Last updated: April 3, 2025
Summary: WooChat collects only what's needed to provide the service. We do not sell your data. Your customers' WhatsApp messages are processed solely to deliver the inbox, automation, and chatbot features you subscribe to. You own your data.
1. Who We Are
WooChat ("we", "us", "our") is a software-as-a-service platform operated by WooChat (woowhatsapp.com). We provide WhatsApp Business API integration for WooCommerce stores, including shared inbox, automated messaging, and AI chatbot features.
For privacy inquiries, contact us at: privacy@woowhatsapp.com
2. Data We Collect
2.1 Account Data
- Name, email address, and password (hashed)
- Company or store name and workspace identifier
- Billing information (handled by PayPal — we do not store card details)
2.2 WhatsApp Integration Data
- Meta WhatsApp Business API credentials (Phone Number ID, access tokens) — stored encrypted and used only to send/receive messages on your behalf
- Inbound and outbound WhatsApp messages processed through your account
- Contact phone numbers and names from your WhatsApp conversations
- Message templates you create and manage
2.3 Usage Data
- Log data: IP addresses, browser type, pages visited, timestamps
- Feature usage: broadcasts sent, messages delivered, AI chatbot interactions
- Error logs for debugging and service improvement
2.4 End-Customer Data (Your Customers)
When your WooCommerce customers interact with your WhatsApp number via WooChat, we process their phone numbers and message content on your behalf. You are the data controller for your customers' data; WooChat acts as a data processor.
3. How We Use Your Data
- To provide, operate, and maintain the WooChat platform
- To process WhatsApp messages between you and your customers
- To deliver AI chatbot responses using your configured knowledge base
- To send you service-related communications (billing receipts, trial reminders, support)
- To detect and prevent fraud or abuse
- To comply with legal obligations
We do not use your data or your customers' data for advertising, profiling, or sale to third parties.
4. Third-Party Services
WooChat integrates with the following third parties to deliver the service:
- Meta (WhatsApp Cloud API) — messages are transmitted via Meta's infrastructure. Meta's data policy applies to message delivery. See WhatsApp Privacy Policy.
- PayPal — subscription billing. PayPal processes payment card data. See PayPal Privacy Policy.
- Anthropic (Claude AI) — if you enable the AI chatbot feature, inbound message text and your configured knowledge base are sent to Anthropic's API to generate responses. No personal identifiers beyond the message content are shared. See Anthropic Privacy Policy.
- Hostinger — our hosting provider. Data is stored on servers in the EU. See Hostinger Privacy Policy.
5. Data Retention
- Account data: Retained for the duration of your subscription plus 90 days after cancellation, then permanently deleted.
- Message history: Retained for 12 months by default. You can export or delete messages from your admin panel at any time.
- Contact data: Retained while your account is active. You can delete individual contacts at any time.
- Billing records: Retained for 7 years as required by financial regulations.
6. Data Security
We implement industry-standard security measures including:
- TLS/HTTPS encryption for all data in transit
- Bcrypt password hashing
- Tenant data isolation — each workspace's data is logically separated
- API credentials stored with encryption
- Access tokens for third-party services are never logged or exposed in URLs
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Update inaccurate or incomplete data
- Deletion: Request deletion of your account and associated data — see our Data Deletion page
- Portability: Export your contacts and message history in CSV format
- Objection: Object to certain types of processing
To exercise any of these rights, email privacy@woowhatsapp.com. We respond within 30 days.
8. POPIA (South Africa)
WooChat complies with the Protection of Personal Information Act (POPIA). Our Information Officer can be contacted at privacy@woowhatsapp.com. You have the right to lodge a complaint with the Information Regulator of South Africa at www.justice.gov.za/inforeg.
9. GDPR (European Users)
If you are located in the European Economic Area, our legal basis for processing your data is (a) contract performance — to provide the service you subscribed to, and (b) legitimate interests — to operate and improve our platform. Where we rely on consent, you may withdraw it at any time.
10. Cookies
We use session cookies strictly necessary for authentication (keeping you logged in). We do not use tracking, advertising, or third-party analytics cookies.
11. Children
WooChat is a business-to-business service. We do not knowingly collect data from individuals under 18 years of age.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be notified by email to the account holder at least 14 days before taking effect. The latest version is always available at woowhatsapp.com/privacy.php.
13. Contact
Questions about this policy:
WooChat
Email: privacy@woowhatsapp.com
Website: woowhatsapp.com
