WapiumWapium
Get started

Privacy Policy

Last updated: May 6, 2026

This Privacy Policy describes how Wapium("we", "us", or "the Service") collects, uses, stores, and shares information when you and your customers use our WhatsApp Business messaging platform.

1. Who we are

Wapium is a software-as-a-service platform that helps businesses send, receive, and automate WhatsApp messages using the official WhatsApp Business Cloud API operated by Meta Platforms, Inc. We act as a data processor on behalf of our business customers.

Contact: support@wapium.com
Address: Office #24, 142s Plaza, Paragon City, Lahore, Pakistan

2. Information we collect

From business account holders

  • Email address and password (hashed)
  • Business name and contact details
  • WhatsApp Business Account ID and phone number ID
  • Access tokens issued by Meta for sending messages
  • Billing information (processed by our payment partner)
  • Usage analytics (logins, feature usage, error logs)

From end-customers messaging the business

  • WhatsApp phone number and display name
  • Message content (text, images, voice notes, documents)
  • Message metadata (timestamps, delivery/read status)
  • Conversation history with the business
  • Profile picture URL provided by WhatsApp (if available)

We do not collect this information directly from end-customers. It is provided to us by Meta's WhatsApp Business Cloud API when an end-customer chooses to message a business that uses our Service.

3. How we use information

  • To deliver messages between businesses and their customers
  • To execute automated chatbot flows configured by businesses
  • To display message history in the business dashboard
  • To provide AI-assisted reply suggestions when enabled
  • To send service notifications and product updates
  • To maintain security, prevent abuse, and debug errors
  • To comply with legal obligations

We do not sell personal information to third parties, use customer messages to train public AI models, or share message content for advertising purposes.

4. Legal basis for processing (GDPR)

  • Contract: processing your account data to deliver the Service
  • Legitimate interest: security, fraud prevention, product analytics
  • Consent: AI features, optional integrations, marketing emails
  • Legal obligation: tax records, regulatory requests

5. Third-party services

We rely on the following sub-processors:

  • Meta Platforms (WhatsApp Business Cloud API): message delivery infrastructure
  • Supabase: database and authentication (hosted in EU/US regions)
  • Vercel: application hosting and file storage
  • AI providers (Groq, OpenAI, etc.): only when AI reply features are explicitly enabled by the business

6. Data retention

Messages, contacts, and media are retained for as long as the business account is active. Businesses may delete individual conversations or full accounts at any time from the dashboard. On account deletion we remove personal data within 30 days, except where longer retention is required by law (typically billing records: 7 years).

7. International transfers

Data may be processed in the United States, European Union, and other regions where our sub-processors operate. We rely on Standard Contractual Clauses (SCCs) and other safeguards required by GDPR for cross-border transfers.

8. Your rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data (data portability)
  • Object to or restrict certain processing
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email us at support@wapium.com. We respond within 30 days.

9. Security

We use encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and Row Level Security on our database. Access tokens are stored server-side and never exposed to browsers. Despite our efforts, no system is completely secure — we will notify affected users within 72 hours of confirming a breach involving personal data.

10. Children's privacy

The Service is intended for businesses and is not directed at children under 13. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and dashboard banner at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance.

12. Contact us

Questions or concerns about this policy? Email support@wapium.com.

    Built with v0