Privacy Policy
Last updated: May 26, 2026
We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you use our WhatsApp-Bitrix24 integration service.
You Provide
- Account Information
Email, name, company name - Payment Information
Processed securely by Paynet - Communication Data
Support messages
Automatic
- Usage Data
Features used, interaction patterns - Device Information
Browser, OS, IP address - Cookies
Essential and analytics cookies
WhatsApp Data
- Message Content
Messages sent and received - Contact Information
Phone numbers and WhatsApp profile names - Media Files
Images, videos, documents - Message Status
Delivery and read receipts - Account Metadata
WABA ID, phone number ID, quality rating, messaging tier (Cloud API)
AI Data
- AI Provider API Key
Encrypted at rest with AES-256-GCM, never logged - Prompt Templates
Stored per automation in your portal - CRM Field Values
Sent to your AI provider when automations run
When you enable an AI automation, the prompt template and the relevant CRM field values are sent to the AI provider you selected (OpenAI, Anthropic, or Google) using your own API key. WASync does not store the AI provider's responses beyond the generated WhatsApp message that gets sent to your contact and saved in CRM history. Your API key is encrypted at rest with AES-256-GCM and is never logged.
WhatsApp Business Platform (Meta Cloud API)
When you connect a WhatsApp Business Account through Meta's Embedded Signup, WASync uses the official WhatsApp Business Platform (Cloud API). We receive the following data directly from Meta through signed webhooks (verified server-side with the x-hub-signature-256 HMAC before any data is stored): inbound and outbound message content and media, message delivery and read statuses, your contacts' phone numbers and WhatsApp profile names, and WhatsApp Business Account metadata (WABA ID, phone number ID, quality rating and messaging tier).
This data is transmitted over HTTPS/TLS 1.2+ and stored on EU-hosted infrastructure. Access tokens issued through Embedded Signup are encrypted at rest with AES-256-GCM and are never exposed to the browser. The data controller is TDACRM Solutions SRL (Romania, VAT RO45930062), which owns and operates WASync. Card payments are handled by our payment processor, SERVICII AMPLE S.R.L. (Moldova).
Retention & deletion: messages and contact records are kept while your subscription is active and deleted within 30 days of cancellation. Disconnecting your WhatsApp Business Account in WASync immediately revokes and deletes the access token and stops further data ingestion. You can also request full deletion at any time by emailing [email protected]; end-user (message recipient) deletion requests are honoured under GDPR Article 17.
Your data is stored on secure servers within the European Union with industry-standard encryption.
Encryption at rest
Tokens & sensitive data — AES-256-GCM
HTTPS connections
All data transmission
Security audits
Regular assessments
Access controls
Authentication required
Data Retention: We retain data while your account is active. After deletion, data is kept for 30 days for backup, then permanently deleted.
We share data with:
Bitrix24
Sync messages with your CRM
Meta Platforms (WhatsApp Business Platform / Cloud API)
Send and receive WhatsApp messages via Meta's official Cloud API; inbound messages arrive through signed webhooks
WhatsApp (Linked Devices)
Send and receive messages via QR-linked session
Payment Processor (Paynet)
Process payments securely
AI Provider
OpenAI / Anthropic / Google — only when your automations run, using your own key
Analytics (anonymized)
Understand service usage
We do NOT:
Access
Request a copy of your data
Rectification
Correct inaccurate data
Erasure
Request data deletion
Restriction
Limit data processing
Portability
Receive data in structured format
Object
Object to processing
Withdraw Consent
Withdraw at any time
To exercise these rights, contact us at [email protected]
Essential
Required for service functionality
Analytics
Microsoft Clarity
Preferences
Remember your settings
You can manage cookies through your browser settings. Disabling cookies may affect functionality.
These third parties have their own privacy policies. We recommend reviewing them.
Children's Privacy
Our service is not intended for users under 18. We do not knowingly collect data from children.
International Transfers
Data is primarily stored in the EU. Transfers to other countries have appropriate safeguards.
Policy Changes
We may update this policy. Significant changes will be notified via email or service.
Supervisory Authority
You can lodge complaints with your local data protection authority.
This privacy policy was last updated on May 26, 2026. Previous versions are available upon request.
Have questions about privacy? Contact us