Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you use our services or contact us, we may collect:

• Contact Information: Name, email address, phone number, company name, business address
• Business Information: Industry, company size, service preferences, project requirements
• Communication Data: Messages, queries, feedback, support requests sent via email, WhatsApp, phone, or contact forms
• Payment Information: Billing address, GST details (payment processing handled by secure third-party providers)

1.2 WhatsApp Business API Data

When we implement WhatsApp Business API solutions for your business, we may process:

• Customer Messages: Messages sent to/from your WhatsApp Business number (with your explicit consent)
• Conversation Metadata: Timestamps, delivery status, read receipts
• Customer Contact Details: Phone numbers, names (as provided by your customers to you)
• Integration Data: Data synced between WhatsApp and your CRM, databases, or other business tools

1.3 Automatically Collected Information

• Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages
• Cookies: We use cookies to improve website functionality and analyze usage patterns (see Cookie Policy below)
• Analytics Data: Google Analytics or similar tools to understand website traffic and user behavior

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: To provide WhatsApp automation, DevOps, analytics, and website services as per your agreement
• Communication: To respond to inquiries, provide support, send project updates, and communicate about services
• Billing & Administration: To process payments, issue invoices, and maintain service records
• Improvement: To analyze usage patterns, improve our services, and develop new features
• Compliance: To comply with legal obligations, enforce our terms, and protect our rights
• Marketing: To send service updates, newsletters, or promotional materials (only with your opt-in consent)

3. WhatsApp Business API Compliance

3.1 Opt-In & Consent

We ensure all WhatsApp automation solutions comply with Meta's WhatsApp Business Policy:

• Explicit Consent: Your customers must opt-in before receiving messages via WhatsApp (e.g., through website forms, SMS, or in-person)
• Clear Purpose: Customers must be informed about what types of messages they will receive
• No Spam: We do not send unsolicited messages or bulk spam

3.2 Opt-Out Mechanism

Every WhatsApp automation we build includes easy opt-out options:

• Users can reply with keywords like "STOP", "UNSUBSCRIBE", or "OPT OUT" to stop receiving messages
• We automatically process opt-out requests and update your contact lists
• Opt-out preferences are synced across all integrated systems (CRM, database, etc.)

3.3 Data Minimization

We collect only the minimum data necessary to provide WhatsApp automation services. We do not collect sensitive personal information (health data, financial data, etc.) unless explicitly required for your use case and with proper consent mechanisms.

4. Data Sharing & Disclosure

We may share your information in the following circumstances:

4.1 With Your Consent

We will share your data with third parties only when you have given explicit consent (e.g., integrating with your CRM or other tools).

4.2 Service Providers

We work with trusted third-party service providers:

• Meta (WhatsApp): For WhatsApp Business API functionality
• Cloud Providers: AWS, Azure, GCP for hosting and infrastructure
• Payment Processors: Razorpay, Stripe, or bank transfer services for billing
• Analytics Tools: Google Analytics for website usage tracking

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law, court order, government request, or to protect our legal rights and safety.

5. Data Retention

• Client Data: We retain client information for the duration of our service agreement plus 3 years for legal/tax purposes
• WhatsApp Conversation Data: We do not store WhatsApp messages long-term unless required for technical support. Logs are retained for 30-90 days.
• Website Analytics: Anonymized analytics data retained for 24 months
• Deleted Data: Upon request or contract termination, we delete your data within 90 days (subject to legal retention requirements)

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Control: Role-based access controls; only authorized personnel can access client data
• Regular Audits: Security audits, vulnerability scans, and penetration testing
• Secure Infrastructure: Hosting on certified cloud platforms (AWS, Azure, GCP) with SOC 2 compliance
• Backup & Recovery: Regular backups with disaster recovery procedures

7. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications at any time
• Data Portability: Request your data in a machine-readable format
• Restrict Processing: Request limitation of data processing in certain circumstances

To exercise any of these rights, contact us at support@wayfinderops.com.

8. Cookies Policy

Our website uses cookies to enhance user experience and analyze traffic. Types of cookies we use:

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Google Analytics to understand visitor behavior (can be opted out)
• Functional Cookies: Remember your preferences and settings

You can manage cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. Data Residency

By default, client data is stored on servers located in India or within the Asia-Pacific region. If you require specific data residency arrangements (e.g., EU servers for GDPR compliance), please inform us during onboarding.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The "Last Updated" date at the top indicates the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: