Privacy Policy

Account & profile data

When you sign up we collect your name, work email, phone number, country, timezone, password (hashed via bcrypt), and any profile photo you upload.

Workspace & operational data

To deliver the Service we process: workspace name, connected WhatsApp numbers, broadcast templates, flow definitions, contact lists, team-member emails and roles, billing details, and audit-log events.

Customer message data

WhatsApp Marketing Automation stores the messages, attachments, and metadata that flow through your workspace. You are the data controller for this content; we act as a processor under our DPA.

Usage & telemetry

Anonymous usage events (page views, feature clicks, performance metrics) and standard server logs (IP address, browser type, request time) are captured for security and product improvement.

We use the data we collect to:

• Provide, maintain, and improve the Service
• Process payments, send invoices, and manage your subscription
• Respond to support requests and security incidents
• Detect, prevent, and address abuse, fraud, and security threats
• Send transactional emails (receipts, security alerts, product updates you opted into)
• Comply with legal obligations including tax, accounting, and law-enforcement requests

We never sell your data or your customers' data.

We share data only in these limited circumstances:

• Sub-processors — AWS (hosting), Stripe (payments), SendGrid (email), Anthropic + OpenAI (AI features, redacted of PII). Full list at legal/subprocessors.
• Meta WhatsApp Cloud API — to dispatch messages on your behalf.
• Legal requirements — subpoenas, court orders, or to protect rights, safety, and integrity.
• Business transfers — in the event of a merger, acquisition, or sale of assets, with prior notice.

We use first-party cookies for session management, security, and analytics. We do not use cross-site advertising cookies. Detailed list in our Cookie Policy.

We retain personal data for as long as your account is active. After account termination:

• Customer data: exportable for 30 days, then deleted within 90 days
• Audit logs: 7 years for Scale plans (regulatory) or 12 months (other plans)
• Invoices & billing records: 10 years (tax law requirement)
• Backups: encrypted, fully purged within 90 days

We implement industry-standard safeguards:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• SOC 2 Type II certified (audited annually)
• ISO 27001 certified
• Mandatory 2FA for all staff with production access
• Quarterly third-party penetration testing
• Bug bounty program — report to security@wadesk.io

Depending on your jurisdiction (GDPR, CCPA, India DPDP Act 2023) you may have rights to:

• Access — request a copy of personal data we hold about you
• Rectification — correct inaccurate information
• Erasure — request deletion ("right to be forgotten")
• Portability — export data in a machine-readable format
• Objection — opt out of certain processing
• Withdraw consent — for any consent-based processing

Email privacy@wadesk.io to exercise any right. We respond inside 30 days.

Customer data is hosted in the region you select (EU, US, or India on Scale plans). Where data crosses borders we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary measures for adequate protection.

WhatsApp Marketing Automation is a business tool not intended for users under 18. We do not knowingly collect data from children. If you believe we have, email privacy@wadesk.io.

Material changes to this Privacy Policy will be notified by email at least 30 days before they take effect. The "Updated" date at the top reflects the latest revision.

Data Protection Officer: privacy@wadesk.io

EU Representative: eu-rep@wadesk.io

Mailing address: WaDesk, Inc. · 42 Cubbon Park Road, Bengaluru 560001, India