Back to Home

Privacy Policy

Last Updated: March 10, 2026 | Effective Date: March 10, 2026

Introduction

App-ening ("we," "our," or "us"), operated by app-ening.com, provides a web and mobile application platform for managing WhatsApp Business conversations, customer relationships, and messaging automation. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the App-ening platform, including our web application at app.app-ening.com and the App-ening Business mobile application (collectively, the "Platform").

By using the Platform, you agree to the collection and use of information in accordance with this policy.

Registered Address: A3/245, Manna Farm, Padappai, Tamil Nadu, India 601301

Information We Collect

1. Account Information

When you create an account or log in, we collect:

  • Email address
  • Password (encrypted using industry-standard hashing)
  • Account name and organization details
  • User role and permissions
  • Google account information (if you use Google Sign-In)

2. Contact Information

The Platform accesses and stores:

  • WhatsApp contact phone numbers (encrypted at rest)
  • Contact names and display names
  • Custom fields and tags you add to contacts
  • Contact notes and conversation history
  • CRM pipeline stage assignments

3. Conversation Data

To provide inbox functionality, we collect:

  • WhatsApp messages (text, images, documents, videos)
  • Message timestamps and status (sent, delivered, read)
  • Conversation metadata (tags, assignments, status)
  • Message templates and quick replies

4. Calendar and Appointment Data

When you use appointment and calendar features:

  • Appointment booking details (date, time, service, customer info)
  • Follow-up reminder dates and times
  • Google Calendar events (if you connect Google Calendar -- see Google API Services section)

5. Google API Data

When you connect Google integrations, we access:

  • Google Sheets: Spreadsheet data for contact import/export and data sync
  • Google Calendar: Calendar events for appointment synchronization
  • Google Forms: Form responses for lead capture and contact creation
  • Google Account Info: Email address and profile name (for identifying which Google account is connected)

See the dedicated "Google API Services" section below for full details.

6. Payment Information

When you subscribe to paid plans:

  • Payment method details are processed by Razorpay (our payment processor)
  • We store subscription status, plan type, and billing history
  • We do NOT store credit card numbers or bank account details directly

7. Device Information

We collect:

  • Device model and operating system version
  • Unique device identifiers (for push notifications)
  • App version and installation ID
  • Device language and timezone

8. Usage Data

We automatically collect:

  • App interaction data (screens viewed, features used) via PostHog analytics
  • Performance data (crash reports, load times) via Sentry error tracking
  • Network connectivity status

9. Location Data

We do NOT collect or track your precise location. Timezone is inferred from device settings for reminder scheduling only.

How We Use Your Information

Platform Functionality

  • Authenticating your account and managing sessions
  • Displaying WhatsApp conversations in real-time
  • Syncing messages across devices
  • Sending push notifications for new messages
  • Managing CRM pipeline and contact stages
  • Scheduling and delivering follow-up reminders
  • Storing and retrieving message templates
  • Synchronizing appointments with Google Calendar
  • Importing/exporting contacts via Google Sheets
  • Capturing leads from Google Forms

Service Improvement

  • Analyzing app usage to improve features (via PostHog)
  • Identifying and fixing bugs and crashes (via Sentry)
  • Optimizing performance and load times

Communication

  • Sending important service updates
  • Responding to support requests
  • Notifying you of account or security issues
  • In-app notifications for template approvals, campaign status, billing alerts

Google API Services -- User Data Policy Compliance

This section specifically addresses our use of Google API services, in compliance with the Google API Services User Data Policy.

Google API Disclosure: App-ening's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes We Request

Scope Purpose When Requested
userinfo.email Identify which Google account is connected Google Sheets/Calendar connect
userinfo.profile Display connected account name Google Sheets/Calendar connect
spreadsheets Read/write Google Sheets for contact sync Google Sheets connector setup
calendar Read/write Google Calendar for appointment sync Google Calendar connector setup
calendar.events Create/update/delete individual calendar events Google Calendar connector setup

How We Use Google Data

Google Sheets data is used to:

  • Import customer contacts from your spreadsheet into App-ening for WhatsApp campaigns
  • Export conversation data and contact information back to your spreadsheet for reporting
  • Bidirectional sync: changes in either direction are reflected in both systems

Google Calendar data is used to:

  • Automatically create Google Calendar events when customers book appointments through your WhatsApp chatbot
  • Update calendar events when appointments are rescheduled
  • Delete calendar events when appointments are cancelled
  • Display appointment availability based on your calendar

Google Forms data is used to:

  • Capture form responses as new contacts in App-ening
  • Trigger automated WhatsApp messages when forms are submitted

Google Data Storage and Retention

  • Google OAuth tokens (access and refresh tokens) are stored encrypted in our database
  • Google Sheets/Calendar data is accessed in real-time and not bulk-stored; we cache only what's necessary for sync operations
  • When you disconnect a Google integration, we revoke the OAuth token and delete stored credentials within a reasonable period

Google Data Sharing

We do NOT share your Google data with any third parties.

We do NOT use your Google data for advertising.

We do NOT use your Google data for training AI/ML models.

Google data is only used to provide the specific integration features you connected.

Revoking Google Access

You can revoke App-ening's access to your Google account at any time:

  1. In App-ening: Connectors → Google Sheets/Calendar → Disconnect
  2. In Google: https://myaccount.google.com/permissions → Remove App-ening

Data Storage and Security

Storage Location

Your data is stored on:

  • Secure AWS cloud servers (US East region)
  • Your device's local storage (cached data, preferences)
  • Firebase Cloud Messaging servers (push notification tokens only)

Security Measures

We implement commercially reasonable security measures to protect your data, which may include encryption, hashing, access controls, monitoring, and other protective mechanisms. HOWEVER, NO METHOD OF TRANSMISSION OVER THE INTERNET OR ELECTRONIC STORAGE IS 100% SECURE. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR DATA. You acknowledge and accept the inherent risks of providing information online and agree that we shall not be liable for any unauthorized access, data breach, or security incident, except to the extent caused by our gross negligence. You are solely responsible for maintaining the security of your account credentials and devices.

Data Retention

We retain data for as long as reasonably necessary to provide the Platform and fulfill the purposes described in this policy, or as required by law. Approximate retention practices (which may change at any time without notice):

  • Active conversations: Retained while account is active
  • Deleted messages: Removed from active systems within a reasonable period
  • Closed accounts: Data deleted within a reasonable period following account closure
  • Backups: Retained for disaster recovery purposes and purged as part of routine backup rotation
  • Google OAuth tokens: Revoked and deleted promptly upon disconnect

Consent Records and Audit Data

To meet our obligations under the Digital Personal Data Protection Act, 2023 (DPDPA), the General Data Protection Regulation (GDPR), and the Telecom Regulatory Authority of India (TRAI) rules, we maintain dedicated consent records with the following retention practices:

Consent type What we keep Retention
WhatsApp messaging consent
(opt-in / opt-out per contact)		 Current consent status and the time of each suppressed send (when a customer has opted out we record that we blocked the message, not the message itself) For the life of the contact record. Deleted when the contact is hard-deleted by the tenant or when the account is closed.
Voice cloning consent
(biometric — speaker's voice)		 The recorded audio of the speaker reading the consent statement; a cryptographic hash of the exact consent text shown; the timestamp, IP address, and browser user-agent at the moment consent was captured; and the version of the consent text in force at that moment. 7 years from the date consent was captured, in line with the DPDPA standard for sensitive personal data. Retained even after the voice clone itself is archived.
BYON (Bring Your Own Number) terms Timestamp, app version, and the version of the BYON terms accepted by the tenant. Permanent. Versioned — when terms change we ask the tenant to re-accept and a new record is added.
Audit and lead-capture consent
(public forms on our marketing site)		 The consent checkbox state, the email address provided, and the marketing attribution at submission. Until the lead record is deleted on request or as part of a periodic clean-up of stale leads.

You may at any time exercise your right under the DPDPA (Section 11) and the GDPR (Articles 15 and 17) to request a copy of your consent history or to withdraw consent. Send a request to contact@app-ening.com with the email address associated with your account and we will respond within statutory timelines.

We make no guarantees regarding specific deletion timelines for backup and cache systems and shall not be liable for data retained in backup systems, cached data, or data held by third-party services.

Data Sharing and Disclosure

Third-Party Services

We share limited data with the following service providers, solely to operate the Platform:

Service Data Shared Purpose
WhatsApp Business API (via Gupshup) Messages, phone numbers Message delivery
Google Sheets API Contact data you choose to sync Spreadsheet sync
Google Calendar API Appointment details Calendar sync
Google Forms API Form response data Lead capture
Firebase (Google) Device tokens Push notifications
AWS All app data Cloud hosting & storage
Razorpay Payment transactions Payment processing
Sentry Error/crash data (no PII) Error tracking
PostHog Usage analytics (anonymized) Product analytics

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations (court orders, subpoenas)
  • Protect our rights and property
  • Prevent fraud or security threats
  • Protect user safety in emergencies

Your Rights and Choices

Access Your Data

You can access all your data through:

  • The Platform's settings and profile screens
  • Exporting conversations and contacts
  • Contacting support for a full data export

Delete Your Data

You can:

  • Delete individual messages, contacts, or conversations in the Platform
  • Request account deletion via Settings > Account > Delete Account
  • Contact support@app-ening.com to request full data deletion

Opt-Out of Notifications

You can control notifications via:

  • Platform Settings > Notifications
  • Device system settings
  • Unregistering device tokens

Opt-Out of Analytics

Usage analytics can be disabled in Platform Settings > Privacy > Analytics (if available).

Note: Core functionality data (messages, contacts) cannot be disabled without losing Platform functionality.

User Responsibility and Indemnification

Your Content and Communications

App-ening is a technology platform and tool. You, the user, are solely and exclusively responsible for:

  • All content you create, upload, send, or transmit through the Platform
  • All communications with your customers, clients, and contacts
  • Compliance with all applicable laws, regulations, and third-party terms (including WhatsApp Business Policy, GDPR, TCPA, PDPA, and any other privacy or communications laws in your jurisdiction)
  • Obtaining proper consent from your contacts before sending messages
  • The accuracy, legality, and appropriateness of all data you store on the Platform
  • Any consequences arising from your use of the Platform, including but not limited to complaints, fines, penalties, or legal actions from your customers or regulators

Indemnification

BY USING THE PLATFORM, YOU AGREE TO INDEMNIFY, DEFEND, AND HOLD HARMLESS APP-ENING.COM, ITS OWNERS, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND AFFILIATES FROM AND AGAINST ANY AND ALL CLAIMS, DAMAGES, LOSSES, LIABILITIES, COSTS, AND EXPENSES (INCLUDING REASONABLE LEGAL FEES) ARISING OUT OF OR RELATED TO:

  • Your use of the Platform
  • Your content, messages, campaigns, and communications sent through the Platform
  • Your violation of any law, regulation, or third-party right
  • Your violation of WhatsApp Business Policy or any other platform policy
  • Any dispute between you and your customers, clients, or contacts
  • Any regulatory action, fine, or penalty resulting from your use of the Platform
  • Your failure to obtain proper consent from your contacts
  • Any claim by a third party arising from your operations, content, or business practices

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

  • THE PLATFORM IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED
  • APP-ENING SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
  • APP-ENING SHALL NOT BE LIABLE FOR ANY LOSS OF PROFITS, REVENUE, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL
  • APP-ENING'S TOTAL LIABILITY SHALL NOT EXCEED THE LESSER OF: (A) THE AMOUNT YOU PAID TO APP-ENING IN THE THREE (3) MONTHS PRECEDING THE CLAIM, OR (B) INR 5,000 (FIVE THOUSAND INDIAN RUPEES)
  • APP-ENING IS NOT RESPONSIBLE FOR THE CONTENT, ACCURACY, OR LEGALITY OF MESSAGES YOU SEND TO YOUR CUSTOMERS
  • APP-ENING IS NOT RESPONSIBLE FOR ANY THIRD-PARTY SERVICE OUTAGES, INCLUDING WHATSAPP, GOOGLE, AWS, OR PAYMENT PROCESSORS
  • APP-ENING BEARS NO RESPONSIBILITY FOR ANY BUSINESS DECISIONS, COMMUNICATIONS STRATEGIES, OR OUTCOMES ARISING FROM YOUR USE OF THE PLATFORM
  • THE PLATFORM IS PROVIDED "WITH ALL FAULTS" AND YOU ASSUME ALL RISK AS TO THE QUALITY, PERFORMANCE, ACCURACY, AND EFFORT OF THE PLATFORM
  • THE FOREGOING LIMITATIONS APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE AND REGARDLESS OF WHETHER APP-ENING HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IN CASES OF GROSS NEGLIGENCE

Children's Privacy

The Platform is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we discover we have collected data from a child under the applicable age, we will delete it immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. By using the Platform, you consent to the transfer of your information to the United States and other countries where our servers are located.

We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws (including GDPR for EU users).

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@app-ening.com.

GDPR Rights (EU Users)

If you are in the European Economic Area (EEA), you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of personal data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on: (a) contractual necessity to provide the Platform, (b) your consent (for optional integrations like Google), and (c) legitimate interest (for analytics and service improvement).

To exercise these rights, contact us at privacy@app-ening.com.

India -- Digital Personal Data Protection Act (DPDPA)

If you are in India, you have the right to:

  • Access information about the personal data we process
  • Correction and erasure of your personal data
  • Grievance redressal
  • Nominate another person to exercise your rights

To exercise these rights, contact our Grievance Officer at privacy@app-ening.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the new Privacy Policy on our website
  • Updating the "Last Updated" date
  • Sending an email or in-app notification for material changes

Your continued use of the Platform after changes indicates acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us:

Summary of Key Points

What We Collect Why Where Stored
Email, password Authentication AWS (encrypted)
WhatsApp messages Inbox functionality AWS + local cache
Contacts + phone numbers CRM features AWS (PII encrypted)
Device tokens Push notifications Firebase
Appointment data Calendar sync AWS + Google Calendar
Google Sheets data Contact import/export Accessed via API (not bulk-stored)
Payment info Billing Razorpay (not stored by us)
Usage analytics Product improvement PostHog (anonymized)
Error data Bug fixing Sentry (no PII)

We do NOT:

  • Sell your data to third parties
  • Track your location
  • Use Google data for advertising or AI training
  • Access your microphone or camera without permission
  • Collect data from children under 13
  • Share data with advertisers
  • Store credit card numbers

You can:

  • Access all your data anytime
  • Delete your account and data
  • Export your conversations and contacts
  • Disconnect Google integrations at any time
  • Opt-out of notifications and analytics
  • Contact us with privacy questions

You are responsible for:

  • All content and messages you send through the Platform
  • Compliance with laws and WhatsApp policies in your jurisdiction
  • Obtaining consent from your contacts

By using App-ening, you acknowledge that you have read and understood this Privacy Policy.

app-ening.com
March 10, 2026

Document Version History

Version Date Changes
1.0 January 31, 2026 Initial version (mobile app)
2.0 March 3, 2026 Expanded to cover web + mobile platform; added Google API Services section (Sheets, Calendar, Forms); added Razorpay, Sentry, PostHog disclosures; added India DPDPA section; strengthened indemnification and liability limitation; added business address
2.1 March 10, 2026 Strengthened legal protections: replaced specific technology references with general terms for security measures; added security disclaimer (no absolute guarantee); updated data retention to use flexible timelines; lowered liability cap to lesser of 3 months' fees or INR 5,000; added "WITH ALL FAULTS" and gross negligence clauses; added backup/cache data retention disclaimer; consolidated duplicate policy files into single canonical version