Logo

Privacy Policy

Last Updated: May 12, 2026

This Privacy Policy is intended for global users and is designed to align with generally applicable international privacy and data protection principles, including GDPR, CCPA/CPRA, and similar privacy frameworks where applicable.

This Privacy Policy describes how Whatching collects, uses, stores, shares, and protects your information when you use our website, platform, APIs, dashboard, WhatsApp automation tools, and related services (collectively, the “Services”).

By accessing or using our Services, you agree to the practices described in this Privacy Policy. Please also review our Terms of Service, which govern your use of the Services.

1. What Information Do We Collect?

Personal Information You Provide to Us

We collect personal information that you voluntarily provide when you register, connect assets, subscribe, or interact with our teams. This includes:

  • Full name, email address, and active phone numbers
  • Company/business legal name and structural profiles
  • Billing destinations, addresses, and interface configurations
  • WhatsApp Business account properties and campaign layouts
  • Account operational logs and security authentication data

Payment Information

Payments are cleared via trusted micro-gateways like Razorpay, Stripe, or Chargebee. We do not store full payment card details on our local infrastructure servers. Please review your respective processor’s dedicated privacy framework directly.

WhatsApp and Messaging Data

When implementing tools alongside WhatsApp APIs:

  • We process operational message status metadata.
  • We store system configurations, conversation schemas, and templates.
  • We handle contact asset listings provided explicitly by you.
Data Roles Notice: Whatching acts as a service provider and/or data processor for customer data handled via the interface. Users remain solely responsible for validating consent foundations, anti-spam adherence, and WhatsApp policy requirements across their contact datasets.

Information Automatically Collected

Standard operational analytical matrices are logged during interactions:

  • IP addresses, active system builds, browser signatures, and OS properties.
  • Operational event sequences, response parameters, and stability crash files.

2. How Do We Process Your Information?

We channel collected attributes exclusively to:

  • Maintain, provision, and iterate platform architecture and Services.
  • Verify accounts, authenticate webhook activities, and monitor subscription status.
  • Prevent systemic infrastructure abuse, malware vectors, and credential fraud.
  • Adhere to structural financial compliance and legal obligations.

3. What Legal Bases Do We Rely On?

Processing relies on contextual jurisdictional pillars:

  • Your explicit affirmative consent.
  • The execution or performance of mutual contract provisions.
  • Valid execution of organizational legitimate commercial goals.

Users operating inside the EEA or UK benefit from protection mechanisms configured around absolute GDPR mandates.

4. When and With Whom Do We Share Your Personal Information?

Data transfers occur solely alongside specialized third parties:

  • Secure cloud computing node networks and database environments.
  • Meta Platforms and WhatsApp infrastructure groups required for message operations.
  • System analytical pipelines and transactional CRM components.
  • Regulatory or legal groups under formal judicial validation.

We do not sell personal data. We do not distribute information for cross-context target marketing or behavior profiling frameworks.

5. Do We Use Cookies and Tracking Technologies?

Yes. Persistent and transient cookies/pixels trace interactions to track user login integrity, improve front-end layout response times, and evaluate performance indicators. Configuration alterations can be managed via individual web browser preferences.

6. How Do We Handle Social Logins?

When joining using external integrations (e.g., Google OAuth), the platform parses attributes permitted by your foundational integration profile setups. We suggest evaluating their configuration terms directly.

7. How Long Do We Keep Your Information?

Records are maintained for the practical lifetime of account activity or until mandatory statutory data storage limits dictate otherwise.

Storage Warning: We do not offer indefinite data retention guarantees for historical conversation pipelines, customer records, or systemic distribution files beyond limits outlined in subscription tiers.

8. How Do We Keep Your Information Safe?

We apply industry-standard defensive controls including:

  • Mandatory Transport Layer Security (HTTPS/SSL verification tunnels).
  • Strict role-based administration permissions and credential encryption profiles.
  • System audit configurations and regular host updates.

9. Do We Collect Information From Minors?

Services are strictly limited to business contexts and actors over 18 years old. Accounts identified as violating these boundary terms will be purged immediately. Direct notice can be routed to hello@whatching.com.

10. What Are Your Privacy Rights?

Depending on physical jurisdiction parameters, you can systematically exercise your rights to:

  • Query, read, change, export, or permanently erase your profile attributes.
  • Revoke processing authorization or limit automated validation tracks.

To change marketing communication routes, select active unsubscribe elements or pass a STOP directive within text updates.

11. Do-Not-Track Features

Because uniform tracking opt-out signaling parsing (DNT) is not structurally standardized across web ecosystems, our application does not adjust behavior patterns upon parsing raw browser tracking signal metrics.

12. California Privacy Rights

California residents under CCPA/CPRA frameworks preserve distinct query access pathways. We do not monetize data tracking profiles to third-party commercial groups. Explicit rights requests can be transmitted directly via support.

13. International Users

Data managed outside India moves seamlessly between jurisdictional geographic boundaries to meet cloud host distribution criteria. Using these channels establishes affirmative acknowledgement of these transmission paradigms.

14. Third-Party Services

Platform activities rely on active application bridges (e.g., Stripe, Meta, Razorpay, Google Analytics). Whatching maintains zero administrative oversight concerning the data processing practices of these external properties.

15. Do We Make Updates to This Policy?

Yes. Document alterations take effect upon being posted here. Substantial policy changes are highlighted to users via direct system notices or system newsletter dispatches.

16. How Can You Contact Us?

Whatching
Email: hello@whatching.com
Website: https://whatching.com/

17. How Can You Review, Update, or Delete Your Data?

Log into individual control dashboard interfaces to modify operational information parameters or launch data removal actions through platform support.

18. GDPR Privacy Rights (European Users)

EEA/UK/Swiss account profile subjects retain targeted options to rectify, dispute, transfer, erase or complain about data configurations to regional supervisory data authorities directly.

19. U.S. State Privacy Rights

State-specific consumers (Virginia, Colorado, Utah, etc.) retain custom opt-out options regarding algorithmic targeted distribution tools. Appeal routes can be managed directly via our support email channel.

20. Cross-Border Data Transfers

Transfers outside your home country are secured through standard contractual clauses (SCCs) and specialized data processing addendums (DPAs) where legally required.

21. Governing Law

This operational policy file remains strictly bound to structural frameworks active inside **Kolkata, West Bengal, India**. Associated procedural disputes fall exclusively under local judicial venues.