Privacy Policy

This Privacy Policy explains how WhatsApp AI Sales("we," "us") collects, uses, stores, and shares information when you use the WhatsApp AI Saleswebsite, dashboard, and WhatsApp automation features (the "Service").

This policy should be read with our Terms of Service. If you use the Service on behalf of a business, you represent that you have authority to accept this policy for that business.

Business users (you): When you connect WhatsApp and message your customers, you are usually the data controllerfor your customers' personal data (phone numbers, names, message content, order details).

WhatsApp AI Sales (us): We process data on your behalf as a data processor to provide inbox storage, AI replies, orders, activity logs, blacklist, and follow-ups. You are responsible for having a lawful basis to message customers and for your own customer-facing privacy notice.

Meta / WhatsApp: Meta processes data under its own policies when you use WhatsApp Cloud API. See WhatsApp Business Privacy Policy.

When you sign up, connect Meta, or use the dashboard, we may collect:

• Business profile: business name, business type, country.
• WhatsApp connection data: phone number ID, WhatsApp Business Account ID, display phone number, and Meta access token associated with your connection (stored in our database for session and API routing; outbound sends may use a server-configured system token as described in our technical documentation).
• Catalog data: product names, descriptions, prices, discounts, bargaining floors, quantities, colors, and product images (stored in our database, including as encoded image data).
• AI configuration: custom AI instruction text, reply tone settings, and optional per-business API keys if you provide them.
• Dashboard usage: orders you create or that the system records from chat, completed orders, blacklist entries, and activity events.
• Browser session:after Meta login, identifiers such as access token and phone number ID may be stored in your browser's local storage to authenticate dashboard API requests.
• Support communications if you contact us.

When customers message your connected WhatsApp number, we may process:

• WhatsApp user ID and profile name (when provided by Meta webhooks).
• Message text and message type (inbound and outbound).
• Timestamps, delivery/read status where available, and direction (customer vs business).
• Data inferred for features: product interest, order or delivery details, discount negotiation context, and whether a contact is blacklisted.

This data is stored in our application database (MySQL) to power the inbox, AI context, orders, and automation. We do not sell customer message content to third parties for their own marketing.

We use information to:

• Provide, maintain, and secure the Service.
• Route inbound WhatsApp webhooks to the correct business account.
• Generate and send AI-assisted and scheduled follow-up WhatsApp messages.
• Display chats, orders, products, and activity in your dashboard.
• Enforce blacklist rules and prevent abuse.
• Improve reliability, debug errors, and comply with law.
• Communicate with you about the Service.

Legal bases (where GDPR or similar laws apply): performance of our contract with you; legitimate interests in operating and securing the Service; compliance with legal obligations; and, where required, your consent (e.g. for optional marketing from us to you—not for your end-customer campaigns, which you control).

To generate replies, we send relevant context to Anthropic (Claude models), which may include recent message history, product catalog excerpts, your AI instructions, and pricing rules. Anthropic processes this data under its terms and privacy policy as a sub-processor.

We configure the Service to use an API key from server environment variables and/or a key you optionally store on your business record. Do not share API keys publicly. We take steps to avoid sending unnecessary personal data in prompts, but message content may include customer identifiers and order details.

See Anthropic's Privacy Policy.

We may share information with:

• Meta / WhatsApp — to send and receive messages via the Cloud API.
• Anthropic — for AI-generated responses as described above.
• Infrastructure providers — hosting and database services that store encrypted data in transit (HTTPS) and at rest according to provider capabilities.
• Professional advisers or authorities — when required by law or to protect rights and safety.
• Business transfers — in connection with a merger, acquisition, or asset sale, with notice where required.

We do not sell your personal information for cross-context behavioral advertising.

We use administrative, technical, and organizational measures appropriate to the Service (access controls, HTTPS, secured credentials in environment configuration, etc.). No method of transmission or storage is 100% secure.

We retain business and message data while your account is active and as needed for legal, dispute, or backup purposes. You may request deletion subject to limitations (e.g. logs we must keep for security or law). Customer data deletion requests from individuals should generally be directed to you as controller; we will assist where required by law and our agreement with you.

Depending on your location, you may have the right to:

• Access, correct, or delete personal data we hold about you as a business user.
• Object to or restrict certain processing.
• Data portability.
• Withdraw consent where processing is consent-based.
• Lodge a complaint with a supervisory authority.

To exercise rights, email privacy@whatsappsales.app. We may verify your identity. For customer data, contact your seller (the business) first; we can support them on your request where applicable.

You can clear browser local storage and disconnect Meta to end dashboard sessions. Disconnecting does not automatically delete all server-side records until you request deletion or we apply retention policies.

We and our subprocessors may process data in countries other than yours. Where required, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for transfers from the EEA, UK, or other regions with transfer restrictions.

The Service is for businesses and is not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect children's personal data through the Service.

We use essential technologies to operate the site (e.g. session-related storage). Third-party scripts such as the Meta JavaScript SDKmay set cookies or similar identifiers when you use "Continue with WhatsApp" on sign-in or get-started flows. See Meta's cookie and privacy documentation for details.

We may update this Privacy Policy. We will post the new version with an updated date. Material changes may be notified via the Service or email where appropriate.

Contact:
Privacy: privacy@whatsappsales.app
Support: support@whatsappsales.app
Contact form