Back to WaAutoflow
Legal

Privacy Policy

WaAutoflow WhatsApp Automation is committed to protecting your privacy, customer data, and business information.

Last Updated: January 2026·Effective: January 2026

Table of Contents

1. Information We Collect2. How We Use Information3. Data Sharing & Disclosure4. Shopify Data Practices & API Compliance5. WhatsApp & Meta Platform Compliance6. Data Retention7. Data Security8. Security Breach Notification9. Merchant Responsibilities10. GDPR & EEA Privacy Rights11. CCPA - California Consumer Privacy Rights12. India - Digital Personal Data Protection (DPDP) Act13. Cookies & Tracking Technologies14. Third-Party Services15. Children's Privacy16. International Data Transfers17. Changes to This Privacy Policy18. Contact Information

Welcome to WaAutoflow WhatsApp Automation (“WaAutoflow”, “we”, “our”, or “us”). This Privacy Policy describes how we collect, use, process, and protect information when merchants use our Shopify application and related services.

WaAutoflow is designed to help Shopify merchants automate WhatsApp communications - including order notifications, abandoned checkout reminders, fulfillment updates, and customer engagement messages.

By installing or using the app, you agree to the practices described in this Privacy Policy.

1. Information We Collect

A. Shopify Store Information

When you install WaAutoflow on your Shopify store, we access certain Shopify data through Shopify-approved APIs, limited strictly to what is required for app functionality:

  • Store name and store URL
  • Store owner name and contact information
  • Order information (order ID, items, amounts, status)
  • Customer information (name, phone number, order details)
  • Fulfillment and shipping status data
  • Abandoned checkout information
  • App configuration and automation settings

Important: We only access the minimum information necessary to provide app functionality, in strict accordance with Shopify API Terms and Partner Program requirements.

B. WhatsApp Connection Data

WaAutoflow enables merchants to connect their WhatsApp account using WhatsApp linked-device functionality via QR code authentication. This connection is used solely for merchant-configured automation features including:

  • Order confirmation messages
  • Abandoned checkout recovery messages
  • Shipping and fulfillment notifications
  • Order cancellation updates
  • Custom automation workflows configured by the merchant

WaAutoflow does NOT:

  • Read, access, or store personal WhatsApp conversations
  • Access private media files or personal contact lists
  • Monitor WhatsApp activity unrelated to configured automations
  • Sell, share, or disclose WhatsApp message content to third parties
  • Use WhatsApp data for advertising or profiling purposes

C. Technical & Usage Data

We may automatically collect limited technical information to maintain service stability and security:

  • Device and browser type
  • IP address (for security and fraud prevention)
  • Log data and error reports
  • App performance metrics
  • Aggregated usage analytics

D. Payment Information

WaAutoflow does not directly collect or store payment card information. Subscription billing is handled exclusively through Shopify's billing system. We receive only billing status confirmations necessary for service provisioning.

2. How We Use Information

We use collected information solely to:

  • Provide and operate WhatsApp automation services
  • Send merchant-configured customer notifications via WhatsApp
  • Improve app functionality, reliability, and user experience
  • Troubleshoot technical issues and provide customer support
  • Prevent fraud, abuse, or unauthorized access
  • Comply with applicable legal obligations
  • Fulfil Shopify Partner Program requirements
  • Analyse aggregated usage trends to improve our services

We do not use merchant or customer data for advertising, retargeting, or profiling purposes.

3. Data Sharing & Disclosure

We do not sell, rent, or trade merchant or customer information to third parties. Information may only be shared in the following limited circumstances:

  • With trusted infrastructure and cloud service providers strictly required for app operation (subject to confidentiality obligations)
  • When required by applicable law, court order, or legal process
  • To protect the rights, property, or safety of WaAutoflow, our merchants, or the public
  • During a merger, acquisition, or business transfer - with advance notice to merchants
  • With Shopify, as required by the Shopify Partner Program and API Terms of Service

Any third-party service providers are contractually required to handle data only as directed and in compliance with applicable privacy laws.

4. Shopify Data Practices & API Compliance

WaAutoflow complies fully with Shopify's Partner Program Policies and API Terms of Service:

  • We only request Shopify API scopes strictly necessary for app functionality
  • We do not use Shopify customer or merchant data for any purpose beyond operating the app
  • We do not share Shopify API data with third parties except as required to operate the service
  • We honour all data deletion requests received through Shopify's mandatory webhook events: customers/redact, shop/redact, and customers/data_request
  • Merchant and customer data is processed in accordance with Shopify's Data Processing Addendum (DPA)
  • We maintain records of all Shopify data access in compliance with audit requirements

5. WhatsApp & Meta Platform Compliance

WaAutoflow's use of WhatsApp functionality complies with Meta's Platform Terms and WhatsApp Business Policies:

  • Messaging is limited to merchant-configured business communications only
  • WaAutoflow does not engage in bulk unsolicited messaging (spam)
  • Merchants are responsible for ensuring customer consent before sending WhatsApp messages
  • All automation flows must comply with WhatsApp's Acceptable Use Policy
  • WaAutoflow does not facilitate messaging that violates Meta's Community Standards
  • Session data and linked-device tokens are stored securely and not shared with third parties

6. Data Retention

We retain data only for as long as necessary to provide services, maintain operational records, comply with legal obligations, and resolve disputes.

Upon App Uninstallation

  • Access tokens and connected WhatsApp sessions are immediately revoked
  • Automation services stop immediately
  • Merchant and customer data is deleted or anonymised within 30 days
  • Shopify redact webhook requests are honoured within 30 days of receipt

Retention Periods

  • Active merchant data: Retained for the duration of app installation
  • Transaction/order logs: Up to 12 months for operational and legal purposes
  • Security and access logs: Up to 90 days
  • Anonymised analytics: May be retained indefinitely in aggregated form

7. Data Security

We implement commercially reasonable technical and organisational safeguards to protect your data:

  • Encrypted HTTPS/TLS transmission for all data in transit
  • Secure cloud infrastructure with restricted access controls
  • Authentication and authorisation controls for all data access
  • Regular security reviews and vulnerability assessments
  • Monitoring for unauthorised access and suspicious activity
  • Employee access limited to the minimum necessary for job functions

While we implement strong security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Security Breach Notification

In the event of a data breach that poses a risk to merchant or customer rights and freedoms, WaAutoflow will:

  • Notify affected merchants without undue delay and within 72 hours of becoming aware
  • Provide information about the nature of the breach and data affected
  • Describe the likely consequences of the breach
  • Outline measures taken or proposed to address and mitigate the breach
  • Report to relevant supervisory authorities as required by applicable law (e.g., GDPR Article 33)

9. Merchant Responsibilities

Merchants using WaAutoflow are responsible for ensuring their use of the app complies with applicable laws and platform policies:

  • Obtaining valid customer consent before sending WhatsApp messages where legally required
  • Complying with local, national, and international privacy and marketing regulations (GDPR, CCPA, PDPA, etc.)
  • Ensuring all messages comply with WhatsApp's Acceptable Use Policy and Shopify's policies
  • Maintaining the confidentiality of account credentials
  • Promptly notifying WaAutoflow of any suspected unauthorised account access
  • Providing customers with clear information about WhatsApp communications
  • Honouring customer opt-out or unsubscribe requests promptly

10. GDPR & EEA Privacy Rights

For users in the European Economic Area (EEA), United Kingdom, or jurisdictions with equivalent protections, WaAutoflow acts as a data processor on behalf of merchants (who are data controllers). You may have the following rights:

  • Right of access - request a copy of personal data we hold
  • Right to rectification - request correction of inaccurate data
  • Right to erasure - request deletion of your personal data
  • Right to restrict processing - request that we limit how we use your data
  • Right to object to processing
  • Right to data portability - receive your data in a structured, machine-readable format
  • Right to withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at hello.waflows@gmail.com. We will respond within 30 days.

11. CCPA - California Consumer Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information (subject to certain exceptions)
  • Right to opt out of the sale of personal information - WaAutoflow does not sell personal information
  • Right to non-discrimination for exercising CCPA rights

To submit a CCPA request, contact us at hello.waflows@gmail.com with subject line 'CCPA Privacy Request'.

12. India - Digital Personal Data Protection (DPDP) Act

For users in India, WaAutoflow processes personal data in accordance with the Digital Personal Data Protection Act, 2023:

  • We process personal data only for lawful purposes and with appropriate consent where required
  • Data principals (individuals) may request access, correction, or erasure of their personal data
  • We maintain security safeguards appropriate to the sensitivity of data processed
  • We notify relevant authorities and affected individuals of data breaches as required by applicable rules

13. Cookies & Tracking Technologies

WaAutoflow's Shopify app itself does not use cookies for tracking. Our marketing website (waautomate.net) may use:

  • Essential cookies required for website functionality
  • Analytics cookies to understand website usage (anonymised)
  • No third-party advertising or retargeting cookies

You may disable cookies through your browser settings. Disabling essential cookies may affect website functionality.

14. Third-Party Services

WaAutoflow may use third-party services to operate and improve our platform. These providers are bound by confidentiality obligations and are not permitted to use data for their own purposes:

  • Cloud hosting and infrastructure providers
  • Error monitoring and logging services
  • Customer support tools
  • Payment processing (handled by Shopify - not directly by WaAutoflow)

We do not integrate advertising networks, data brokers, or analytics platforms that share data with third parties for marketing purposes.

15. Children's Privacy

WaAutoflow is designed for business use by adults (18+) and is not directed at children. We do not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected such information, please contact us immediately at hello.waflows@gmail.com and we will promptly delete it.

16. International Data Transfers

WaAutoflow may process and store data on servers located outside your country of residence. When we transfer personal data internationally, we ensure appropriate safeguards are in place, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Other legally approved transfer mechanisms

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our services, legal requirements, or industry best practices. When we make material changes, we will:

  • Update the 'Last Updated' date at the top of this policy
  • Notify merchants via in-app notification or email where appropriate
  • Provide at least 30 days' notice before material changes take effect (where feasible)

Continued use of the app after the effective date of changes constitutes acceptance of the updated policy.

18. Contact Information

For privacy-related questions, requests, or concerns, please contact us:

WaAutoflow WhatsApp Automation

Address

18 Kadamb Bungalow, Ahmedabad, GJ 380015, India

For GDPR data requests, please use subject line: GDPR Data Request

For CCPA requests: CCPA Privacy Request

Response time: within 30 days of receipt

© 2026 WaAutoflow · Developed by NCS Global · Ahmedabad, India

This policy was last updated January 2026

HomeTerms of Service