Skip to main content
Legal

Privacy Policy

Last updated: May 26, 2026

Your Privacy Matters

We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you use our WhatsApp-Bitrix24 integration service.

1. Information We Collect
Data we gather to provide our service

You Provide

  • Account Information
    Email, name, company name
  • Payment Information
    Processed securely by Paynet
  • Communication Data
    Support messages

Automatic

  • Usage Data
    Features used, interaction patterns
  • Device Information
    Browser, OS, IP address
  • Cookies
    Essential and analytics cookies

WhatsApp Data

  • Message Content
    Messages sent and received
  • Contact Information
    Phone numbers and WhatsApp profile names
  • Media Files
    Images, videos, documents
  • Message Status
    Delivery and read receipts
  • Account Metadata
    WABA ID, phone number ID, quality rating, messaging tier (Cloud API)

AI Data

  • AI Provider API Key
    Encrypted at rest with AES-256-GCM, never logged
  • Prompt Templates
    Stored per automation in your portal
  • CRM Field Values
    Sent to your AI provider when automations run

When you enable an AI automation, the prompt template and the relevant CRM field values are sent to the AI provider you selected (OpenAI, Anthropic, or Google) using your own API key. WASync does not store the AI provider's responses beyond the generated WhatsApp message that gets sent to your contact and saved in CRM history. Your API key is encrypted at rest with AES-256-GCM and is never logged.

WhatsApp Business Platform (Meta Cloud API)

When you connect a WhatsApp Business Account through Meta's Embedded Signup, WASync uses the official WhatsApp Business Platform (Cloud API). We receive the following data directly from Meta through signed webhooks (verified server-side with the x-hub-signature-256 HMAC before any data is stored): inbound and outbound message content and media, message delivery and read statuses, your contacts' phone numbers and WhatsApp profile names, and WhatsApp Business Account metadata (WABA ID, phone number ID, quality rating and messaging tier).

This data is transmitted over HTTPS/TLS 1.2+ and stored on EU-hosted infrastructure. Access tokens issued through Embedded Signup are encrypted at rest with AES-256-GCM and are never exposed to the browser. The data controller is TDACRM Solutions SRL (Romania, VAT RO45930062), which owns and operates WASync. Card payments are handled by our payment processor, SERVICII AMPLE S.R.L. (Moldova).

Retention & deletion: messages and contact records are kept while your subscription is active and deleted within 30 days of cancellation. Disconnecting your WhatsApp Business Account in WASync immediately revokes and deletes the access token and stops further data ingestion. You can also request full deletion at any time by emailing [email protected]; end-user (message recipient) deletion requests are honoured under GDPR Article 17.

2. How We Use Your Information
Purposes for data processing
Provide and maintain the WhatsApp-Bitrix24 integration
Process transactions and billing
Send service updates and security alerts
Provide customer support
Improve service and develop features
Detect and prevent fraud
Comply with legal obligations
3. Data Storage & Security
How we protect your information

Your data is stored on secure servers within the European Union with industry-standard encryption.

Encryption at rest

Tokens & sensitive data — AES-256-GCM

HTTPS connections

All data transmission

Security audits

Regular assessments

Access controls

Authentication required

Data Retention: We retain data while your account is active. After deletion, data is kept for 30 days for backup, then permanently deleted.

4. Data Sharing & Disclosure
Who can access your data

We share data with:

Bitrix24

Sync messages with your CRM

Meta Platforms (WhatsApp Business Platform / Cloud API)

Send and receive WhatsApp messages via Meta's official Cloud API; inbound messages arrive through signed webhooks

WhatsApp (Linked Devices)

Send and receive messages via QR-linked session

Payment Processor (Paynet)

Process payments securely

AI Provider

OpenAI / Anthropic / Google — only when your automations run, using your own key

Analytics (anonymized)

Understand service usage

We do NOT:

Sell your personal data to third parties
Share data for marketing without consent
Access your messages without permission
Use data to train AI models
5. Your Rights (GDPR)
For European Economic Area residents

Access

Request a copy of your data

Rectification

Correct inaccurate data

Erasure

Request data deletion

Restriction

Limit data processing

Portability

Receive data in structured format

Object

Object to processing

Withdraw Consent

Withdraw at any time

To exercise these rights, contact us at [email protected]

6. Cookies & Tracking
Technologies we use to enhance your experience

Essential

Required

Required for service functionality

Analytics

Microsoft Clarity

Preferences

Remember your settings

You can manage cookies through your browser settings. Disabling cookies may affect functionality.

7. Third-Party Services
Services we integrate with

These third parties have their own privacy policies. We recommend reviewing them.

8. Additional Info
Other important information

Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect data from children.

International Transfers

Data is primarily stored in the EU. Transfers to other countries have appropriate safeguards.

Policy Changes

We may update this policy. Significant changes will be notified via email or service.

Supervisory Authority

You can lodge complaints with your local data protection authority.

9. Contact Us
Questions about this privacy policy?

Data Protection Officer

[email protected]

Contact Form

wasync.app/contact

This privacy policy was last updated on May 26, 2026. Previous versions are available upon request.

Have questions about privacy? Contact us