Privacy Policy

• "Customer", "you", or "Account Holder" means a business or individual who registers for and uses the Service.
• "End User" or "Contact" means a person whose phone number or message data is uploaded by a Customer or received through WhatsApp messaging facilitated by the Service.
• "Personal Data" means information that identifies or can reasonably be linked to an identifiable individual.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.

WA Bulk Sender is a cloud-based platform built on the official WhatsApp Business API (Cloud API). It enables businesses to send bulk template broadcasts, manage team inboxes, organise contacts, create and sync message templates, schedule campaigns, and recharge a prepaid wallet for platform usage.

We are committed to handling Personal Data responsibly. This policy covers data we process for our own business purposes (such as account management and billing) and data we process on behalf of Customers when delivering messaging and inbox features.

For your account information (name, email, billing records, team membership), KrishnaAman Ventures acts as the data fiduciary / data controller.

For End User data that you upload or generate through the Service — including contact phone numbers, names, message content, opt-out records, CSV imports, and dataset rows — you are the data controller. We act as a data processor and process that data only on your instructions to provide the Service.

You are responsible for having a lawful basis to collect, store, and message your Contacts, including compliance with WhatsApp opt-in requirements and applicable Indian laws.

5.1 Account and profile information

• Full name, email address, and password (stored securely via Supabase Auth)
• Company name and onboarding status
• Team invitations: email addresses and assigned roles (Owner, Admin, Agent)

5.2 WhatsApp and business connection data

• WhatsApp Business Account (WABA) identifiers and connection tokens
• Phone number IDs, display phone numbers, verified business names, quality ratings, and messaging health metrics
• Business profile fields synced with Meta (about, description, address, email, websites, business category)

5.3 Contact and messaging data (processed on your behalf)

• Contact phone numbers, names, custom fields, list memberships, attributes, notes, and timeline stages
• CSV import and dataset content you upload
• Conversation and message history (text, media metadata, templates, delivery/read/failed status)
• Broadcast send records and per-recipient delivery outcomes
• Opt-out and opt-in records (including STOP/START keywords and button-based opt-outs)
• Incoming lead records from inbound WhatsApp messages

5.4 Billing and payment data

• Prepaid wallet balance, recharge history, and platform usage debits
• Razorpay order and payment identifiers (payment processing is handled by Razorpay; we do not store full card or UPI credentials)

5.5 Support and technical data

• Support ticket subject, category, description, optional screenshot, and page path
• Server logs, error codes, webhook processing metadata, and API usage records necessary to operate and secure the Service
• Session and authentication cookies required to keep you signed in

• Provide, operate, maintain, and improve the Service
• Connect your WhatsApp Business Account and send/receive messages via Meta's Cloud API
• Process broadcasts, inbox replies, templates, scheduling, and team collaboration features
• Manage your prepaid wallet, process Razorpay payments, and record transactions
• Provide customer support and respond to your requests
• Detect abuse, fraud, security incidents, and violations of our Terms
• Comply with legal obligations and enforce our agreements
• Send service-related communications (such as account verification emails via Supabase Auth)

We do not use third-party advertising analytics on the dashboard. We do not sell your Personal Data.

Under the Digital Personal Data Protection Act, 2023 and applicable law, we rely on the following grounds where relevant:

• Performance of a contract — to provide the Service you signed up for
• Legitimate uses — security, fraud prevention, service improvement, and support
• Consent — where you explicitly agree (for example, accepting this policy at signup) or where you, as Customer, have obtained valid consent from your Contacts
• Legal obligation — where required by law, court order, or regulatory request

We share Personal Data only as described below:

• Meta / WhatsApp — to deliver messages, manage templates, and operate your WhatsApp Business Account. See Meta's privacy policy: https://www.facebook.com/privacy/policy/
• Supabase — database hosting, authentication, and serverless functions. See: https://supabase.com/privacy
• Razorpay — payment processing for wallet recharges. See: https://razorpay.com/privacy/
• Vercel — application hosting and content delivery
• Team members you invite — according to the role permissions you assign (Owner, Admin, Agent)
• Legal and safety — when required by law, to protect rights and safety, or to respond to lawful requests from authorities
• Business transfer — in connection with a merger, acquisition, or sale of assets, with notice where required by law

We require service providers to process data only for the purposes we specify and to apply appropriate security measures.

Messages sent and received through the Service are transmitted via Meta's WhatsApp Cloud API. Meta processes message content and metadata according to its own policies and may store data on its infrastructure.

WA Bulk Sender stores conversation and message data in our database to power your team inbox, search, broadcast history, and delivery analytics. This is distinct from Meta's own retention practices on WhatsApp infrastructure.

• WhatsApp Business Policy: https://www.whatsapp.com/legal/business-policy
• WhatsApp Commerce Policy: https://www.whatsapp.com/legal/commerce-policy
• WhatsApp Privacy Policy: https://www.whatsapp.com/legal/privacy-policy
• Meta WhatsApp Pricing: https://developers.facebook.com/docs/whatsapp/pricing

• Account data is retained while your account is active.
• Contact, conversation, broadcast, and template data is retained while your account is active to provide the Service.
• When you delete your account via Settings, we delete your user data through our account deletion process, including auth credentials, subject to technical and legal limitations.
• Payment and transaction records may be retained for accounting, tax, and legal compliance even after account deletion, for periods required by applicable law.
• Support tickets may be retained for a reasonable period to resolve disputes and improve support quality.

• HTTPS encryption for data in transit
• Row Level Security (RLS) on database tables so users access only their authorised data
• WhatsApp access tokens stored server-side and not exposed to client applications
• Role-based access control for team members
• Webhook signature verification for payment and messaging events where applicable

No method of transmission or storage is 100% secure. While we implement reasonable safeguards, we cannot guarantee absolute security.

Our infrastructure providers (including Supabase, Meta, Razorpay, and Vercel) may process data on servers located outside India. Where Personal Data is transferred internationally, we take steps reasonably necessary to ensure it receives adequate protection consistent with applicable law and our agreements with processors.

Depending on applicable law, you may have the right to:

• Access Personal Data we hold about you
• Correct inaccurate account information via Settings or by contacting us
• Delete your account and associated data via Settings → Delete account
• Withdraw consent where processing is consent-based (without affecting prior lawful processing)
• Nominate another person to exercise your rights in the event of death or incapacity, as permitted under the DPDP Act
• Lodge a complaint with the relevant data protection authority in India

To exercise these rights, email us at kritap@krishnaaman.in. We will respond within timelines required by applicable law.

If you are an End User (WhatsApp contact of one of our Customers), please contact the business that messaged you directly. We process End User data on behalf of our Customers and may not be able to fulfil your request without the Customer's instruction.

• Obtain valid consent or another lawful basis before messaging Contacts
• Provide your own privacy notice to Contacts where required
• Honour opt-out requests promptly (STOP keyword and opt-out buttons are supported by the platform)
• Ensure uploaded contact lists and message content comply with WhatsApp policies and Indian law
• Restrict team member access appropriately using roles

We use essential cookies and similar technologies to maintain your authenticated session (via Supabase Auth), protect the Service, and remember basic preferences. We do not use third-party advertising cookies on the dashboard.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from signing in.

The Service is intended for businesses and individuals aged 18 and above. We do not knowingly collect Personal Data from children under 18. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Material changes may be communicated via email or in-app notice where appropriate. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For privacy questions, data requests, or complaints:

• KrishnaAman Ventures
• Registered office: Gwalior, Madhya Pradesh, India
• Email: kritap@krishnaaman.in
• Website: https://kritap.krishnaaman.in

Grievance Officer (India IT Rules, 2021):

• Name: Krishna Sharma
• Email: krishnasharma0621@gmail.com

We aim to acknowledge grievances within 24 hours and resolve them within 15 days, or within timelines prescribed by applicable law, whichever is shorter.