Privacy Policy

Effective date: June 15, 2026

This Privacy Policy describes how WhatsappAutomate(“we”, “us”, “our”) collects, uses, stores, and shares information when you use our WhatsApp automation platform (the “Service”). By using the Service you agree to the terms described below.

1. Who this policy covers

We collect two kinds of data, and this policy covers both:

  • Business users — the people and businesses that sign up for WhatsappAutomate to automate their WhatsApp conversations.
  • End customers— the individuals who message a business on WhatsApp and whose messages are processed by our AI on the business's behalf.

2. Information we collect from business users

  • Account information: name, email address, business name, industry, and password (hashed).
  • WhatsApp credentials: Meta WhatsApp Business phone number ID, display number, and access token, which you voluntarily provide in Settings to enable message processing.
  • Configuration: AI persona name, tone, language preference, and any custom system prompt you configure.
  • Usage data: log records of dashboard activity, message counts, and feature usage.
  • Billing information: for paid plans, billing handled by our payment processor — we never store full card details.

3. Information we collect from end customers

  • WhatsApp identifiers: phone number (in E.164 format) and WhatsApp profile name as supplied by Meta.
  • Message content: the text content of inbound messages sent to a business that uses WhatsappAutomate, and outbound replies generated by our AI or sent by the business owner.
  • Extracted attributes: structured data inferred by our AI from the conversation, such as budget, area of interest, intent, and qualification stage, used to help the business respond.

4. How we use the information

  • To operate the Service — route messages, generate AI replies, and surface leads to the business.
  • To provide a dashboard showing conversation history and extracted lead data to the business that owns those conversations.
  • To improve product quality, fix bugs, and monitor abuse.
  • To send transactional emails (account verification, billing receipts, security notifications).
  • To comply with legal obligations and respond to lawful requests.

We do not sell personal data to third parties. We do not use end-customer message content to train AI models.

5. Third-party services we share data with

We share the minimum data needed to provide the Service with these sub-processors:

  • Meta Platforms, Inc.— to send and receive messages via the WhatsApp Cloud API. Messages and metadata are routed through Meta's infrastructure under their own policies (WhatsApp Privacy Policy).
  • Google LLC (Gemini API)— message content is sent to Google's Gemini model to generate replies and extract structured data. Google does not use this content for model training (Gemini API Terms).
  • Supabase Inc. — hosts our Postgres database containing all account, conversation, and lead data, with row-level security enforced per business tenant.
  • Vercel Inc. — hosts our application code and serves web traffic.

6. Data retention

  • Account data is retained for the lifetime of your account.
  • Conversations and leads are retained while the originating business account is active.
  • Upon account deletion, your data and all end-customer data tied to your account is permanently deleted within 30 days, except where retention is required by law.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your account and associated data.
  • Export your conversation and lead data in a machine-readable format.
  • Withdraw consent for processing where consent is the legal basis.

To exercise any of these rights, email us at muaz.developments@gmail.com. We respond within 30 days.

8. How to delete your data

Business owners can delete their account at any time from Settings → Danger zone → Delete account. This permanently removes all data associated with the account, including conversations and leads, within 30 days. To request deletion of end-customer data outside of the dashboard, contact the business that owns those conversations or email us at muaz.developments@gmail.com.

9. Security

We use industry-standard practices to protect your data: HTTPS for all traffic, encrypted credential storage, row-level security in our database, and signed webhook payloads. No system is perfectly secure, so we encourage you to use a strong password and enable multi-factor authentication where available.

10. International data transfers

Your data may be processed in countries other than your own, including the United States and the European Union. We rely on standard contractual safeguards offered by our sub-processors.

11. Children

Our Service is not intended for individuals under the age of 16. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us so we can delete it.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page and, for material changes, send a notice to your account email at least 30 days in advance.

13. Contact

Questions about this policy? Email muaz.developments@gmail.com or visit our contact page.