Legal

Privacy Policy

Last updated: June 23, 2026

This Privacy Policy explains how Wasparks, Inc. (“Wasparks,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our multi-tenant WhatsApp Business messaging platform and related websites, applications, and services (collectively, the “Services”).

1. Introduction

Wasparks provides software that enables businesses to send, receive, automate, and manage customer conversations over the WhatsApp Business Platform. We take the privacy and security of personal information seriously and are committed to handling it transparently and in accordance with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), where applicable.

This Policy applies to information we process as a data controller — for example, information about our website visitors, account holders, and prospective customers — and explains, separately, how we act as a data processor when handling end-customer messaging data on behalf of our business customers (see Section 5).

By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Services.

2. Information We Collect

We collect the following categories of information:

  • Account data. When you register, we collect your name, business name, work email address, phone number, role, hashed password, and account preferences.
  • Usage data. We automatically collect log and device information such as IP address, browser type, operating system, pages and features accessed, referring URLs, and timestamps, in order to operate and secure the Services.
  • WhatsApp message data & metadata. On behalf of our business customers, we process message content and metadata transmitted through the WhatsApp Business API — including sender and recipient phone numbers, message status (sent, delivered, read), message and template identifiers, and timestamps — strictly to deliver the messaging functionality our customers configure.
  • Payment information. Billing is handled by our third-party payment processor. We do not store full payment-card numbers; we retain limited billing records such as plan, invoices, billing contact, and the last four digits and expiry of a card for reconciliation and fraud prevention.

3. How We Use Information

We use the information described above for the following purposes:

  • Service delivery. To provide, maintain, and operate the Services, authenticate users, route and deliver messages, and provide customer support.
  • Security & fraud prevention. To monitor for, detect, investigate, and prevent fraudulent, abusive, or unauthorized activity and to protect the integrity of the Services.
  • Analytics & improvement. To understand how the Services are used, diagnose problems, and develop new features and improvements. We rely on aggregated and de-identified data wherever possible.
  • Legal compliance. To comply with applicable laws, regulations, and lawful requests, to enforce our agreements, and to establish, exercise, or defend legal claims.

We do not use the content of customer messages transmitted through the WhatsApp Business API for advertising or to train generative-AI models, and we do not sell personal information.

4. Data Sharing

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.

We share information only in the limited circumstances below:

  • WhatsApp / Meta. To deliver messaging functionality, certain data is transmitted to Meta Platforms, Inc. through the WhatsApp Business API, as required by and subject to Meta’s terms and policies.
  • Service providers (subprocessors). We engage vetted vendors — such as cloud hosting, payment processing, and analytics providers — who process data on our behalf under written contracts that require appropriate confidentiality and security safeguards.
  • Legal authorities. We may disclose information to courts, law-enforcement, or government authorities where we are legally required to do so or where disclosure is reasonably necessary to protect rights, safety, or the integrity of the Services.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, information may be transferred subject to standard confidentiality protections and the terms of this Policy.

5. WhatsApp & Meta Data

Wasparks is an independent software provider built on the official WhatsApp Business Platform. When our business customers use the Services to communicate with their own end-customers, those messages are transmitted through Meta’s WhatsApp Business API.

With respect to that messaging data, our business customers act as the data controller and Wasparks acts as a data processor, processing the data solely on the customer’s documented instructions and only as necessary to provide the Services. We do not use WhatsApp message content for our own purposes, for advertising, or to build user profiles.

Our access to and use of information obtained through the WhatsApp Business API is further governed by Meta’s Platform Terms, the WhatsApp Business Solution Terms, and applicable developer policies. If you are an end-customer of a business that uses Wasparks and have questions about how your messages are handled, please contact that business directly, as they determine the purposes of that processing.

6. Data Security

We maintain administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit using TLS, and encryption of data at rest;
  • Role-based access controls and the principle of least privilege, with tenant-level data isolation;
  • Comprehensive audit logging of access and administrative actions;
  • Regular security reviews, vulnerability management, and an incident-response process.

No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law:

  • Account data is retained for the duration of your account and for a limited period after closure to meet legal, accounting, and audit obligations.
  • Message data and metadata processed on behalf of customers is retained according to each customer’s configuration and instructions, and is deleted or returned upon termination of the customer relationship, subject to legal requirements.
  • Usage logs are retained for a limited period for security and operational purposes, after which they are deleted or aggregated.
  • Backups may persist for a short, rolling window before being overwritten in the ordinary course of operations.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you and request a copy;
  • Correct inaccurate or incomplete information;
  • Delete your personal information, subject to legal exceptions;
  • Export / port your data in a structured, machine-readable format;
  • Object to or restrict certain processing, and to withdraw consent where processing is based on consent.

To exercise these rights, contact us using the details in Section 11. We will respond within the timeframes required by applicable law. If your data is processed by a business that uses Wasparks (i.e., where we act as a processor), please direct your request to that business, and we will assist them as needed.

9. Cookies

We use cookies and similar technologies to operate and improve the Services:

  • Essential cookies are required for authentication, security, and core functionality.
  • Preference cookies remember your settings and choices to personalize your experience.
  • Analytics cookies help us understand usage so we can improve the Services.

You can control cookies through your browser settings and, where required, through our cookie-consent banner. Disabling certain cookies may affect the functionality of the Services.

10. Children’s Privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from individuals under the age of 16 (or the age required by applicable local law). If we become aware that we have inadvertently collected such information, we will take reasonable steps to delete it promptly. If you believe a minor has provided us with personal information, please contact us using the details below.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact our privacy team. We may update this Policy from time to time; when we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice.

Privacy inquiries
privacy@wasparks.com
Mailing address
Wasparks, Inc. · Malviya Nagar, Jaipur, India