Legal Document
Privacy Policy
How Graphicy Media collects, uses, and protects your information when you use WaBlast.
Effective: January 1, 2025
Last Updated: May 2025
Udyam Registered, India
When you use WaBlast, we collect the following types of information:
- Account Information: Your name, email address, and password when you register
- WhatsApp Business Data: Your WhatsApp Business Account ID (WABA ID), phone number ID, display name, and access tokens obtained via Meta's Embedded Signup
- Contact Data: Phone numbers and names of recipients you upload for campaigns
- Campaign Data: Message templates, campaign names, sending schedules, and delivery logs
- Usage Data: How you interact with the platform, features used, and session information
- Payment Data: Credit purchase history and transaction records (we do not store card details)
๐ก We do not collect any sensitive personal information such as Aadhaar numbers, PAN, financial account details, or biometric data.
We use the information we collect solely to provide and improve WaBlast services:
- To authenticate you and maintain your account securely
- To send WhatsApp messages on your behalf using your connected WhatsApp Business Account
- To manage your message templates, contacts, and campaigns
- To track message delivery status and campaign performance
- To process credit purchases and maintain your credit balance
- To send transactional emails such as password resets and account notifications
- To improve platform features and fix technical issues
We do not use your data for advertising, profiling, or sell it to any third party.
Your data is stored securely on Supabase (PostgreSQL database with row-level security), hosted on servers in compliance with industry standards.
- WhatsApp access tokens are stored in encrypted form
- All data transmission uses HTTPS/TLS encryption
- Access to your data is restricted to authenticated requests only
- Row-level security ensures users can only access their own data
- Service keys are never exposed to the client-side
WaBlast uses the following third-party services to operate:
- Meta (Facebook): WhatsApp Business API, Embedded Signup, message delivery
- Supabase: Database and authentication infrastructure
- Render: Application hosting and deployment
- Groq (optional): AI-powered auto-replies, only if you configure a Groq API key
Each third-party service has its own privacy policy. We only share the minimum data necessary for these services to function.
WaBlast integrates with Meta's WhatsApp Business Platform. When you connect your WhatsApp Business Account:
- We receive an access token from Meta via their Embedded Signup flow
- This token is used exclusively to send messages and manage templates on your behalf
- We store your WABA ID and phone number ID to identify your connected account
- We do not access your personal Facebook or Instagram account data
- Message content is transmitted directly to Meta's API and is subject to WhatsApp's Privacy Policy
๐ We comply fully with Meta's Platform Terms and WhatsApp Business Policy. All messaging is opt-in and template-based as required by Meta.
We retain your data for as long as your account is active or as needed to provide services:
- Account data is retained until you delete your account
- Campaign logs are retained for 90 days for delivery tracking purposes
- Contact data is retained until you delete it from the platform
- Upon account deletion, all your data is permanently removed within 30 days
To request account deletion, email us at graphicyin@gmail.com.
As a user of WaBlast, you have the following rights under applicable Indian law (IT Act, 2000 and DPDP Act, 2023):
- Right to Access: Request a copy of all data we hold about you
- Right to Correction: Update or correct inaccurate information
- Right to Deletion: Request permanent deletion of your account and data
- Right to Portability: Export your contacts and campaign data
- Right to Withdraw Consent: Disconnect your WhatsApp account at any time
To exercise any of these rights, contact us at graphicyin@gmail.com.
We take data security seriously and implement the following measures:
- All data in transit is encrypted using TLS 1.2 or higher
- WhatsApp access tokens are stored encrypted and never logged
- Authentication uses industry-standard JWT tokens with expiry
- Database access is restricted via Row Level Security (RLS)
- We conduct regular security reviews of our codebase
In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it.
WaBlast is a business platform intended for use by adults and registered businesses. We do not knowingly collect personal information from children under the age of 18.
If you believe a minor has created an account, please contact us immediately at graphicyin@gmail.com and we will delete the account promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email if the changes materially affect your rights
- Post a notice on the WaBlast dashboard
Your continued use of WaBlast after changes are posted constitutes acceptance of the updated policy.