will be having some technical issue will live soon !
Whatapi Logo
Back to Legal

Privacy Policy

Last updated: July 9, 2026

1. Introduction

Whatapi Technologies ("Whatapi," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at whatapi.pk, use our WhatsApp API automation platform, or interact with any of our associated services (collectively, "the Services").

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Pakistan's data protection regulations. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

We collect information from you in several ways when you use our Services:

Information You Provide Directly:

  • Account Information: When you register, we collect your full name, business name, email address, phone number, billing address, and payment information (processed securely via Stripe).
  • Profile Information: You may optionally provide a profile picture, business description, website URL, and timezone preferences.
  • Communication Data: When you contact our support team, we collect your name, email address, and the contents of your communication.
  • Integration Data: When you connect third-party services (Shopify, WooCommerce), we collect API keys, store URLs, and synchronization preferences.

Information Collected Automatically:

  • Usage Data: We collect information about how you interact with our dashboard, including pages visited, features used, time spent, and click patterns.
  • Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Log Data: API request logs including endpoints accessed, timestamps, HTTP status codes, and error messages.
  • Cookies & Tracking: We use cookies and similar tracking technologies as described in our Cookies Preferences page.

Message Metadata: When you send messages through our platform, we collect metadata including sender phone number, recipient phone number, message status (sent, delivered, read), timestamps, and message type (text, image, document). We do not store the body content of your WhatsApp conversations on our servers long-term.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Services, including processing messages, generating analytics, and managing your account.
  • Payment Processing: To process subscription payments, generate invoices, and manage billing cycles (via Stripe).
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Communications: To send service-related notifications (e.g., billing reminders, feature updates, maintenance notices), marketing communications (with your consent), and important policy changes.
  • Analytics & Improvements: To analyze usage patterns, identify trends, and improve the functionality and user experience of the Platform.
  • Security & Compliance: To detect and prevent fraudulent activity, abuse, or violations of our Terms of Service, and to comply with legal obligations.

5. Data Sharing & Disclosure

We do not sell your personal data to third parties. We may share your information with the following categories of recipients:

Service Providers: We engage trusted third-party service providers to assist in delivering the Services, including:

  • Stripe: Payment processing (your payment data is handled directly by Stripe, not stored by us).
  • Google Cloud / Firebase: Cloud infrastructure, database hosting, and authentication services.
  • Meta (WhatsApp): Message routing through the WhatsApp Business API.
  • Shopify / WooCommerce: E-commerce platform integrations for order data synchronization.
  • Analytics Providers: Usage analytics and performance monitoring tools.

Legal Compliance: We may disclose your information if required by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law.

  • Account Data: Retained for the duration of your account plus 90 days after termination or deletion request, unless a longer retention period is required by law.
  • Message Metadata: Aggregated analytics data retained for up to 24 months. Individual message status data retained for up to 12 months.
  • Message Content: Message bodies are not stored long-term on our servers. They are routed through WhatsApp's infrastructure in real time.
  • Log Data: API and access logs retained for up to 12 months for security and troubleshooting purposes.
  • Payment Records: Retained for as long as required by tax and accounting regulations (typically 7 years).

When data is no longer required, it is securely deleted or anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under GDPR (EEA Users):

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request restriction of processing of your data under certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Under CCPA (California Users):

  • Right to Know: Request disclosure of the categories and specific pieces of personal data we have collected about you.
  • Right to Delete: Request deletion of personal data we have collected, subject to certain exceptions.
  • Right to Opt-Out: Right to opt out of the sale of your personal data (note: we do not sell personal data).
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at privacy@whatapi.pk. We will respond to your request within 30 days (or as otherwise required by applicable law). We may need to verify your identity before processing your request.

8. Cross-Border Data Transfers

Your information may be transferred to and processed in countries other than your own, including Pakistan and the United States, where our servers and service providers are located. We ensure that appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all service providers.
  • Compliance with applicable data protection laws in all jurisdictions where we operate.

By using the Services, you consent to the transfer of your data to these countries, subject to the safeguards described in this policy.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in Transit: All data transmitted to and from our Platform is encrypted using TLS 1.3 protocol.
  • Encryption at Rest: Data stored in our databases is encrypted using AES-256 encryption.
  • Access Controls: Strict role-based access controls with multi-factor authentication for administrative access.
  • Regular Audits: Periodic security assessments, penetration testing, and vulnerability scanning.
  • Incident Response: A documented incident response plan to address potential data breaches.

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and enable two-factor authentication where available.

10. Children's Privacy

The Services are not directed to individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

11. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver targeted content. For detailed information about the types of cookies we use and how to manage your preferences, please visit our Cookies Preferences page.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes via email or through the dashboard. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

  • Email: privacy@whatapi.pk
  • Support: support@whatapi.pk
  • Address: Whatapi Technologies, Lahore, Pakistan

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection supervisory authority.