Privacy Policy
We built WAOps for small businesses in Kenya. We collect only what we need to run the service, we don't sell your data, and we don't share it with anyone except the services required to operate the platform.
1. Who we are
WAOps is a WhatsApp automation platform operated by Dunn C Automations, based in Kenya. We help restaurants, retail shops, salons, and other small businesses automate their WhatsApp customer service.
If you have questions about this policy, contact us at dunnchumo@gmail.com.
2. What data we collect
From business clients (you, the WAOps subscriber):
- Email address and password (hashed — we cannot read it)
- Your WhatsApp Business phone number and API credentials
- Business name, type, and settings you configure in the dashboard
- Billing information processed via M-Pesa or Stripe (we don't store card numbers)
From your customers (people who WhatsApp your business):
- WhatsApp phone number
- Message content of conversations with your bot
- Name, if shared in their WhatsApp profile
- Timestamp and message metadata
Automatically collected:
- Server logs including IP addresses and request timestamps
- Usage data such as message counts and feature activity
3. How we use your data
- To operate the WAOps platform and deliver the service you subscribed to
- To send automated WhatsApp replies on behalf of your business
- To generate your leads list, inbox, and analytics dashboard
- To send you transactional emails (password resets, billing receipts)
- To monitor and improve platform performance and security
- To comply with our obligations under Kenyan law
We do not use your data or your customers' data for advertising. We do not train AI models on your conversation data.
4. AI features
If you enable AI replies, messages from your customers are sent to our AI provider (Anthropic) to generate responses. This is done in real time and subject to Anthropic's privacy policy. We do not store conversations with Anthropic beyond what appears in your WAOps inbox.
5. WhatsApp and Meta
WAOps uses the WhatsApp Cloud API provided by Meta. By using WAOps, your business communications are subject to WhatsApp's Privacy Policy and Meta's Privacy Policy in addition to this policy.
Your customers' WhatsApp data is processed by Meta before it reaches WAOps. We receive only the message content and metadata that Meta's API provides.
6. Data sharing
We share data only with the following third parties, and only to operate the service:
- MongoDB Atlas — database hosting (data stored in the EU/US)
- Railway — application hosting
- Resend — transactional email delivery
- Anthropic — AI reply generation (only when AI is enabled)
- Meta / WhatsApp — message delivery infrastructure
- Safaricom / Stripe — payment processing
We do not sell, rent, or trade your data with any other party.
7. Data retention
We retain your account data for as long as your subscription is active. If you cancel your account, we delete your data within 30 days upon request.
Conversation and lead data is retained for the duration of your subscription to power your dashboard history. You can export or request deletion at any time by contacting us.
Server logs are retained for up to 90 days for security and debugging purposes.
8. Security
We take reasonable technical measures to protect your data, including:
- Passwords are hashed using bcrypt — we cannot read them
- All data in transit is encrypted via HTTPS/TLS
- API access requires JWT authentication on every request
- Access tokens for WhatsApp are stored encrypted in the database
No system is perfectly secure. If you discover a security issue, please contact us immediately at dunnchumo@gmail.com.
9. Your rights
As a WAOps subscriber, you have the right to:
- Access the data we hold about you and your account
- Correct inaccurate information
- Request deletion of your account and associated data
- Export your leads and conversation data via the dashboard CSV export
- Withdraw consent to AI processing by disabling AI replies in settings
To exercise any of these rights, email us at dunnchumo@gmail.com.
10. Cookies
WAOps does not use tracking cookies or advertising cookies. We use browser localStorage to store your login session token — this is essential for the app to work and is not used for tracking.
11. Children
WAOps is a business tool intended for adults operating businesses. We do not knowingly collect data from anyone under 18 years of age.
12. Changes to this policy
We may update this policy as the platform evolves. If we make significant changes, we will notify active subscribers by email. The effective date at the top of this page will always reflect the most recent version.
13. Contact
Questions, concerns, or requests relating to this privacy policy:
WAOps
Nairobi, Kenya
info@waops.xyz
waops.xyz