PRIVACY POLICY

This Privacy Policy applies to:

• Business owners and authorized users who create accounts on Wayg Business Assistant
• Customers of businesses who interact with those businesses through our platform
• Website visitors who browse our marketing pages

This Privacy Policy does not apply to:

• Third-party services not owned or controlled by Wayg
• Independent privacy practices of businesses using our platform
• Meta platforms (WhatsApp, Instagram) except as they relate to our integration

3.1 Information from Business Users (You Provide Directly)

Account and Profile Information:

• Full name, email address, phone number
• Business name, business address, and business type
• Company registration information (if applicable)
• Profile photo and business logo

Authentication and Access Credentials:

• Password and security information
• WhatsApp Business API credentials
• Instagram Business Account access tokens
• Meta Platform authorization tokens

Financial Information:

• Bank account details for payment processing
• Billing address and payment card information (processed by third-party payment providers)
• Transaction history and invoice records

Communications:

• Support tickets, emails, and chat messages with our team
• Feedback, survey responses, and feature requests

3.2 Customer Data Accessed Through Platform Integrations

When you connect your WhatsApp and Instagram accounts to Wayg Business Assistant, we access and process:

Customer Messages and Conversations:

• Incoming and outgoing messages between your business and your customers
• Message content, timestamps, and delivery status
• Media files shared in conversations (images, documents, voice notes)
• Customer inquiries, orders, and support requests

Customer Profile Information:

• Customer names and profile information visible on WhatsApp/Instagram
• Phone numbers (WhatsApp) and Instagram usernames
• Profile pictures and public profile data

Order and Transaction Data:

• Purchase orders placed through chat
• Payment confirmations and transaction details
• Delivery addresses and order notes
• Product inquiries and cart information

Important: We only access this data to provide our Services to you. We do not use customer data for our own marketing purposes or share it with third parties except as described in this policy.

3.3 Information We Collect Automatically

Device and Technical Information:

• IP address, browser type, and version
• Device identifiers, operating system
• Device model and mobile network information

Usage Information:

• Login times and session duration
• Features used within the platform
• Pages visited and navigation patterns
• Search queries and filter preferences
• Response times and performance metrics

Location Information:

• General location derived from IP address
• Country and city-level location data

3.4 Information from Third Parties

Meta Platforms (WhatsApp, Instagram):

• Business account verification status
• Account health and quality ratings
• Message template approval status
• Platform compliance notifications

Payment Processors:

• Payment confirmation and transaction status
• Fraud prevention signals
• Dispute and chargeback information

Public Sources:

• Business registration information from government databases
• Publicly available business information
• Industry classification data

4.1 Service Delivery and Platform Operations

• Provide core functionality: Enable you to manage customer conversations, process orders, and accept payments through WhatsApp and Instagram
• Message management: Route, organize, and display customer messages in a unified inbox
• Order processing: Track and manage customer orders placed through chat
• Payment processing: Facilitate payment transactions between your business and your customers
• Customer insights: Generate analytics about customer behavior, response times, and engagement metrics
• Automated responses: Enable chatbot and automated reply features you configure

4.2 Communication and Support

• Respond to your inquiries, support requests, and technical issues
• Send service notifications, updates, and important announcements
• Provide onboarding assistance and training materials
• Request feedback and conduct user research

4.3 Business Operations and Compliance

• Verify your business identity and account information
• Maintain accurate records of transactions and interactions
• Comply with legal obligations and regulatory requirements
• Prevent, detect, and investigate fraud, abuse, or policy violations
• Enforce our Terms of Service and other agreements
• Respond to legal requests from authorities and regulators

4.4 Platform Improvement and Development

• Analyze usage patterns and trends to improve our Services
• Develop new features and functionality
• Test and optimize platform performance
• Conduct internal research and data analysis

4.5 Marketing and Communications (With Consent)

• Send newsletters, product updates, and promotional content
• Share educational content and best practices
• Announce new features and integrations
• Provide special offers and incentives

You may opt out of marketing communications at any time by clicking the unsubscribe link in our emails or adjusting your account settings.

• Contractual Necessity: Processing is necessary to perform our contract with you and provide the Services you requested.
• Legitimate Interests: We have legitimate business interests in operating our platform, preventing fraud, improving our Services, and ensuring security.
• Consent: Where required by law, we obtain your explicit consent before processing certain types of data or sending marketing communications.
• Legal Obligation: We process data to comply with applicable laws, regulations, and legal processes.
• Vital Interests: In rare cases, we may process data to protect someone's life or physical safety.

6.1 Service Providers and Processors

We share personal data with trusted third-party vendors who assist us in operating our platform:

• Cloud hosting providers: Store and process data on secure servers
• Payment processors: Handle payment transactions and billing
• Communication services: Enable email, SMS, and notification delivery
• Analytics providers: Help us understand platform usage and performance
• Customer support tools: Manage support tickets and customer communications
• Identity verification services: Verify business information and prevent fraud
• Security services: Monitor and protect against cyber threats

These service providers are contractually bound to protect your data and may only use it to perform services on our behalf.

6.2 Meta Platforms

To enable our WhatsApp and Instagram integrations, we share:

• Your business account information with Meta for verification
• Message delivery status and engagement metrics
• Platform compliance data as required by Meta's policies

This sharing is essential for our Services to function. Meta is an independent data controller with respect to your WhatsApp and Instagram data. Please review Meta's privacy policies for more information.

6.3 Payment Providers

To process payments, we use third-party payment processors (such as Paystack, Flutterwave, or similar providers). We do not store your complete payment card details. Payment processors are independent controllers of your payment information. Please refer to their privacy policies for details on how they handle your data.

6.4 Business Transfers

We may share or transfer personal data as part of any merger, acquisition, sale of assets, financing, or other corporate transaction. In such cases, we will ensure the acquiring party agrees to protect your data consistent with this Privacy Policy.

6.5 Legal Requirements and Protection

We may access, preserve, and disclose personal data when we believe it is necessary to:

• Comply with applicable laws, regulations, or valid legal processes
• Respond to requests from law enforcement or government authorities
• Enforce our Terms of Service and other agreements
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of Wayg, our users, or the public

6.6 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

6.7 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for research, analytics, or marketing purposes.

7.1 Your Role as Data Controller

When you use Wayg Business Assistant to manage customer conversations, you are the data controller for your customers' personal data. Wayg acts as a data processor on your behalf.

Your Responsibilities:

• Obtain necessary consents from your customers to collect and process their data
• Inform your customers about how their data will be used
• Maintain your own privacy policy and ensure it covers your use of Wayg Business Assistant
• Comply with applicable data protection laws in your interactions with customers
• Respond to customer requests regarding their data (access, deletion, etc.)

7.2 Our Role as Data Processor

As your data processor, we:

• Process customer data only according to your instructions and our agreement
• Implement appropriate security measures to protect customer data
• Assist you in responding to customer data requests where technically feasible
• Notify you of any data breaches affecting customer data
• Delete or return customer data upon termination of Services (subject to legal retention requirements)

7.3 Restrictions on Customer Data Use

We will NOT:

• Use your customers' personal data for our own marketing purposes
• Share customer data with third parties except as necessary to provide our Services
• Sell or rent customer data to anyone
• Use customer message content to train AI models or for purposes beyond service delivery

8.1 Types of Cookies We Use

• Essential Cookies: Required for the platform to function properly (e.g., authentication, security)
• Analytics Cookies: Help us understand how users interact with our Services (e.g., Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity across websites to deliver targeted advertising

8.2 Managing Cookies

Most web browsers allow you to control cookies through settings. You can:

• Delete existing cookies
• Block all cookies
• Block third-party cookies
• Receive notifications before cookies are stored

Note that disabling certain cookies may impact your ability to use some features of our Services.

8.3 Third-Party Analytics

We use Google Analytics to understand user behavior. Google Analytics collects information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our site. You can learn more about how Google uses data at www.google.com/policies/privacy/partners and opt out by installing the Google Analytics Opt-out Browser Add-on.

9.1 Technical Safeguards

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption
• Access controls: Multi-factor authentication and role-based access restrictions
• Secure infrastructure: Hosting on secure, SOC 2 compliant cloud providers
• Network security: Firewalls, intrusion detection, and DDoS protection
• Secure API connections: Encrypted connections to Meta platforms and payment providers

9.2 Organizational Safeguards

• Limited access: Only authorized personnel have access to personal data
• Employee training: Regular security awareness and data protection training
• Confidentiality agreements: All employees and contractors sign confidentiality agreements
• Vendor management: Due diligence and contractual requirements for all service providers
• Incident response: Documented procedures for detecting and responding to security incidents

9.3 Data Breach Notification

In the event of a data breach that compromises your rights and freedoms, we will:

• Notify you within 72 hours of discovery
• Report the breach to relevant data protection authorities as required by law
• Provide details about the nature of the breach and steps we're taking
• Offer guidance on protective measures you can take

If you suspect unauthorized access to your account or a security issue, please contact our Data Protection Officer immediately at dpo@getwayg.com.

10.1 Retention Periods

Business Account Information:

• Active accounts: Data retained for the duration of your account
• Closed accounts: Basic information retained for 7 years to comply with legal obligations (tax, accounting, fraud prevention)

Customer Conversation Data:

• Active conversations: Retained while you maintain an active account
• Upon account deletion: Customer messages deleted within 30 days unless legal retention is required

Financial Records:

• Transaction data retained for 7 years as required by tax and financial regulations

Analytics and Logs:

• Usage logs and analytics data typically retained for 24 months

Support Communications:

• Support tickets and correspondence retained for 5 years for quality assurance and dispute resolution

10.2 Deletion Requests

You may request deletion of your data at any time by contacting us. We will comply with deletion requests subject to:

• Legal obligations requiring retention
• Ongoing investigations or disputes
• Backup retention periods (deleted from active systems immediately, backups within 90 days)

11.1 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses: Approved by the European Commission and Nigeria's NITDA
• Data Processing Agreements: Binding agreements with all processors requiring GDPR-level protection
• Adequacy determinations: Preferring transfers to countries with adequate data protection laws
• Encryption: All data encrypted during international transmission

11.2 Meta Platform Data

Data shared with Meta platforms (WhatsApp, Instagram) may be transferred to the United States and other countries where Meta operates. Meta provides appropriate safeguards for international transfers as described in their privacy policies.

11.3 Your Rights Regarding Transfers

You have the right to:

• Be informed about which countries your data will be transferred to
• Receive information about the safeguards in place
• Object to transfers where adequate protection cannot be guaranteed

Contact our Data Protection Officer at dpo@getwayg.com for more information about international transfers.

12.1 Right to Access

You may request access to the personal data we hold about you, including:

• What data we collect
• How we use it
• Who we share it with
• How long we retain it

12.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data. You can also update most information directly in your account settings.

12.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data, subject to exceptions for:

• Legal compliance requirements
• Ongoing disputes or investigations
• Legitimate business interests

12.4 Right to Restriction of Processing

You may request that we limit how we process your data in certain circumstances, such as while verifying accuracy or assessing legal grounds.

12.5 Right to Data Portability

You may request a copy of your data in a structured, machine-readable format for transfer to another service provider.

12.6 Right to Object

You may object to:

• Processing based on legitimate interests
• Direct marketing communications
• Automated decision-making and profiling

12.7 Right to Withdraw Consent

Where we rely on your consent to process data, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

12.8 Right to Lodge a Complaint

You have the right to file a complaint with:

• Nigeria: National Information Technology Development Agency (NITDA)
• EU/EEA: Your local data protection authority
• UK: Information Commissioner's Office (ICO)

12.9 Exercising Your Rights

To exercise any of these rights, contact our Data Protection Officer at dpo@getwayg.com. We will respond within 30 days. You may need to verify your identity before we process your request.

13.1 WhatsApp Business API Integration

Our integration with WhatsApp Business API is subject to Meta's policies and terms. We:

• Comply with WhatsApp Business API policies and commerce policy
• Implement required security measures for message handling
• Respect WhatsApp's data usage restrictions
• Follow Meta's guidelines for customer communication

13.2 Instagram Business Integration

Our Instagram integration enables you to:

• Receive and respond to Instagram Direct Messages
• View customer profile information
• Manage comments and interactions

We comply with Instagram Platform Terms and only use Instagram data as necessary to provide our Services.

13.3 Your Meta Platform Responsibilities

When connecting your WhatsApp or Instagram accounts, you are responsible for:

• Complying with Meta's terms of service and policies
• Obtaining necessary customer consents for automated messaging
• Following WhatsApp's opt-in requirements for marketing messages
• Adhering to Meta's commerce and messaging policies

13.4 Platform Access Revocation

You may disconnect your WhatsApp or Instagram accounts from Wayg at any time through your account settings. This will revoke our access to your Meta platform data.

15.1 Notification of Changes

When we make material changes, we will:

• Update the "Effective Date" at the top of this policy
• Notify you via email to your registered email address
• Display a prominent notice on our platform
• In some cases, request your consent to the changes

15.2 Your Continued Use

Continued use of our Services after changes become effective constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using our Services and may close your account.

16.1 Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: dpo@getwayg.com

Postal Address:

16.2 General Inquiries

For non-privacy-related questions:

Email: support@getwayg.com

Website: www.getwayg.com

16.3 Response Time

We aim to respond to all privacy-related inquiries within 30 days. For urgent security matters, we prioritize response within 24-48 hours.