Privacy Policy

Last updated: 20 May 2026  ยท  Effective date: 20 May 2026

Your privacy matters to us. This Privacy Policy explains what data WayScend collects, why we collect it, how we use and protect it, and the rights you have over your information. By using the Platform you agree to the practices described here.

1. Who We Are

WayScend ("we," "us," or "our") operates a WhatsApp Business API management platform that helps businesses manage customer conversations, send bulk campaigns, and automate messaging through WhatsApp. This Policy applies to all data collected through our website (wayscend.com), web application, APIs, and related services (collectively, the "Platform").

For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian data protection laws, WayScend is a Data Fiduciary in respect of data you provide directly to us, and a Data Processor in respect of personal data you upload about your contacts and leads.

2. Information We Collect

2.1 Account and Business Information

  • Business name, GST number, and registered address.
  • Name, email address, and phone number of the account owner and authorised users.
  • Billing information (invoices and payment records โ€” we do not store full card details).
  • Account credentials (passwords are stored in hashed form and never in plain text).

2.2 Contact and Lead Data

  • Names, phone numbers, and any additional fields you include when uploading your lead or contact lists.
  • Notes, tags, and custom fields you associate with individual contacts on the Platform.
  • This data is provided by you. You are the Data Fiduciary for this data; WayScend processes it solely on your instructions.

2.3 Messaging Data

  • WhatsApp message content, media files, and message logs (delivery status, read receipts, timestamps, template used).
  • Campaign configuration details: template selections, contact segments, and scheduling you define.
  • Conversation history between your agents and your contacts, including internal notes.
  • Automation rule configurations and trigger/action logs.

2.4 Usage and Technical Data

  • IP address, browser type, device type, and operating system.
  • Pages visited, features used, and actions taken within the Platform.
  • Session duration, click-through paths, and error logs.
  • Cookies and similar tracking technologies (see Section 8).

3. How We Use Your Information

We use the data we collect for the following purposes:

  • Service delivery: To operate the Platform, send and receive WhatsApp messages, manage your team inbox, and generate analytics and reports on your behalf.
  • Account management: To create and maintain your account, process payments, and send invoices.
  • Product improvement: To analyse aggregated, anonymised usage patterns and improve our AI models, features, and reliability. We do not use your contact data or call content to train models shared with other customers.
  • Security and fraud prevention: To detect and prevent unauthorised access, abuse, or illegal use of the Platform.
  • Legal and regulatory compliance: To meet our obligations under the DPDP Act and other applicable Indian law.
  • Customer support: To respond to your enquiries, resolve disputes, and provide technical assistance.
  • Communications: To send service notifications, billing alerts, product updates, and (with your consent) marketing emails. You may opt out of marketing emails at any time.

4. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

  • Meta (WhatsApp): Message content and recipient phone numbers are shared with Meta's WhatsApp Business API to send and receive WhatsApp messages on your behalf.
  • Payment processors: Billing information is shared with our payment gateway provider solely for the purpose of processing transactions.
  • Cloud infrastructure: We use third-party cloud hosting providers. Data is stored on servers located in India wherever feasible. Where data is transferred outside India, adequate contractual safeguards are in place.
  • Legal obligations: We may disclose data if required by a court order, government authority, or applicable law, or to protect the rights and safety of WayScend, our customers, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.

All third-party service providers are bound by confidentiality obligations and are only permitted to process your data for the specific purpose for which it was shared.

5. Legal Basis for Processing

We process personal data under the following legal bases as recognised by the DPDP Act, 2023:

  • Consent: For account registration, marketing communications, and cookie-based tracking.
  • Contractual necessity: To deliver the services you have subscribed to under our Terms of Service.
  • Legal obligation: Where processing is required to comply with applicable law or regulatory requirements.
  • Legitimate interests: For security monitoring, fraud prevention, and platform improvement, where these do not override your fundamental rights.

6. Data Retention

We retain your data only for as long as necessary for the purposes described in this Policy:

  • Account data: Retained for the duration of your subscription and for 30 days following account closure, after which it is permanently deleted.
  • Contact and lead data: Retained while your account is active. Upon account closure, deleted within 30 days (see Section 6.3 of the Terms of Service).
  • WhatsApp message data: Conversation history and message logs are retained while your account is active and for 30 days after closure, then permanently deleted unless legal obligations require longer retention.
  • Billing records: Retained for 7 years to comply with Indian tax and accounting regulations.
  • Usage and technical logs: Retained for 12 months for security and diagnostic purposes.

7. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable law, you have the following rights regarding your personal data:

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to correction: You may request that inaccurate or incomplete data be corrected.
  • Right to erasure: You may request deletion of your personal data. We will fulfil such requests within 30 days except where retention is required by law.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Right to grievance redressal: You have the right to raise a complaint with us, which we will acknowledge within 72 hours and resolve within 30 days.

Account Deletion

To request permanent deletion of your WayScend account and all associated data, please send an email to support@wayscend.com with the subject line "Account Deletion Request" and include your registered business name and account email address. We will process your request within 30 days and send a confirmation once deletion is complete. Note that billing records required by law will be retained for the period specified in Section 6 above.

To exercise any of the rights listed in this section, please contact us at support@wayscend.com.

8. Cookies and Tracking

We use cookies and similar technologies on our website for the following purposes:

  • Essential cookies: Required for the Platform to function correctly (session management, authentication). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with our website so we can improve it. We use anonymised aggregates only.
  • Preference cookies: Remember your settings and preferences across sessions.

You can control non-essential cookies through your browser settings. Disabling cookies may limit some functionality of the Platform.

9. Security

We implement industry-standard technical and organisational measures to protect your data, including:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Encryption of sensitive data at rest.
  • Role-based access controls limiting data access to authorised personnel only.
  • Regular security assessments and vulnerability monitoring.
  • Incident response procedures to detect, contain, and notify in the event of a data breach.

In the event of a data breach that is likely to result in a high risk to your rights, we will notify you and the relevant authorities as required by applicable law.

10. Children's Privacy

The Platform is intended exclusively for business use by adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data from a minor has been submitted, we will delete it promptly.

11. Third-Party Links

Our website and Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party services you access through links on our Platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. Material changes will be communicated via email to your registered address at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent version. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and rules made thereunder, the name and contact details of the Grievance Officer are:

  • Name: WayScend Support Team
  • Email: support@wayscend.com
  • Response time: Grievances will be acknowledged within 72 hours and resolved within 30 days of receipt.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: