Privacy Policy

At WhatFlow, your privacy and security are our top priorities. This Privacy Policy explains how we collect, use, and protect your data when you use our full-stack WhatsApp automation suite.

1. Information We Collect

  • WhatsApp Account Access: When you connect your WhatsApp account, you log into our backend engine as a linked device. This allows us to securely manage all automated messaging on your behalf, including order confirmations, abandoned checkout retrieval, order fulfillment, and cancellation notifications. We have full access to your WhatsApp account for the purpose of sending these automated messages, but we do not interact with or access other features (e.g., chats, media).
  • Order & Customer Data: We collect information related to Shopify orders and customers, such as customer details, cart contents, order statuses, and checkout activities, to send the appropriate messages via WhatsApp at various stages of the customer journey.
  • Usage Data: We collect basic app usage data to enhance performance and functionality of our automation suite.

2. How We Use Your Information

  • Comprehensive Message Automation: WhatFlow uses your WhatsApp account to send various automated messages to customers throughout their shopping journey, including order confirmations, abandoned cart reminders, fulfillment updates, and cancellation notifications. Although we have access to your account as a linked device, our interaction is strictly limited to automated message transmission. No other WhatsApp data, such as conversations or media, is accessed.
  • Data Security: All communications between your WhatsApp account, our servers, and Shopify are encrypted using secure protocols. We ensure that your WhatsApp data is used only for its intended purpose and is never exposed or shared with third parties.

3. NoWeb Engine & Account Confidentiality

Our full-stack automation suite runs on a NoWeb engine, meaning there is no interface to access your WhatsApp data beyond sending HTTP requests for message delivery across all automation types. Your account remains completely confidential, and no sensitive information (chats, media, or contacts) is stored or accessed.

4. Customer Control

You have full control of your WhatsApp account:

  • Disconnect your WhatsApp account at any time from the app.
  • Delete the app from your Shopify store, and all access to your WhatsApp account will be revoked immediately. We do not retain any personal data after disconnection or deletion.

5. Data Security Measures

We follow industry-standard security measures, including encryption and secure data storage. Although we access your WhatsApp as a linked device, the scope of interaction is strictly limited to what is necessary for our automation suite's functionality, including order confirmations, abandoned cart recovery, fulfillment notifications, and cancellation updates.

GDPR Compliance

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). WhatFlow ensures compliance with GDPR by providing you with the following rights:

  • Right to Access: You may request access to the personal data we hold about you at any time.
  • Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data.
  • Right to Erasure: You may request the deletion of your personal data under certain conditions, including when it is no longer necessary for the purpose for which it was collected.
  • Right to Restrict Processing: You may request a limitation on how we process your personal data.
  • Right to Data Portability: You may request a copy of your personal data in a structured, machine-readable format.

If you wish to exercise any of these rights, please contact us through the support information provided. We respond to all requests in accordance with GDPR timelines and regulations. Please note that disconnecting your WhatsApp account or uninstalling the app automatically removes all access to your data.