Privacy Policy

1. Overview

WAchat provides onboarding, automation, and customer messaging tools for businesses using the WhatsApp Business Platform. This policy explains how we collect, use, retain, disclose, and delete information when businesses, administrators, and end users interact with our services.

2. Information we collect

We may collect account information such as name, business name, email address, phone number, role, billing or support details, and authentication identifiers. When a business uses Embedded Signup, we may process business asset identifiers, WhatsApp Business Account IDs, phone number IDs, template metadata, webhook events, message status metadata, and access tokens required to provide the service.

3. WhatsApp and Meta data

We use data received from Meta only to provide requested WhatsApp Business Platform services. We do not sell WhatsApp user data or use it for unrelated advertising or profiling.

whatsapp_business_management: Used to read WABA and phone number IDs after Embedded Signup, manage message templates on the client's behalf, and subscribe to webhook events. Data is stored only within the authorized client's isolated workspace.

whatsapp_business_messaging: Used to send approved template messages to customers who have opted in to receive communications from the authorized business. Message delivery metadata (status, timestamp) is retained for support and audit purposes only.

4. Message content

Depending on customer configuration, WAchat may process template content, message metadata, delivery status, and customer replies needed to operate support workflows. Businesses are responsible for obtaining valid opt-in and complying with WhatsApp Business Messaging policies and applicable law.

5. Sharing

We share information with service providers that help us host, secure, support, and operate WAchat. We may disclose information if required by law, to protect rights and security, or with the business customer's instructions.

6. Retention and deletion

We retain information only as long as needed for service delivery, legal obligations, security, billing, dispute resolution, and audit requirements. Customers can request deletion through our Data Deletion Instructions.

7. Security

We use administrative, technical, and organizational measures designed to protect information, including access controls, encrypted transport, secret management, and operational logging. No online service can guarantee absolute security.

8. Contact

Privacy requests can be sent to privacy@serves.in.