W
WaSMS
Sign Up Free

Privacy Policy

Last updated: April 1, 2026

Summary (plain English)

  • ✓ We collect the minimum data needed to provide the Service.
  • ✓ We never sell your data to third parties.
  • ✓ Your Contact data belongs to you — we process it only on your behalf.
  • ✓ All data is encrypted in transit and at rest.
  • ✓ You can request deletion of your data at any time.

Contents

  1. 1. Overview
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Legal Basis for Processing (GDPR)
  5. 5. How We Share Your Information
  6. 6. Data Retention
  7. 7. Security
  8. 8. Cookies & Tracking
  9. 9. Your Rights
  10. 10. Children's Privacy
  11. 11. International Data Transfers
  12. 12. Changes to This Policy
  13. 13. Contact Us

1. Overview

WaSMS ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the WaSMS platform ("Service").

This policy applies to all users of the Service, including workspace owners, team members, and any individual whose data is processed through the platform ("Contacts"). Please read this policy carefully.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

Account & Registration Data

When you create an account, we collect your name, email address, phone number, company name, and billing information.

Usage Data

We automatically collect information about how you use the Service, including pages visited, features used, message volumes, campaign performance, and error logs. This is collected via server logs, cookies, and analytics tools.

Communication Data

To provide the Service, we process message content and metadata (sender, recipient, timestamp, delivery status) for messages sent through the platform. We do not store message content longer than necessary to deliver and report on messages.

Contact Data

Information you upload about your end customers ("Contacts") — including names, phone numbers, email addresses, and custom fields — is stored and processed solely to provide the Service.

Device & Technical Data

We collect IP address, browser type, operating system, and device identifiers for security and performance monitoring.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process transactions and send related information (invoices, receipts)
  • Send administrative communications (account updates, security alerts, maintenance notices)
  • Send marketing communications (with your consent, and with an easy opt-out)
  • Respond to your support requests and inquiries
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and respond to security incidents and abuse
  • Comply with legal obligations

We do not sell your personal information to third parties.

5. How We Share Your Information

We may share your information with:

Service Providers (Subprocessors): We use third-party companies to help provide the Service, including cloud infrastructure (Hetzner, Cloudflare), email delivery, and payment processing. These providers process data only on our behalf and under strict data processing agreements.

Business Transfers: If WaSMS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you in advance.

Legal Requirements: We may disclose your information if required to do so by law, court order, or government request.

With Your Consent: We may share information for other purposes with your explicit consent.

We do not share your Contact data (your end customers' information) with any third party except as needed to deliver the Service.

6. Data Retention

We retain your personal data for as long as your Account is active or as needed to provide the Service. Specifically:

  • Account data: retained for the duration of your subscription + 30 days after termination
  • Message logs: retained for 90 days by default (configurable in account settings)
  • Contact data: retained until you delete it or your account is terminated
  • Financial records: retained for 7 years as required by applicable accounting laws
  • Anonymized analytics data: may be retained indefinitely

Upon account termination, we delete or anonymize your personal data within 30 days, unless legally required to retain it.

7. Security

We implement industry-standard security measures to protect your information:

  • All data in transit is encrypted using TLS 1.3
  • Data at rest is encrypted using AES-256
  • We maintain SOC 2 Type II compliance (in progress)
  • Access controls and authentication (2FA) for all staff accessing customer data
  • Regular penetration testing and vulnerability assessments
  • Automated monitoring and alerting for suspicious activity

While we take security seriously, no system is 100% secure. In the event of a data breach, we will notify affected users within 72 hours as required by GDPR and applicable laws.

8. Cookies & Tracking

We use cookies and similar tracking technologies to:

  • Keep you logged in to the Service (essential cookies)
  • Remember your preferences (functional cookies)
  • Analyze usage patterns to improve the Service (analytics cookies — with consent)

You can control cookies through your browser settings. Disabling essential cookies will affect the functionality of the Service.

We use Google Analytics (with IP anonymization) and our own analytics infrastructure. We do not use third-party advertising cookies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

Portability: Request your data in a structured, machine-readable format.

Objection: Object to processing of your data for certain purposes.

Restriction: Request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact [email protected]. We will respond within 30 days. For EU/EEA residents, you may also lodge a complaint with your local data protection authority.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will delete it promptly.

11. International Data Transfers

WaSMS operates globally. Your data may be processed in countries outside your own, including the European Union, the United States, Singapore, and Germany (our primary data center locations).

For transfers from the EU/EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or complaints:

WaSMS Privacy Team Email: [email protected] Response time: 5 business days (30 days for formal GDPR requests)

See also our Terms of Service.

Privacy questions? [email protected]