1. Overview
SellWha ("we", "us", "our") operates a WhatsApp Commerce CRM platform at sellwha.com. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our services.
This policy applies to all SellWha services including our web application, APIs, and integrations. It covers:
- Account holders โ businesses and individuals who register for SellWha
- Team members โ agents and staff added to a SellWha workspace
- End customers โ the customers of SellWha users whose data may be processed through our platform
2. Data We Collect
Information you provide directly:
- Account registration data: name, email address, company name, phone number
- Payment information (processed securely by our payment provider; we do not store raw card data)
- Profile and workspace settings
- Support tickets and communications with our team
Data generated through your use of the Service:
- Customer conversations, messages, and interaction history from connected channels
- Order data, product information, and transaction records
- Contact profiles, tags, and notes you create
- Automation rules, broadcast campaigns, and templates you configure
- Team activity logs and audit trails
Automatically collected data:
| Type | Data Collected | Purpose |
|---|---|---|
| Usage analytics | Page views, feature usage, click patterns | Improve the product |
| Log data | IP address, browser type, timestamps | Security & debugging |
| Device data | Browser, OS, screen resolution | Compatibility optimization |
| Cookies | Session token, preferences | Authentication & UX |
3. How We Use Your Data
We use collected data to:
- Provide the Service: Operate, maintain, and improve the SellWha platform
- Authentication: Verify your identity and keep your account secure
- Billing: Process payments, send invoices, and manage subscriptions
- Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
- Communication: Send service updates, security alerts, and โ with your consent โ marketing emails
- Analytics: Understand how users interact with the platform to improve product features
- Legal compliance: Comply with applicable laws and enforce our Terms of Service
We do not use your data or your customers' data for advertising, sell it to third parties, or use it to train AI/ML models without explicit consent.
5. Data Retention
We retain your data for as long as necessary to provide the Service and comply with legal obligations:
- Active accounts: Data is retained for the life of your subscription
- After account cancellation: Data is retained for 30 days, then permanently deleted
- Billing records: Retained for 7 years for tax and accounting compliance
- Audit logs: Retained for 12 months for security purposes
- Support tickets: Retained for 3 years
You can request an export of your data before deletion by contacting our support team. Upon confirmed deletion, data is removed from all active systems within 30 days and from backups within 90 days.
6. Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit using TLS 1.2+
- Data at rest is encrypted using AES-256
- Access to production systems is restricted to authorized personnel only
- Multi-tenant data is isolated at the database schema level
- Regular security audits and penetration testing
- Automatic backups with geographic redundancy
In the event of a data breach that affects your personal data, we will notify you and relevant authorities within 72 hours as required by applicable data protection laws.
7. Your Rights
Depending on your location, you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Access | Request a copy of all personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Portability | Receive your data in a structured, machine-readable format |
| Restriction | Request that we limit how we process your data |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent for marketing communications at any time |
To exercise any of these rights, contact us at privacy@sellwha.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
9. WhatsApp & Channel Data
When you connect WhatsApp Business or other messaging channels, SellWha accesses and processes messages and contact data via the official platform APIs.
- Message content and metadata are stored in your SellWha workspace for the purpose of providing the Service
- Contact phone numbers and profiles from WhatsApp are stored as part of your customer CRM
- We do not store encryption keys for end-to-end encrypted conversations โ WhatsApp Business API messages are not end-to-end encrypted by design
- You remain responsible for obtaining appropriate consent from your WhatsApp contacts to process their data
10. International Data Transfers
SellWha primarily stores data in Asia Pacific regions. Some of our sub-processors may be located in the United States or other countries outside your jurisdiction.
When transferring personal data from the European Economic Area (EEA), UK, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and adequacy decisions where applicable.
11. Children's Privacy
SellWha is a business tool intended for use by individuals aged 18 and above. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected such data, we will promptly delete it. If you believe a child has provided us with personal information, please contact us immediately.
12. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Sending an email notification to your registered address
- Displaying a notice within the SellWha dashboard
- Updating the "Last updated" date at the top of this page
Changes take effect 14 days after notification. Continued use of the Service after that date constitutes acceptance of the revised policy.
13. Contact & Data Protection Officer
For any privacy-related questions, requests, or concerns, please contact us:
We aim to respond to all privacy requests within 30 days. For complex requests we may extend this by a further 60 days with notice.