Privacy Policy

1. Introduction

Cybersync Technologies Pvt. Ltd. ("Cybersync", "we", "us", or "our") operates the Wapto platform ("Service", "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect information about our Partners (white-label resellers) and their end-users.

We are committed to protecting your privacy and ensuring transparency in how we handle data. This policy complies with applicable data protection laws including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023.

2. Information We Collect

2.1 Partner Information

When you sign up as a Partner, we collect:

• Account Information: Name, email address, phone number, company name
• Business Information: GST number, business address, authorized signatory details
• Payment Information: Bank account details, payment gateway information
• Branding Assets: Logo, domain name, brand colors, customization preferences
• Communication Data: Support tickets, emails, chat messages, call recordings

2.2 End-User Information

Information about Partner's end-users that flows through the Platform:

• Contact Information: Phone numbers, names, email addresses
• Message Data: WhatsApp messages, media files, conversation history
• Usage Data: Interaction patterns, message timestamps, delivery status
• Device Information: IP addresses, browser type, device identifiers

2.3 Automatically Collected Information

• Technical Data: IP address, browser type, operating system, device information
• Usage Analytics: Pages visited, time spent, feature usage, click patterns
• Performance Data: API calls, response times, error logs, system performance
• Cookies: Session cookies, preference cookies, analytics cookies

3. How We Use Information

3.1 Service Provision

• Deploy and maintain your white-labeled platform
• Process messages through WhatsApp Business API
• Provide hosting and infrastructure services
• Enable platform features (chatbots, automation, analytics)
• Process payments

3.2 Platform Improvement

• Analyze usage patterns to improve features
• Conduct research and development
• Optimize platform performance and reliability
• Develop new features and services

3.3 Communication

• Send important service updates and notifications
• Provide technical support and customer service
• Send billing invoices and payment reminders
• Share product updates and new features
• Respond to inquiries and requests

3.4 Legal and Security

• Comply with legal obligations and regulations
• Prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Protect rights, property, and safety
• Respond to legal requests and court orders

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers who assist us in operating the Platform:

• WhatsApp/Meta: For WhatsApp Business API functionality
• Cloud Hosting: AWS, Google Cloud, or similar providers for infrastructure
• Payment Processors: Razorpay, Stripe, or other payment gateways
• Analytics Providers: For usage analytics and platform monitoring
• Support Tools: Customer support and communication platforms

All service providers are contractually obligated to protect data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Cooperate with law enforcement or regulatory authorities
• Protect against fraud or security threats
• Enforce our Terms of Service
• Protect our rights, property, or safety

4.3 Business Transfers

If Cybersync is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and prominent notice on our website before your information becomes subject to a different privacy policy.

4.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify individuals for analytics, research, or marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access control (RBAC), multi-factor authentication
• Infrastructure Security: Firewalls, intrusion detection, regular security audits
• Data Backups: Regular automated backups with disaster recovery procedures
• Employee Training: Security awareness training for all staff
• Incident Response: 24/7 monitoring and incident response procedures

Despite our security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain information for as long as necessary to provide services and comply with legal obligations:

• Active Partners: Data retained throughout the service period
• After Termination: Partner data retained for 30 days, then deleted or anonymized
• Financial Records: Retained for 7 years as per Indian tax laws
• Legal Requirements: Data retained longer if required by law or ongoing investigations
• Backups: Backup copies may persist for up to 90 days

Partners can request earlier deletion, subject to legal and contractual obligations.

7. Your Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

You have the right to request a copy of your personal data in a structured, commonly used format.

7.2 Correction

You can update your account information at any time through the Platform or by contacting support.

7.3 Deletion

You can request deletion of your data, subject to legal retention requirements and ongoing contractual obligations.

7.4 Objection and Restriction

You can object to certain data processing or request restriction of processing in specific circumstances.

7.5 Withdrawal of Consent

Where processing is based on consent, you can withdraw consent at any time.

To exercise these rights, contact us at hello@wapto.app. We will respond within 30 days.

8. Partner Responsibilities

As a Partner using Wapto, you are responsible for:

• End-User Consent: Obtaining necessary consents from your end-users
• Privacy Policy: Maintaining your own privacy policy for end-users
• Data Protection: Complying with applicable data protection laws
• Opt-Out Mechanisms: Providing opt-out options for marketing messages
• Data Breaches: Notifying us immediately of any security incidents
• WhatsApp Policies: Ensuring compliance with WhatsApp's privacy and messaging policies

Partners act as data controllers for their end-users' data, while Cybersync acts as a data processor.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) with international service providers
• Adequacy decisions by relevant data protection authorities
• Compliance with applicable cross-border data transfer regulations
• Data localization where required by law

10. Cookies and Tracking

We use cookies and similar tracking technologies:

• Essential Cookies: Required for platform functionality (cannot be disabled)
• Analytics Cookies: Help us understand usage patterns
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

11. Children's Privacy

Wapto is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately. Parents or guardians who believe their child has provided information should contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified through:

• Email notification to Partners
• Prominent notice on the Platform
• In-app notifications

Continued use of the Platform after changes constitutes acceptance of the updated policy. The "Last Updated" date at the top indicates when changes were made.

13. Contact Us

For privacy-related questions, concerns, or requests: