Privacy Policy

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service, including:

• Account Information: Account name, email address, password, and profile information when you register for an account.
• Contact / Lead Data: Phone numbers, names, email addresses, tags, addresses, websites, and notes that you upload to your contact list — either manually, via CSV import, or through our API. You represent that you have a lawful basis (consent, legitimate interest, or other applicable legal ground) to message every contact you upload.
• Meta WhatsApp Business Credentials: Phone Number ID, WhatsApp Business Account ID, App ID, Access Token, and App Secret. Access Token and App Secret are encrypted at rest using AES-256-GCM and are used only at message send time and webhook verification time.
• Template Content: The message templates you submit to Meta for approval through our interface, including any variables, header media, and footer text.
• Campaign Data: Campaign names, audience selection (by tags), variable values, scheduled times, and per-recipient message status.
• Communication Data: Messages, feedback, and correspondence with us or through the Service.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

• Device Information: Device type, operating system, browser type, and unique device identifiers.
• Log Data: IP address, access times, pages viewed, and actions taken within the Service.
• Usage Information: Features used, interactions with the Service, and session duration.
• Location Information: General geographic location based on IP address.

2.3 Data Received from Meta (WhatsApp Cloud API)

When you connect your WhatsApp Business Account to Wamafy, we receive the following information from Meta to provide the Service:

• Business profile data (verified name, display phone number, quality rating).
• Template metadata (status, category, language, body and header text) when you sync templates from Meta.
• Delivery and read receipts for messages you send through the Service, delivered to our webhook endpoint as users receive and view your messages.

We do not receive or store the content of inbound messages from your recipients unless and until two-way conversation features are enabled in a future release. You may disconnect your WhatsApp Business Account from Wamafy at any time via the Settings page.

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. These technologies help us:

• Remember your login status and preferences.
• Analyze usage patterns and improve the Service.
• Verify CAPTCHA challenges (Cloudflare Turnstile).

You can control cookie settings through your browser. However, disabling cookies may affect the functionality of the Service.

4.1 With Service Providers

We engage third-party service providers to perform functions on our behalf. These providers have access to your information only to perform their specific tasks and are obligated to protect your data:

4.2 Account Boundaries

Wamafy is designed for multi-tenant use. Each account's contact lists, templates, campaigns, and message history are isolated and not shared with any other account. We (as platform operators) can access account data for support, maintenance, and legal compliance purposes only.

4.3 Legal Requirements and Government Requests

We may disclose your information if required to do so by law or in response to:

• Valid legal processes such as court orders or subpoenas.
• Requests from government authorities.
• Protection of our rights, privacy, safety, or property.
• Prevention of fraud or other illegal activities.

We are committed to protecting user data against unlawful or overbroad requests. Our handling of any request from a public authority for personal data is governed by the following principles:

• Legality review: Every request is reviewed against applicable law and verified to originate from a competent authority through valid legal process before any disclosure is made. Verbal or informal requests are refused.
• Right to challenge: Requests we consider unlawful, overbroad, or lacking valid legal basis are challenged through legal counsel before any data is shared.
• Data minimization: When disclosure is legally required, we provide only the minimum data specifically named in the legal process. We do not disclose broader account data and push back on requests we consider disproportionate.
• Documentation: Each request, including the requesting authority, the legal basis, our internal review, the response provided, and any data disclosed, is documented and retained in accordance with our records-retention policy.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

7.1 Access and Portability

You can access and export your contact lists, templates, and campaign data through the Service or by contacting us.

7.2 Correction

You can update or correct your account information and contact data at any time through the Service.

7.3 Deletion

You can request deletion of your account and associated data by following the instructions on our Delete Account page. Note that some information may be retained as required by law.

7.4 Opt-Out

Your recipients can opt out of receiving WhatsApp messages from your account either directly through WhatsApp (block the sender) or by replying STOP — once flagged, you must honor that opt-out under Meta's WhatsApp Business Policy. We surface opted-out leads and exclude them from future campaigns automatically.

7.5 Cookie Preferences

You can manage cookie preferences through your browser settings.