PRIVACY POLICY

Last Updated: September 30, 2025
Effective Date: September 30, 2025

1. INTRODUCTION AND SCOPE

This Privacy Policy ("Policy") governs the collection, use, processing, storage, and disclosure of personal information by wa.sendpk.com ("we," "us," "our," or "Company") in connection with our WhatsApp Business messaging services (the "Services") provided through our website and platform.

By accessing or using our Services, creating an account, or providing us with your personal information, you ("you," "your," or "User") acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein.

IMPORTANT: Our Services operate as an authorized WhatsApp Business Solution Provider under Meta Platforms, Inc. ("Meta"). We comply with Meta's Business Terms, WhatsApp Business Policy, and applicable data protection regulations including GDPR, CCPA, and other regional privacy laws.

2. DEFINITIONS

For purposes of this Policy:

  • "Personal Information" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
  • "Services" refers to our WhatsApp Business messaging platform and related services.
  • "End Users" means the recipients of messages sent through our Services.
  • "Data Controller" means the entity that determines the purposes and means of processing personal data.
  • "Data Processor" means the entity that processes personal data on behalf of the Data Controller.

3. DATA CONTROLLER AND PROCESSOR RELATIONSHIP

In providing the Services:

  • You (the Client) act as the Data Controller for End User data that you upload, transmit, or process through our Services.
  • We (the Company) act as a Data Processor, processing personal data on your behalf and in accordance with your instructions.
  • For Your Account Data: We act as the Data Controller for information you provide during account registration and service usage.

4. INFORMATION WE COLLECT

4.1 Information You Provide Directly

Category Data Types Purpose
Account Information Full name, business name, email address, phone number, postal address, company registration details Account creation, identity verification, service delivery
Authentication Data Username, password (encrypted), security questions, two-factor authentication codes Account security and access control
Payment Information Billing name, address, credit/debit card details, bank account information, transaction history Payment processing and billing
Business Verification Documents Business licenses, tax identification numbers, incorporation documents Compliance verification, fraud prevention
Communication Data Support tickets, email correspondence, chat transcripts, feedback forms Customer support and service improvement

4.2 Message and Campaign Data

  • Recipient phone numbers and contact information
  • Message content, templates, and media files
  • Delivery status, timestamps, and read receipts
  • Campaign performance metrics and analytics
  • Opt-in and opt-out records

4.3 Automatically Collected Information

  • Technical Data: IP address, browser type, device information, operating system, unique device identifiers
  • Usage Data: Login times, feature usage, navigation patterns, API calls, interaction data
  • Performance Data: System logs, error reports, diagnostic information
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies (see Section 10)

4.4 Information from Third Parties

  • Data from Meta/WhatsApp regarding message delivery and account status
  • Payment verification from financial institutions
  • Business verification data from third-party verification services
  • Marketing data from authorized third-party sources

5. LEGAL BASIS FOR PROCESSING

We process your personal information based on the following legal grounds:

  1. Contractual Necessity: Processing necessary to perform our contract with you and deliver the Services.
  2. Consent: Where you have provided explicit consent for specific processing activities.
  3. Legitimate Interests: For business operations, fraud prevention, security, and service improvement, where such interests are not overridden by your privacy rights.
  4. Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  5. Vital Interests: To protect the vital interests of any person.

6. HOW WE USE YOUR INFORMATION

6.1 Service Delivery and Operations

  • Provide, maintain, and deliver our WhatsApp messaging Services
  • Process and facilitate message transmission through WhatsApp Business API
  • Manage your account and authenticate access
  • Process payments and maintain billing records
  • Generate delivery reports and analytics

6.2 Communication and Support

  • Respond to inquiries and provide customer support
  • Send service-related notifications, updates, and alerts
  • Provide technical assistance and troubleshooting
  • Send administrative messages regarding account or policy changes

6.3 Security and Compliance

  • Verify identity and prevent fraud
  • Detect and prevent abuse, spam, or policy violations
  • Ensure compliance with WhatsApp Business Policy and Meta's Terms
  • Maintain system security and integrity
  • Investigate and address security incidents

6.4 Business Operations and Improvement

  • Analyze usage patterns and service performance
  • Conduct research and development for service enhancement
  • Generate aggregated, anonymized statistics and insights
  • Personalize and improve user experience
  • Train and improve our systems and algorithms

6.5 Marketing (With Consent)

  • Send promotional materials about new features or services
  • Conduct surveys and market research
  • Provide information about special offers or updates

Note: You may opt out of marketing communications at any time using the unsubscribe mechanism provided.

7. INFORMATION SHARING AND DISCLOSURE

7.1 Meta Platforms, Inc. and WhatsApp

We share necessary data with Meta and WhatsApp to facilitate message delivery through the WhatsApp Business API, in accordance with:

  • WhatsApp Business Terms of Service
  • Meta Business Tools Terms
  • WhatsApp Business Policy
  • Meta's Data Processing Addendum

7.2 Service Providers and Partners

We engage trusted third-party service providers who process personal information on our behalf:

  • Cloud Infrastructure Providers: For secure data storage and hosting
  • Payment Processors: For secure payment processing and fraud prevention
  • Authentication Services: For identity verification and security
  • Analytics Providers: For usage analytics and service improvement
  • Customer Support Tools: For help desk and support services

All service providers are contractually bound to protect your data and use it only for specified purposes.

7.3 Legal and Regulatory Disclosures

We may disclose personal information when required or permitted by law:

  • To comply with legal obligations, court orders, or subpoenas
  • To respond to lawful requests from government authorities
  • To enforce our Terms of Service and other agreements
  • To protect our rights, property, safety, or that of others
  • To prevent fraud, security threats, or illegal activities
  • In connection with legal proceedings or investigations

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity, subject to this Privacy Policy.

7.5 With Your Consent

We may share your information for purposes not described in this Policy with your explicit consent.

8. DATA SECURITY MEASURES

We implement comprehensive technical, administrative, and physical security measures to protect personal information:

8.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and least-privilege principles
  • Authentication: Multi-factor authentication (MFA) for account access
  • Network Security: Firewalls, intrusion detection/prevention systems, DDoS protection
  • Security Monitoring: 24/7 monitoring, logging, and threat detection

8.2 Administrative Safeguards

  • Regular security training for personnel
  • Strict confidentiality agreements with employees and contractors
  • Background checks for employees with data access
  • Incident response and data breach protocols
  • Regular security audits and assessments

8.3 Physical Safeguards

  • Secure data centers with controlled physical access
  • Environmental controls and disaster recovery systems
  • Video surveillance and access logs
IMPORTANT: While we implement industry-standard security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and promptly notifying us of any unauthorized access.

9. DATA RETENTION AND DELETION

9.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy:

  • Account Data: Duration of active account plus 3 years after account closure
  • Transaction Records: 7 years for tax and accounting purposes
  • Message Data: 90 days unless longer retention is required by you or by law
  • Communication Records: 5 years for support and legal purposes
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity
  • Technical Logs: 12 months for security and operational purposes

9.2 Data Deletion

Upon request or at the end of retention periods, we securely delete or anonymize personal information using industry-standard methods. Some data may be retained in anonymized form for analytics or as required by law.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to enhance your experience:

Cookie Type Purpose Duration
Essential Cookies Enable core functionality, authentication, security Session/1 year
Performance Cookies Monitor performance, analyze usage patterns 1-2 years
Functional Cookies Remember preferences and settings 1 year
Analytics Cookies Understand user behavior, improve services 2 years

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality.

11. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have the following rights regarding your personal information:

11.1 Access and Portability

  • Right to Access: Request copies of personal information we hold about you
  • Right to Data Portability: Receive your data in a structured, machine-readable format

11.2 Correction and Updates

  • Right to Rectification: Correct inaccurate or incomplete personal information
  • Update your account information directly through your account settings

11.3 Deletion and Restriction

  • Right to Erasure: Request deletion of your personal information (subject to legal obligations)
  • Right to Restriction: Limit how we process your personal information

11.4 Objection and Consent Withdrawal

  • Right to Object: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for marketing communications or specific processing activities

11.5 Automated Decision-Making

  • Right to Human Review: Contest decisions made solely by automated processing that significantly affect you

11.6 Lodge a Complaint

  • Right to Complain: File a complaint with your local data protection authority

To exercise these rights, contact us at: [email protected]

We will respond to verified requests within 30 days (or as required by applicable law).

12. INTERNATIONAL DATA TRANSFERS

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

  • Standard Contractual Clauses: EU-approved model clauses for international transfers
  • Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
  • Privacy Shield (where applicable): Compliance with recognized frameworks
  • Consent: Your explicit consent for specific transfers

13. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take immediate steps to delete such information. Parents or guardians who believe their child has provided us with personal information should contact us immediately.

14. COMPLIANCE WITH WHATSAPP BUSINESS POLICY

As a WhatsApp Business Solution Provider, we and our clients must comply with:

  • WhatsApp Business Policy: Including opt-in requirements, message categories, and content guidelines
  • WhatsApp Commerce Policy: For transactional and promotional messages
  • Meta Business Terms: Governing use of Business Tools
  • Prohibited Content: No spam, harassment, illegal content, or policy violations

Violations may result in service suspension or termination. You are responsible for ensuring your use complies with all applicable policies.

15. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, applications, or services not operated by us. This Privacy Policy does not apply to such third parties. We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will:

  • Post the updated Policy on our website with a revised "Last Updated" date
  • Notify you via email or through the Services for material changes
  • Provide advance notice where required by law
  • Obtain consent for material changes where necessary

Continued use of our Services after changes constitute acceptance of the updated Policy. We encourage you to review this Policy regularly.

17. CONTACT INFORMATION

For privacy-related inquiries, requests, or concerns:

Email: [email protected]
Data Protection Officer: [email protected]
Support: [email protected]
Mailing Address:
[Your Company Name]
[Street Address]
[City, State/Province, Postal Code]
[Country]

Response Time: We aim to respond to all inquiries within 48 hours and resolve requests within 30 days.

18. DISPUTE RESOLUTION

Any disputes arising from this Privacy Policy shall be governed by the dispute resolution mechanisms outlined in our Terms of Service. We are committed to resolving privacy concerns fairly and promptly.

19. GOVERNING LAW

This Privacy Policy shall be governed by and construed in accordance with the laws of [Your Jurisdiction], without regard to its conflict of law provisions, and subject to applicable international data protection laws including GDPR, CCPA, and other regional regulations.