Wappline

1. Introduction

Wappline ("we", "our", or "us") operates a multi-channel messaging platform that enables businesses to communicate with their customers through WhatsApp Business API, Instagram Messaging API, and other channels. This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use our services.

By using Wappline, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring transparency in our data practices.

2. Information We Collect

2.1 Account Information

Name, email address, and company information
Encrypted password (hashed using industry-standard bcrypt)
User role and permissions within your organization

2.2 WhatsApp Business Data

WhatsApp Business Account ID and phone number
Business profile information (name, description, category)
Access tokens (encrypted with AES-256)
Message metadata (timestamps, delivery status, message types)
Message content: WhatsApp Business API messages are transmitted securely via HTTPS. While end-user-to-end-user WhatsApp messages use end-to-end encryption (Signal protocol), messages sent via the Business API are accessible to Wappline as part of providing our service. We encrypt message content at rest in our database using AES-256 encryption.

2.3 Instagram Business Data

Instagram Business Account ID and username
Connected Facebook Page information
Access tokens (encrypted)
Message metadata and conversation data

2.4 Bitrix24 Integration Data

Bitrix24 domain and access credentials (encrypted)
Open Line configuration and message synchronization settings
Webhook configuration data

2.5 Usage Data

Platform usage analytics (features used, frequency of use)
Message volume and quota consumption
Error logs and system diagnostics
Browser type, IP address, and access timestamps

3. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery: To provide, maintain, and improve our messaging platform
Message Processing: To route and deliver messages through Meta's WhatsApp Business Platform and Instagram Messaging API
Authentication: To verify your identity and manage access to your account
Integration Management: To connect and synchronize data with Bitrix24 and other third-party services
Communication: To send service updates, security alerts, and administrative messages
Security: To detect, prevent, and respond to fraud, abuse, and security incidents
Compliance: To comply with legal obligations and enforce our Terms of Service
Analytics: To understand usage patterns and improve our service (aggregated, non-personally identifiable data)

4. Data Sharing and Third Parties

4.1 Meta Platforms (Data Processor)

We integrate with Meta's WhatsApp Business Platform and Instagram Messaging API. As a data processor, Meta:

WhatsApp Personal Messages: Personal WhatsApp messages between end-users use end-to-end encryption (Signal protocol)
WhatsApp Business API Messages: Messages sent via the Business API are transmitted securely via HTTPS but are not end-to-end encrypted from the business perspective. This allows businesses (like Wappline) to provide customer service features
Retains message metadata for up to 30 days for delivery purposes
Does not use your Business API message data for advertising purposes
Processes data in accordance with WhatsApp Business Policy and Meta Platform Terms

4.2 Bitrix24 Integration

If you connect Bitrix24, conversation and contact data may be synchronized with your Bitrix24 CRM instance according to your configuration.

4.3 Service Providers

We may share data with trusted service providers who assist in operating our platform, including:

Cloud hosting providers (data encryption at rest and in transit)
Analytics services (anonymized data only)
Security monitoring services

4.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

We do not sell your personal data to third parties.

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption: Sensitive data (access tokens, API credentials) is encrypted using industry-standard AES-256 encryption
Secure Transmission: All data is transmitted over HTTPS/TLS
Password Security: Passwords are hashed using bcrypt with salt
Multi-Tenant Isolation: Strict database-level isolation using Eloquent Global Scopes and unique constraints prevents cross-company data access
Access Controls: Role-based permissions restrict data access to authorized personnel only
Regular Security Audits: We conduct periodic security reviews and vulnerability assessments

While we strive to protect your data, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data is retained while your account is active and for a reasonable period after account closure
Active Messages: Message data is retained according to your configured retention settings
Account Deletion: After you delete your account, all data is permanently deleted within 30 days (see Section 8 for exceptions)
Legal Compliance: Some data may be retained longer to comply with legal, tax, or regulatory requirements
Backups: Data in encrypted backups may persist for up to 30 days after deletion for disaster recovery purposes

7. Multi-Tenant Data Isolation

Wappline is a multi-tenant platform. We implement strict technical and organizational measures to ensure complete data isolation between customers:

Database Scopes: All queries automatically filter by company/instance to prevent cross-customer data access
Unique Constraints: Database-level constraints prevent a single phone number or Instagram account from being connected to multiple instances
Authorization Checks: Every data access request is verified against user permissions and company ownership
Exact Identifier Matching: We use exact matching for all identifiers (no wildcard/partial matches) to prevent data leakage

Guarantee: No customer can access another customer's data under any circumstances. This is enforced at the application, database, and infrastructure layers.

8. Your Data Rights

You have the following rights regarding your personal data:

8.1 Right to Access (Article 15)

You can request a copy of your personal data. Contact us at info@wappline.com to request a data export.

8.2 Right to Rectification (Article 16)

You can update or correct inaccurate data through your account settings or by contacting support.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data. We will delete your data within 30 days unless we have a legal obligation to retain it.

How to request deletion:

Email info@wappline.com with your account details
We will verify your identity and process your request within 30 days
You will receive a confirmation email upon completion

Meta Data Deletion Callback: If you connected WhatsApp or Instagram through Meta's Embedded Signup, you can also request deletion via Meta's platform. Meta will send a signed deletion request to our system, which we will process within 30 days.

Exceptions: We may retain certain data if required for legal compliance, fraud prevention, or to resolve disputes.

8.4 Right to Data Portability (Article 20)

You can export your data in a machine-readable format (CSV, JSON) through the platform's export functionality.

8.5 Right to Object (Article 21)

You can object to certain types of data processing, such as marketing communications.

8.6 Right to Withdraw Consent

You can disconnect WhatsApp, Instagram, or Bitrix24 integrations at any time through your account settings. This will revoke Wappline's access to those platforms.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Compliance with GDPR and equivalent data protection regulations
Encryption of data in transit and at rest

10. Cookies and Tracking

We use essential cookies to maintain your session and remember your preferences. We do not use third-party advertising or tracking cookies.

Session Cookies: Required for authentication and platform functionality
Preference Cookies: Remember your language and display settings
Analytics: We may use first-party analytics to understand usage patterns (anonymized)

11. Children's Privacy

Wappline is a business communication platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately at info@wappline.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last updated" date
Sending an email notification to your registered email address
Displaying an in-app notification upon your next login

Your continued use of Wappline after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: info@wappline.com
Data Protection Officer: info@wappline.com

We will respond to your inquiry within 30 days.

14. Supervisory Authority

If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.