Privacy Policy for [Inaiwazhi]

Effective Date: [25/06/2025]

Last Updated: [01/10/2025]

1. Introduction

At [Your App Name] (“we,” “our,” “us”), we value your trust and are committed to protecting the privacy of our users (“you,” “your”). This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform, which provides AI-powered WhatsApp automation, SMS, and Email communication services for businesses.

By using our services, you agree to the practices described in this Privacy Policy and to comply with Meta’s WhatsApp Business Policies and all applicable data protection laws (such as GDPR, CCPA, and other regional regulations).

2. Information We Collect

When you use our platform, we may collect the following types of data:

a. User Information

  • Name, business details, and account credentials.
  • Contact information (e.g., email, phone number).
  • Billing and payment information.

    • b. Customer/End-User Data

  • Contact lists uploaded by you (limited to users who have opted in to receive communication).
  • Message templates, campaign content, and metadata.
  • Campaign interaction data (delivery status, open rates, response logs).

    • c. Technical Data

  • Device and browser information.
  • IP address, login activity, and usage logs.
  • Cookies and tracking data (where applicable).

    • We do not sell or rent personal data under any circumstances.

    3. How We Use Information

    We use the collected information to:

  • Provide, manage, and improve our WhatsApp, SMS, and Email automation services.
  • Facilitate template submissions and approvals with Meta.
  • Deliver communications via WhatsApp Business API, SMS providers, and email systems.
  • Monitor compliance with WhatsApp Business Policies.
  • Enhance campaign performance using AI-driven insights.
  • Communicate with you regarding account management, billing, and updates.
  • Ensure security, fraud prevention, and compliance with legal obligations.

    • 4. Data Sharing & Disclosure

    We may share data under the following circumstances:

  • With Meta (WhatsApp Business API): To submit and deliver approved templates/messages.
  • With Third-Party Providers: For SMS, email delivery, hosting, analytics, or payment processing — only as necessary to provide services.
  • For Compliance: To comply with legal obligations, enforce policies, or respond to lawful requests.
  • Business Transfers: If we merge, acquire, or transfer assets, user data may be part of the transaction (with prior notice where required).

    • We do not share data for marketing purposes with third parties.

    5. Data Security

    We implement strict administrative, technical, and physical safeguards to protect your data, including:

  • Encryption of data in transit and at rest.
  • Secure storage of contact lists, templates, and campaign history.
  • Access controls and regular audits.
  • Monitoring for unauthorized access or suspicious activities.

    • 6. User Responsibilities

    As a user, you are responsible for:

  • Uploading only contacts who have given explicit consent to receive messages.
  • Ensuring all templates and campaigns comply with Meta’s WhatsApp Business Policies and applicable laws.
  • Keeping your account credentials secure.
  • Ceasing communications immediately if notified of a policy violation.

    • 7. Data Retention

  • Contact lists, campaign data, and logs are retained as long as your account remains active.
  • You may request deletion of your data at any time by contacting [support email].
  • We may retain certain data as required by law, regulatory compliance, or dispute resolution.

    • 8. International Data Transfers

    If you access our services from outside [Your Country], your data may be transferred and stored on servers located in other jurisdictions. We ensure such transfers comply with applicable laws (e.g., GDPR Standard Contractual Clauses).

    9. Your Rights

    Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • File a complaint with a data protection authority.

    • Requests can be made by contacting [support email].

    10. Cookies & Tracking

    We may use cookies and tracking tools to improve platform performance, personalize user experience, and analyze traffic. You may manage or disable cookies through your browser settings.

    11. Policy Updates

    We may update this Privacy Policy periodically to reflect legal, regulatory, or operational changes. Updates will be posted on this page, and significant changes will be communicated via email or in-app notifications. Continued use of our platform after updates constitutes acceptance of the revised Privacy Policy.

    12. Contact Us

    If you have questions about this Privacy Policy or how your data is handled, please contact us at:

    [SoftClinch Consulting Services Pvt. Ltd.]

    Email: [✉️ info@softclinch.com]

    Address: [📍 New No.30, 2nd Floor, 53rd Street, Ashok Nagar, Chennai, India – 600083.]

    Data Processing Addendum (DPA)

    Effective Date: [25/06/2025]

    Last Updated: [01/10/2025]

    This Data Processing Addendum (“DPA”) forms part of the [Your App Name] Terms of Service or any other agreement entered into between [Your Company Name] (“Processor”) and the Customer (“Controller”) (together, the “Parties”).

    This DPA ensures compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and other global privacy frameworks.

    1. Definitions

  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: The entity that processes personal data on behalf of the Controller.
  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • Sub-processor: Any third party engaged by the Processor to process Personal Data.

    • 2. Roles of the Parties

  • The Controller is responsible for ensuring it has a lawful basis for processing Personal Data.
  • The Processor shall process Personal Data only on documented instructions from the Controller and solely for the purpose of delivering WhatsApp, SMS, Email, and AI communication services.

    • 3. Categories of Data Processed

    The Processor may process the following types of Personal Data:

  • End-customer contact information (e.g., phone numbers, email addresses).
  • Campaign content, message templates, and delivery metadata.
  • Engagement data (delivery status, responses, opt-outs).
  • Controller’s account information (business contact details, billing data).

    • 4. Sub-processing

  • The Controller authorizes the Processor to engage Sub-processors necessary to provide the services, including:

    • o Meta (WhatsApp Business API)

    o SMS gateway providers

    o Email delivery providers

    o Cloud hosting and storage providers

    o Payment processors

  • The Processor shall maintain an up-to-date list of Sub-processors and notify the Controller of any changes.
  • Sub-processors will be bound by data protection obligations equivalent to those in this DPA.

    • 5. Data Security

    The Processor shall implement appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption in transit and at rest.
  • Access controls and authentication measures.
  • Regular security audits and vulnerability assessments.
  • Incident response procedures.

    • 6. International Transfers

  • If Personal Data is transferred outside the European Economic Area (EEA), the Processor will ensure compliance with GDPR by implementing safeguards such as Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

    • 7. Data Subject Rights

  • The Processor will assist the Controller in responding to data subject requests (access, correction, deletion, restriction, portability, objection) where applicable.
  • Requests received directly by the Processor from data subjects will be forwarded to the Controller without undue delay.

    • 8. Data Breach Notification

  • The Processor shall notify the Controller without undue delay after becoming aware of any Personal Data Breach.
  • Such notification will include information reasonably necessary to assist the Controller in complying with legal obligations.

    • 9. Data Retention & Deletion

  • The Processor shall retain Personal Data only for as long as necessary to provide services.
  • Upon termination of services, Personal Data will be deleted or returned to the Controller, unless retention is required by law.

    • 10. Audits & Compliance

  • The Processor shall make available information necessary to demonstrate compliance with this DPA.
  • The Controller may request audits, subject to reasonable notice and confidentiality obligations.

    • 11. Liability & Indemnity

  • Each Party shall be liable for the damages it causes through its own breach of this DPA or applicable data protection laws.
  • The Processor’s liability is limited to obligations under this DPA and the main service agreement.

    • 12. Governing Law & Jurisdiction

    This DPA shall be governed by and construed in accordance with the laws of [Insert Jurisdiction]. Disputes shall be subject to the exclusive jurisdiction of the courts of [Insert Location].

    13. Miscellaneous

  • This DPA prevails over conflicting terms in the main service agreement.
  • If any provision of this DPA is held invalid, the remaining provisions remain in full force.

    • Signed on behalf of the Controller:

    Name: D. Meganathan

    Title: Head Digital Marketing Strategy

    Date: 01/10/2025

    Signed on behalf of the Processor ([INAIWAZHI]):

    Name: V.N. Muthukrishnan

    Title: Head IT & Operations

    Date: 01/10/2025