicable state privacy laws including:
Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
18. Special Categories of Data
We do not intentionally collect sensitive personal data including:
Racial or ethnic origin
Political opinions
Religious beliefs
Health data
Biometric data
Sexual orientation
If you provide such data, you consent to our processing of it in accordance with this Privacy Policy and applicable law.
19. Automated Decision-Making
We may use automated systems for:
Fraud detection
Account security monitoring
Message quality assessment
Usage pattern analysis
You have the right to:
Request human review of automated decisions
Express your point of view
Contest the decision
20. Data Accuracy
You are responsible for:
Providing accurate information
Updating information when it changes
Notifying us of inaccuracies
We rely on you to keep your information current and accurate.
Acknowledgment
BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.
Last Updated: January 14, 2026
Version: 1.0
Appendix: Data Processing Details
Categories of Personal Data Processed
Identity data (name, username)
Contact data (email, phone, address)
Financial data (payment methods, transaction history)
Technical data (IP address, device info, cookies)
Usage data (platform interactions, preferences)
Communication data (messages, support inquiries)
Purposes of Processing
Service delivery and account management
Payment processing and billing
Customer support
Platform improvement and analytics
Marketing and communications (with consent)
Legal compliance and security
Legal Bases
Contract performance
Legitimate interests
Legal obligations
Consent (where required)
Recipients
Meta/WhatsApp
Payment processors
Cloud service providers
Analytics providers
Support systems
Legal advisors (when necessary)
Retention Periods
Account data: Active period + 90 days
Financial records: 7 years
Message logs: 90 days
Marketing data: 3 years post-withdrawal
International Transfers
Data may be transferred globally
Appropriate safeguards in place (SCCs)
Compliance with transfer requirements