Back to Home

Privacy Policy

Last Updated: December 10, 2025

At App-ening, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp Business Platform service.

Please read this Privacy Policy carefully. By using our Service, you consent to the data practices described in this policy.

WhatsApp Business API Compliance: App-ening operates as a WhatsApp Business Solution Provider. Our platform and this Privacy Policy comply with Meta's WhatsApp Business Policy, WhatsApp Business Data Processing Terms, and all applicable data protection regulations.

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, phone number, company name, and password when you create an account
  • Billing Information: Payment method details, billing address, and transaction history (payment processing is handled by Razorpay)
  • Business Information: Company details, WhatsApp Business account information, and business verification documents
  • Contact Data: Information about your customers/contacts that you upload or input into our system
  • Message Content: WhatsApp messages, templates, and media you send through our platform
  • Support Communications: Information you provide when contacting our support team

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Features used, actions taken, timestamps, and session duration
  • Device Information: Browser type, operating system, device type, and unique device identifiers
  • Log Data: IP address, access times, pages viewed, and referring URL
  • Cookies and Tracking: See Section 6 for details on cookies

1.3 Information from Third Parties

  • WhatsApp/Meta: Message delivery status, read receipts, and conversation data via the WhatsApp Business API
  • Payment Processors: Transaction confirmation and billing information from Razorpay
  • Analytics Providers: Aggregated usage analytics

2. How We Use Your Information

We use the information we collect to:

Purpose Legal Basis
Provide and maintain our Service Contract performance
Process payments and billing Contract performance
Send transactional emails (receipts, updates) Contract performance
Provide customer support Contract performance
Improve and personalize our Service Legitimate interest
Send marketing communications (with consent) Consent
Detect and prevent fraud Legitimate interest
Comply with legal obligations Legal requirement

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share data with third-party vendors who assist in providing our Service:

  • WhatsApp/Meta: To send and receive messages via the WhatsApp Business API
  • Razorpay: To process payments
  • Cloud Hosting (AWS): To host and store data
  • Analytics Services: To understand usage patterns

3.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests from public authorities.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

3.4 With Your Consent

We may share information for other purposes with your explicit consent.

4. WhatsApp Business API Compliance

As a WhatsApp Business Solution Provider, we adhere to Meta's policies and requirements:

4.1 Opt-In Consent Requirements

Before sending WhatsApp messages to end users through our platform, businesses using App-ening must:

  • Obtain explicit opt-in consent from recipients confirming they want to receive messages
  • Clearly communicate the types of messages users will receive (e.g., order updates, promotional offers, support)
  • Provide clear opt-in mechanisms that comply with applicable local laws and regulations
  • Maintain records of consent for compliance purposes

Users must have actively shared their phone number with the business and confirmed they wish to receive messages via WhatsApp.

4.2 Opt-Out and Unsubscribe

We support and enforce user opt-out rights:

  • Users can opt out of receiving messages at any time by replying "STOP" or through the App-ening platform
  • Opt-out requests are processed immediately
  • Once opted out, users are removed from messaging lists and will not receive further business-initiated messages
  • Businesses using our platform must honor all opt-out requests without exception

4.3 WhatsApp Data Usage Restrictions

In compliance with Meta's policies, we enforce the following restrictions:

  • Purpose Limitation: Information obtained through WhatsApp conversations may only be used for the purpose of providing messaging support to that specific user
  • No Cross-Customer Sharing: Information from one customer's WhatsApp conversation is never shared with other customers
  • No Data Selling: We do not sell WhatsApp conversation data or user information to third parties

4.4 Prohibited Data Collection via WhatsApp

The following sensitive information must never be requested or collected through WhatsApp messages:

  • Full payment card numbers (credit/debit card numbers)
  • Financial account numbers (bank account, routing numbers)
  • Personal identification card numbers (national ID, passport numbers, Social Security numbers)
  • Passwords or security credentials

4.5 Message Template Compliance

Business-initiated conversations through our platform:

  • May only be initiated using Meta-approved message templates
  • Must comply with WhatsApp's designated template categories and purposes
  • Are subject to Meta's template review and approval process
  • Must not contain misleading, deceptive, or prohibited content

4.6 Meta Data Relationship

Important clarifications about data sharing with Meta:

  • WhatsApp message and call content is end-to-end encrypted and not shared with Meta for advertising purposes
  • Meta receives limited metadata necessary for platform operation (delivery status, timestamps)
  • Businesses may choose to use Meta's secure hosting services for the WhatsApp Business Platform
  • For full details, see WhatsApp Business Privacy Protections

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Specific retention periods:

  • Account Data: Until account deletion + 30 days
  • Message Content: 90 days (or as required by WhatsApp policies)
  • Billing Records: 7 years (legal requirement)
  • Usage Logs: 12 months

6. Data Security

We implement appropriate technical and organizational security measures:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control and multi-factor authentication
  • Infrastructure: Hosted on AWS with enterprise-grade security
  • Regular Audits: Security assessments and vulnerability testing
  • Employee Training: Security awareness training for all staff

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Cookies and Tracking

7.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.

8. Your Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

You can request a copy of your personal data in a machine-readable format.

8.2 Correction

You can request correction of inaccurate personal data.

8.3 Deletion

You can request deletion of your personal data, subject to legal retention requirements.

8.4 Objection and Restriction

You can object to processing based on legitimate interests or request restriction of processing.

8.5 Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

8.6 Exercising Your Rights

To exercise these rights, contact us at privacy@app-ening.com. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with service providers
  • Data processing agreements with all vendors
  • Compliance with applicable data protection laws

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

11. GDPR Compliance (EU Users)

For users in the European Economic Area (EEA):

  • We process data based on the legal bases outlined in Section 2
  • You have all rights under GDPR as described in Section 8
  • You have the right to lodge a complaint with your local data protection authority

12. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of sale (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

14. Contact Us

For questions about this Privacy Policy or our data practices: