Legal

Privacy Policy

Your privacy is important to us. This policy explains what data we collect, how we use it, and the choices you have.

Last updated: May 9, 2026

1. Introduction

WAAPI is a product of LAMDA INFOTECH PRIVATE LIMITED (“Lamda Infotech”, “we”, “us”, or “our”), a company incorporated in India with its registered office at Room No 9/4, Unit No 6WS9, Mani Casadona, New Town, North 24 Parganas – 700161, West Bengal, India. WAAPI is a multi-tenant WhatsApp Business API SaaS platform that enables vendors to manage WhatsApp messaging, campaigns, chatbots, and customer conversations. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our services (the “Services”), including our website, web dashboard, mobile application, and APIs.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, phone number, company name, billing address, password (hashed), and profile picture.
  • Business information: WhatsApp Business Account (WABA) identifiers, phone number IDs, Meta Business IDs, message templates, and business profile details.
  • Messaging data: conversations, messages, media, delivery receipts, read receipts, and interaction metadata exchanged between you and your customers via the WhatsApp Business API.
  • Contacts & audience data: customer phone numbers, names, labels, custom fields, and group memberships you upload or sync.
  • Usage data: log files, IP addresses, browser type, device information, pages visited, referring URLs, and timestamps.
  • Payment information: billing history, subscription plan, payment method metadata (card last-4, brand), and invoices. Full card numbers are handled exclusively by our PCI-compliant payment gateway and are never stored on our servers.
  • Third-party sign-in data: when you sign in using a third-party social network (such as Google, Facebook, or LinkedIn), we receive the basic profile fields you authorise that provider to share with us — typically name, email address, and profile picture. We do not receive your password from those providers.

3. When Information Is Collected

We collect personal information when you submit web forms, subscribe to our newsletter, create an account, connect a WhatsApp Business number, send messages or campaigns through our Services, contact our support team, or use our APIs. We may also receive information from third-party identity providers (Google, Facebook, LinkedIn) when you authorise them to share data with us.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services;
  • Process messages, campaigns, and chatbot flows on your behalf;
  • Send transactional messages, security alerts, and service notifications;
  • Bill, invoice, and process subscription payments;
  • Respond to support requests and troubleshoot technical issues;
  • Notify you of changes to our website, products, or terms, and distribute newsletters and promotional materials you have opted in to receive;
  • Detect, prevent, and address fraud, abuse, spam, and security threats;
  • Analyse usage patterns to improve features and performance;
  • Comply with applicable laws, regulations, and Meta / WhatsApp policies.

5. WhatsApp Business API Data

Because our Services integrate with the WhatsApp Business API, your use of WAAPI is also governed by the WhatsApp Business Messaging Policy and the WhatsApp Business Terms of Service. Message content you exchange through the WhatsApp Business API is processed in accordance with Meta’s data-handling rules. You are responsible for obtaining any consent required from your end-customers before initiating marketing messages.

6. Data Sharing & Disclosure

We do not sell, rent, trade, or lease your personal details to any third party for commercial purposes. We share data only in these limited cases:

  • Service providers: cloud hosting (MongoDB Atlas, object storage), email / SMS gateways, and analytics providers who process data on our behalf under confidentiality obligations.
  • Meta Platforms & WhatsApp: data necessary to deliver messages via the WhatsApp Business API.
  • Payment processors: to verify and process subscription payments.
  • Legal & safety: when required by subpoena, court order, or applicable law, or to protect the rights, property, or safety of Lamda Infotech, our users, or others.
  • Business transfers: in connection with a merger, acquisition, or sale of all or a portion of our assets (with notice to affected users).

7. Data Retention

We retain account and messaging data for as long as your account is active or as needed to provide the Services. When you delete your account or specific records, data is first moved to a recoverable Trash tier (30 days). After that period, it is permanently deleted from active systems. Backups are cycled on a rolling 90-day window and purged thereafter. Some information may persist in archives where retention is necessary for fraud prevention, dispute resolution, or compliance with applicable law.

8. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest for sensitive fields, hashed passwords (bcrypt), JWT-based authentication with refresh-token rotation, role-based access control, audit logs, and rate limiting. Access to personal data is restricted to authorised personnel for legitimate operational purposes only. No system is completely secure, and we cannot guarantee absolute protection against unauthorised access.

9. Your Rights

Subject to applicable law (including the Indian Digital Personal Data Protection Act, 2023, and the GDPR where it applies), you may have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request deletion of your data (subject to legal retention requirements);
  • Export your data in a machine-readable format;
  • Object to or restrict certain processing activities;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with the relevant data-protection authority.

To exercise these rights, contact us at info@lamdainfotech.thewaapi.com. We will respond within the timeframes required by applicable law. Note that requesting deletion may restrict your access to certain features of the Services.

10. International Transfers

Our Services are hosted and operated from India and may be accessed globally. By using the Services, you consent to the transfer of your information to countries that may have data-protection laws different from those of your country of residence.

11. Children’s Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, regulatory obligations, or evolving internet usage standards. Material changes will be notified via email or in-dashboard notification at least 14 days before taking effect. Continued use of the Services after the effective date constitutes acceptance of the revised policy. We recommend reviewing this page periodically.

13. Contact

Questions, concerns, or requests regarding this Privacy Policy or your personal data? Get in touch with us:

  • Email: info@lamdainfotech.thewaapi.com
  • Phone: +91 8101 7171 49  /  +91 85 8383 6494
  • Address: LAMDA INFOTECH PRIVATE LIMITED, Room No 9/4, Unit No 6WS9, Mani Casadona, New Town, North 24 Parganas – 700161, West Bengal, India
  • Or visit our Support page.