📄 Legal

Privacy Policy

We are committed to protecting your personal information and your right to privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

Effective Date1 January 2025
Last Updated28 February 2026
Applies Towafity.com & dashboard.wafity.com

👋 1. Overview

Welcome to Wafity ("we", "our", or "us"). Wafity is a WhatsApp Cloud API-based messaging platform that enables businesses to send campaigns, automate conversations, and manage customer interactions via WhatsApp.

This Privacy Policy applies to all users of our website at wafity.com and our platform at dashboard.wafity.com. By using Wafity, you agree to the collection and use of information in accordance with this policy.

â„šī¸

Important: Wafity operates on Meta's Official WhatsApp Cloud API. This means your WhatsApp Business account, phone number, and messaging activity are also governed by Meta's Business Policy and WhatsApp's Privacy Policy.

📋 2. Data We Collect

We collect different types of information depending on how you interact with Wafity.

2.1 Account & Registration Data

When you create a Wafity account, we collect:

  • Full name and email address
  • Company name and business details
  • Password (stored in encrypted form)
  • Billing and payment information (processed securely via our payment provider)
  • WhatsApp Business Account ID and associated phone numbers you connect to Wafity

2.2 Usage & Platform Data

As you use the Wafity platform, we collect:

  • Campaign names, message templates, and content you create
  • Contact lists and phone numbers you upload or manage
  • Chat conversations handled through the Wafity inbox
  • Flow Maker configurations and chatbot logic you build
  • Reminder and scheduling configurations
  • Feature usage patterns and in-app activity logs

2.3 Technical & Device Data

We automatically collect certain technical information when you access our platform:

  • IP address and approximate location (country/city level)
  • Browser type and version
  • Operating system
  • Pages visited and time spent on the platform
  • Referring URLs
  • Session identifiers and access timestamps

2.4 Contact Form Data

When you submit our contact form at wafity.com, we collect your name, email address, company, and the content of your message.

2.5 End-User Data (Your Customers)

When you use Wafity to message your customers via WhatsApp, we process data about your end users (phone numbers, message content, delivery and read status) on your behalf. You are the data controller for this data; we act as the data processor.

âš ī¸

You are responsible for ensuring you have the lawful right to contact your customers on WhatsApp and that you comply with applicable data protection laws when uploading contact lists to Wafity.

âš™ī¸ 3. How We Use Your Data

PurposeData UsedLegal Basis
Providing the Wafity platform and its featuresAccount data, usage dataContract performance
Processing payments and managing subscriptionsBilling data, emailContract performance
Sending transactional emails (receipts, alerts, password resets)Email addressContract performance
Customer support and responding to inquiriesContact form data, account dataLegitimate interest
Platform security, fraud prevention, and abuse detectionTechnical data, usage logsLegitimate interest
Product analytics and improving platform featuresUsage data, technical dataLegitimate interest
Sending product updates and marketing communicationsEmail addressConsent (opt-out anytime)
Legal compliance and enforcing our termsAll relevant dataLegal obligation

đŸ’Ŧ 4. WhatsApp & Meta

Wafity is built exclusively on the Official WhatsApp Cloud API provided by Meta Platforms, Inc. This means:

  • All WhatsApp messages sent through Wafity are transmitted via Meta's infrastructure.
  • Your WhatsApp Business Account credentials (phone number, WABA ID, access token) are stored securely and used solely to authenticate API requests on your behalf.
  • Message delivery, read receipts, and conversation data flow between your account and Meta's servers. We do not intercept or modify this communication.
  • Meta may retain message metadata and content in accordance with their own privacy policy. We encourage you to review WhatsApp's Privacy Policy.
  • WhatsApp message costs are billed directly by Meta to your Meta Business account. Wafity does not have access to your Meta payment details.
🔒

We never store the plaintext content of WhatsApp messages on our servers beyond what is necessary to display them in the Wafity inbox and generate analytics. Message content in the inbox is encrypted at rest.

🤖 5. AI & Third-Party Services

Wafity integrates with several third-party services to deliver AI-powered features. When you use these features, relevant data may be transmitted to these providers:

5.1 OpenAI

AI features including message translation, chat summarization, message style rewriting, AI chatbots, and LLM Flow Maker nodes are powered by OpenAI's API. When you use these features, the relevant message content or prompt is sent to OpenAI for processing. OpenAI processes this data in accordance with their Privacy Policy. We use OpenAI's API in a manner that does not allow OpenAI to use your data to train their models by default (API usage is excluded from training data per OpenAI's policy).

5.2 Voiceflow

If you use the Voiceflow integration, your AI agent configurations and conversation data may be processed by Voiceflow's platform. Please refer to Voiceflow's Privacy Policy for details.

5.3 Other Integrations

Wafity supports integrations with third-party services via REST API and Webhooks (including Slack, Google, Shopify, and others). When you configure these integrations, data flows between Wafity and those services based on your configuration. We are not responsible for the privacy practices of third-party services you choose to integrate.

5.4 Analytics & Infrastructure

  • Amazon Web Services (AWS): Our platform infrastructure is hosted on AWS. Data may be stored in AWS data centers.
  • Payment Processor: Payment information is handled by our payment provider and is never stored on Wafity's servers in plaintext.

đŸĒ 6. Cookies

We use cookies and similar tracking technologies on our website and platform. Here is what we use:

Cookie TypePurposeDuration
EssentialRequired for login sessions, authentication, and platform functionality. Cannot be disabled.Session / 30 days
PreferenceRemember your settings and preferences within the platform (e.g., language, UI layout).1 year
AnalyticsHelp us understand how users interact with the platform so we can improve it. Data is aggregated and anonymized.90 days
MarketingUsed on the marketing website (wafity.com) to measure campaign effectiveness. You can opt out.30–90 days

You can control cookie preferences through your browser settings. Disabling essential cookies may impact platform functionality.

🤝 7. Data Sharing

We do not sell your personal data. We do not share your data with third parties for their own marketing purposes. We may share data in the following limited circumstances:

  • Service Providers: We share data with trusted vendors who help us operate Wafity (hosting, payment processing, email delivery, analytics). These providers are contractually bound to protect your data and use it only for the services they provide to us.
  • AI Providers: As described in Section 5, certain data is processed by OpenAI and other AI providers when you use AI features.
  • Meta / WhatsApp: As described in Section 4, messaging data is transmitted via Meta's WhatsApp Cloud API infrastructure.
  • Legal Requirements: We may disclose data if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Wafity, our users, or the public.
  • Business Transfers: If Wafity is acquired, merged, or sold, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

đŸ—“ī¸ 8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account data is retained for the duration of your subscription and for up to 90 days after account deletion, after which it is permanently removed.
  • Message and conversation data is retained for the duration of your subscription. You may delete conversations from the inbox at any time.
  • Contact lists are retained until you delete them or close your account.
  • Campaign and analytics data is retained for up to 24 months to allow historical reporting.
  • Billing records are retained for up to 7 years as required by applicable tax and financial regulations.
  • Logs and technical data are retained for up to 12 months for security and debugging purposes.

🔐 9. Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of sensitive data at rest
  • Strict access controls and role-based permissions within our team
  • Regular security assessments and vulnerability testing
  • Secure credential storage using industry-standard hashing
  • Infrastructure hosted on AWS with enterprise-grade security controls

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong password and to contact us immediately if you suspect unauthorised access to your account.

✅ 10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (subject to legal retention obligations).
  • Right to Restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing of your data where we rely on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g., marketing emails).

To exercise any of these rights, please contact us at privacy@wafity.com. We will respond within 30 days. We may need to verify your identity before processing your request.

đŸ‘ļ 11. Children's Privacy

Wafity is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

🔄 12. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify registered users via email at least 14 days before the changes take effect
  • Display a prominent notice on the platform dashboard

Continued use of Wafity after changes take effect constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

📩 13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

Privacy Team – Wafity

We take all privacy inquiries seriously and aim to respond within 30 days.

📧 Email: privacy@wafity.com
🌐 Website: wafity.com
đŸ’Ŧ Dashboard: dashboard.wafity.com