Privacy Policy

Last updated: June 4, 2026

1. Information We Collect

We collect the following types of information when you use WhatsBulk:

  • Account information: Name, email address, and password when you create an account.
  • Contact data: Phone numbers, names, emails, and tags you upload or manually add to your contact list.
  • Message content: Message templates and campaign content you create within the platform.
  • Usage data: Campaign history, delivery reports, credit transactions, and activity logs.
  • Device information: WhatsApp session data required to maintain your device connection (applicable to the personal-WhatsApp pairing flow).
  • WhatsApp Business Account data: If you connect a WhatsApp Business number through Meta's Embedded Signup, we store your WhatsApp Business Account ID, phone number ID, display name, quality rating, messaging tier, and an encrypted access token used to send messages on your behalf via Meta's Cloud API.
  • Message metadata: For messages sent via the WhatsApp Business Cloud API we log the recipient phone number, destination country, message category (utility / marketing / authentication / service), delivery status (queued / sent / delivered / read / failed), error codes, and Meta's reported conversation cost. We do not store the body text of outbound messages after the send completes.
  • Payment information: Processed securely by Flutterwave. We do not store your card details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process your transactions and manage your subscription.
  • Send your messages and deliver campaign reports.
  • Route messages you author through Meta's WhatsApp Business Cloud API using the credentials you authorized at Embedded Signup, and record delivery / status webhooks Meta sends back.
  • Improve the Service and develop new features.
  • Communicate with you about your account, updates, and support.
  • Detect and prevent fraud, abuse, and security issues.

3. Data Storage and Security

Your data is stored securely using Supabase infrastructure with row-level security policies. WhatsApp session credentials and WhatsApp Business Account access tokens are encrypted at rest using AES-256-GCM with a separately-held key, and never appear in application logs. We implement industry-standard security measures including HTTPS encryption, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure.

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data with the following sub-processors and recipients:

  • Meta Platforms, Inc. (WhatsApp Cloud API): When you connect a WhatsApp Business number through Embedded Signup, the messages you send are transmitted to Meta's WhatsApp Business Platform for delivery to your recipients. Meta receives recipient phone numbers, message content, and metadata as part of operating the Cloud API. Meta's handling of this data is governed by the WhatsApp Business Messaging Policy and Meta's privacy documentation. Data may traverse Meta's global infrastructure, including data centers outside your country of residence.
  • Flutterwave: To process payments securely.
  • Supabase: Our infrastructure provider for database hosting and authentication.
  • Law enforcement: When required by law, court order, or governmental authority.

We do not share your contact lists, message content, or campaign data with any third party for marketing or advertising purposes.

5. Your Rights

You have the right to:

  • Access your personal data through the dashboard.
  • Export your contacts and campaign data at any time.
  • Delete your account and all associated data from Settings → Danger Zone. This permanently removes campaigns, contacts, automations, templates, connected WhatsApp numbers, subscriptions, credits, and all message logs.
  • Disconnect a WhatsApp Business number at any time, which revokes our access token with Meta and stops further messages from being sent from that number through our platform.
  • Correct inaccurate information in your account settings.

To exercise any of these rights, use the relevant feature in your dashboard or contact our support team.

6. Data Retention

We retain your data for as long as your account is active. WhatsApp Cloud API message logs (metadata only — recipient, status, timestamps; not message body) are retained for up to 12 months for billing reconciliation, delivery diagnostics, and quality-rating analysis. If you delete your account, all data is permanently removed immediately, except where retention is required by law or accounting obligations (e.g., payment transaction records).

7. Cookies

We use essential cookies to maintain your authentication session and preferences. We do not use third-party tracking cookies or advertising cookies.

8. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the dashboard or sending an email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us through the support channel available in the dashboard.

Terms of Service →