Privacy Policy
WimChat ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
1. Who We Are
WimChat is a unified customer messaging platform that allows businesses to manage WhatsApp, Messenger, and Instagram messages through one shared team inbox.
Data Controller: WimChat
Contact: privacy@wimchat.com
2. Data We Collect
2.1 Account & Business Data
- Business name, owner name, email address
- Phone number (for verification)
- Billing information (processed securely by Stripe — we never store full card numbers)
- Subdomain and custom domain settings
- Profile avatar
2.2 Usage Data
- Login timestamps and IP addresses
- Pages visited, features used
- Device type, browser, operating system
- Session duration
2.3 Customer Conversation Data
- Messages received and sent through connected platforms (WhatsApp, Messenger, Instagram)
- Contact names and profile information from those platforms
- Ticket statuses, notes, and agent assignments
- Timestamps of all messages
2.4 Device & Security Data
- Device fingerprint (browser signals used to prevent trial fraud — hashed and anonymized)
- IP address at signup and login
- Phone number hash (for trial abuse prevention)
3. How We Use Your Data
We use your data to:
- Provide and operate the WimChat service
- Authenticate your identity and secure your account
- Process payments through Stripe
- Send transactional emails (trial reminders, invoices, password resets)
- Detect and prevent fraud and abuse
- Improve our platform through anonymized analytics
- Respond to support requests
- Comply with legal obligations
We do NOT:
- Sell your data to third parties
- Use your customer conversations for advertising
- Share your data with other WimChat tenants
- Use your data to train AI models without consent
4. Data Sharing
We share data only with:
- Stripe — payment processing (stripe.com/privacy)
- WhatsApp Business API — message delivery
- Facebook/Meta API — Messenger & Instagram messages
- Cloud hosting provider — encrypted data storage
- Email delivery service — transactional emails only
All third parties are contractually bound to protect your data and cannot use it for their own purposes.
5. Data Retention
- Active account data: retained while account is active
- Trial accounts (not converted): deleted after 30 days
- Suspended accounts: data held for 30 days then deleted
- Deleted accounts: permanently erased within 30 days
- Audit logs: retained for 1 year
- Billing records: retained for 7 years (legal requirement)
- Anonymized analytics: retained indefinitely
6. Data Security
We protect your data with:
- TLS encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Bcrypt hashing for all passwords
- Isolated database per tenant (no cross-tenant access)
- Regular security audits
- Strict access controls for our team
7. Your Rights
Depending on your location you have the right to:
- Access — request a copy of your personal data
- Correction — fix inaccurate data
- Deletion — request deletion of your data
- Portability — export your data in machine-readable format
- Objection — object to certain uses of your data
- Restriction — limit how we process your data
To exercise these rights contact: privacy@wimchat.com. We will respond within 30 days.
8. Cookies
We use:
- Essential cookies — authentication, session management
- Preference cookies — theme, language settings
- Analytics cookies — anonymized usage tracking
You can disable non-essential cookies in your browser. Disabling essential cookies will prevent login.
9. Children's Privacy
WimChat is not intended for users under 16 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We will notify you of significant changes by:
- Email to your registered address
- In-app notification on next login
- Updated "Last updated" date on this page
11. Contact Us
For privacy questions or requests:
Email: privacy@wimchat.com
Response time: within 30 days