Skip to main content
Back
W
Wadwin

Privacy Policy

Last updated: 31 March 2026

1. Introduction

Wadwin ("we", "us", or "our") operates a WhatsApp CRM platform for small and medium businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at wadwin.com (the "Service").

We are committed to complying with applicable data protection laws including the Hong Kong Personal Data (Privacy) Ordinance (PDPO), the EU General Data Protection Regulation (GDPR), and relevant data protection legislation in Singapore, Malaysia, and other jurisdictions where our customers operate.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and authentication credentials via Clerk.

2.2 WhatsApp Business Data

To provide the Service, you connect your WhatsApp Business Account (WABA). We store your:

  • WABA ID and Phone Number ID (Meta Business identifiers)
  • Access tokens (encrypted at rest)
  • Inbound and outbound WhatsApp message content
  • Contact phone numbers and names from your conversations

2.3 Usage Data

We collect information about how you use the Service, including pages visited, features used, and message counts.

2.4 Payment Data

Credit card and payment information is processed by Stripe. We do not store full card numbers. We store transaction records (amount, date, credits purchased) for billing purposes.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To process your WhatsApp messages and display them in your inbox
  • To process payments and manage your credit balance
  • To send you service-related notifications (account alerts, billing)
  • To improve and develop new features
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Meta (Facebook): To send and receive WhatsApp messages via the WhatsApp Business API
  • Supabase: Our database provider (data stored in their secure infrastructure)
  • Clerk: Our authentication provider
  • Stripe: Our payment processor
  • Vercel: Our hosting provider
  • Legal authorities: When required by law

Third-Party Services

We rely on the following services to operate the Service:

  • Meta / WhatsApp Cloud API: messaging delivery — Meta temporarily stores messages up to 30 days before delivery
  • Supabase: database and data storage — data hosted on Supabase servers
  • Clerk: user authentication
  • Vercel: application hosting and deployment
  • Google APIs: AI-powered reply features and summarization

5. Data Retention

Conversation data and messages are retained for the duration of your active subscription. Upon account termination, all workspace data including conversations, contacts, and message history is permanently deleted within 30 days. Billing records may be retained for up to 7 years to comply with Hong Kong tax and accounting regulations.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict processing of your data
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@wadwin.com.

7. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can control cookies through your browser settings.

9. Children's Privacy

Wadwin is a business tool intended for use by companies and professionals. Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from minors.

WhatsApp Cloud API

Wadwin uses the WhatsApp Business Cloud API provided by Meta Platforms, Inc. When messages are sent or received through Wadwin, they are processed via Meta's Cloud API infrastructure. Meta temporarily stores message content during transmission for up to 30 days. Please refer to Meta's Privacy Policy for details on their data handling practices.

Data Deletion

What data can be deleted

You may request deletion of the following categories of data, subject to legal retention requirements:

  • Workspace account
  • Conversation history
  • Contact lists
  • Billing information
  • API credentials

How to request deletion

Email privacy@wadwin.com with the subject line "Data Deletion Request". Include your registered email address and workspace name so we can verify and process your request.

What happens after you request

We will send a confirmation within 2 business days. Deletion is completed within 30 days, and we will email you when it is finished. Billing records may be retained for up to 7 years in accordance with Hong Kong law.

Automated deletion

On account termination, all workspace data is permanently deleted within 30 days of account closure.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or a prominent notice on the Service. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at: privacy@wadwin.com