Privacy Policy for WhatsApp Commerce Suite

Information we collect

Account and workspace data such as name, email address, organization, role, language, timezone, and authentication records.

Merchant integration data needed to run the product, including WhatsApp connection state, Salla, Zid, Shopify, webhook, product, order, cart, FAQ, policy, and store metadata.

Conversation and widget data needed to answer customers, hand off to humans, and keep audit history, including message content, timestamps, phone or visitor identifiers, and moderation state.

Billing, subscription, usage, email delivery, support, security, log, and diagnostic data.

Marketing and product analytics metadata such as page path, referrer, CTA source, event name, browser, device, and approximate request information. We do not intentionally send WhatsApp message text, QR payloads, access tokens, refresh tokens, encrypted credential blobs, order contents, or customer PII to marketing analytics providers.

How we use information

To provide the dashboard, WhatsApp agent, website widget, knowledge base, abandoned-cart reminders, order and product lookup, billing, support, security, abuse prevention, and service diagnostics.

To improve onboarding, product reliability, public website performance, and marketing attribution when analytics providers are configured.

To send transactional and lifecycle emails such as welcome, invitation, billing, trial, support, and product education messages where allowed.

Service providers and integrations

We use service providers and integrations only to operate the product, including hosting, database, authentication, payment, email, support, analytics, AI, WhatsApp, and commerce-platform services. Current examples may include Vercel, Supabase, Stripe, Resend, Crisp, PostHog, Google Analytics, OpenAI or other configured AI providers, WhatsApp providers, Salla, Zid, and Shopify.

We do not sell personal information. We share data only as needed to provide the service, comply with law, protect the service, or follow the merchant's configured integrations.

Merchant responsibilities

Merchants are responsible for having the required rights, notices, consent, and lawful basis for customer data, WhatsApp conversations, order lookups, website widget use, and abandoned-cart reminders.

Merchants should not upload or sync data that they are not authorized to process through this service.

Retention and security

We keep data for as long as needed to provide the service, meet legal or billing obligations, resolve disputes, maintain audit trails, and protect the product.

We use reasonable technical and organizational safeguards, including token encryption for supported integrations, access controls, rate limits, and security headers. No system can be guaranteed completely secure.

Choices and requests

Users may request access, correction, export, or deletion of account data where applicable. Some data may need to be retained for security, billing, audit, legal, or backup reasons.

Marketing analytics can be disabled by leaving the provider environment variables unset or using the documented mock values. Google Analytics consent defaults to denied unless configured otherwise.

Children

The service is intended for merchants and business users. It is not directed to children.

Updates and contact

We may update this policy as the product changes. Contact us at support@updates.humanecho.ai for privacy questions or requests.