WhatsFlow AI Logo
WhatsFlowAI
Trust & Safety Hub

Privacy Policy

At WhatsFlow AI, your data privacy is our absolute priority. Learn how we handle, process, and safeguard your and your customers' information.

Effective Date:May 19, 2026
Version:v2.1 (GDPR & CCPA Compliant)

1. Introduction

Welcome to WhatsFlow AI. WhatsFlow AI ("we," "our," or "us") is operated by SEBS (Private) Limited. We respect your privacy and are committed to protecting the personal data of our users, partners, and their end-customers.

This Privacy Policy describes how we collect, use, store, process, and share your personal data when you use the WhatsFlow AI platform, our website (whatsflow.ai), and all associated tools, integrations, and services (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any terms of this policy, please do not use our Service.

2. Information We Collect

We collect several different types of information for various purposes to provide and improve our Service to you.

Account & Personal Data

While registering on WhatsFlow AI, we may collect personally identifiable information that can be used to contact or identify you, including:

  • Full name and job title
  • Business email address and phone number
  • Company details and corporate structure
  • Billing address and payment processor tokens

Business Context & Integrations

To operationalize your automated flows, we ingest operational context which includes:

  • WhatsApp Business Account (WABA) credentials
  • Meta developer credentials and access keys
  • System prompts, lead parameters, and custom guidelines
  • API keys for third-party CRMs and ERP systems

End-Customer Communications & Metadata

As an AI-powered conversational agent, we temporarily process messaging streams flowing through your connected WhatsApp channels. This includes:

  • Incoming message content (text, media, interactive responses)
  • End-customer phone numbers, display names, and locale
  • Message delivery statuses, timestamp, and read receipts

3. How We Use Information

WhatsFlow AI processes your data to deliver, optimize, and secure our automated lead management experience:

1

AI Agent Training & Processing: To enable LLMs (Large Language Models) to autonomously converse with and classify leads coming through your WhatsApp Business line in accordance with your guidelines.

2

Platform Optimization: To monitor and analyze system interactions, resolve processing latency, and enhance overall natural language model performance.

3

Billing & Access Control: To administer active subscriptions, calculate usage statistics (AI conversation counts), and prevent fraudulent service exploits.

4

Communications: To send account notifications, system updates, security advisories, and relevant marketing updates (subject to opt-out preferences).

4. WhatsApp API Specifics

Our system connects with Meta's cloud API services. Please note:

  • Terms Alignment: By utilizing our integration, you agree to remain compliant with the WhatsApp Business Terms of Service and Developer Policies.
  • Temporary Storage: Customers' chat histories are treated as ephemeral. We store individual text blocks exclusively for dynamic context loading needed for AI prompt formation and display within your private customer dashboard.
  • No Data Brokerage: We do not sell, rent, or lease your customer communication records, telephone indexes, or conversation histories to any third-party marketing, analytics, or broker corporations.

5. Data Security & Storage

We implement robust enterprise security measures to protect your database assets:

TLS 1.3

All connection states and messaging pipelines between your WhatsApp accounts, the Meta servers, and the WhatsFlow platform are fully encrypted using modern TLS 1.3 protocol.

AES-256

Sensitive API authorization credentials, database keys, and configuration secrets are fully encrypted at rest inside our system database cluster utilizing Advanced Encryption Standard (AES-256).

SUPABASE SSO

Secure authentication is handled with strict JSON Web Tokens (JWT) and multi-tenant isolation patterns, ensuring that no tenant can ever cross-read data outside their own environment.

6. Your Privacy Rights

Depending on your physical residency jurisdiction, you are entitled to several statutory privacy entitlements concerning your personal records:

Right to Access & Rectify

You can request copies of your stored personal details and correct any inaccurate information at any time.

Right to Erasure ("Right to be Forgotten")

You have the right to request the complete deletion of your profile metadata and associated WhatsApp logs from our storage servers.

Right to Object & Restrict

You can restrict how we process your business data and opt-out of automated user profiling.

Right to Data Portability

You are entitled to export your configuration parameters and chat history archives in structured JSON or CSV format.

7. Regulatory Compliance

Our services are engineered from the ground up to respect primary international regulatory standards:

  • GDPR (European Union): We act as the Data Processor for incoming WhatsApp customer records under the General Data Protection Regulation. All processing activities adhere strictly to the Data Processing Addendum (DPA) signed by our users.
  • CCPA/CPRA (California): We do not sell or exchange California consumer records for commercial gains, maintaining compliance with California privacy protections.

Got Questions About Your Privacy?

Our compliance team and dedicated Data Protection Officer (DPO) are available to answer your questions or handle individual data protection request filings.

Response under 24 business hours
Email: privacy@whatsflow.ai

SEBS (Private) Limited.