Privacy Policy

Last updated: 8/29/2025

1. Introduction

Whatstendee is a cloud-native SaaS CRM platform that manages contacts, companies, events, and automated communications. This policy explains how we collect, use, and protect your information when you use our services, including integrations with Meta's Business WhatsApp API, Stripe, and analytics tools.

2. Information We Collect

2.1 Information You Provide Directly

  • Personal information you provide (e.g., name, email, organization, role)
  • Contact and attendee details managed within the platform
  • Event details and participation data
  • Survey responses and uploaded files
  • Payment and subscription information (via Stripe)

2.2 Information from Meta Business Accounts

When you connect your Meta Business Account through OAuth 2.0, we collect and process:

  • Business account information and profile data
  • WhatsApp Business account details and settings
  • WhatsApp message content, metadata, and delivery statuses
  • Media files sent through WhatsApp (images, documents, audio, video)
  • Contact information from your WhatsApp Business contacts
  • Business asset information (pages, ad accounts, catalogs) as authorized

2.3 Technical and Usage Information

  • Usage analytics and device/browser information
  • API access logs and webhook data from Meta's services
  • Session data and authentication tokens
  • Platform interaction data and feature usage metrics

3. How We Use Your Information

3.1 Core Platform Services

  • To provide, maintain, and improve our CRM, event, and messaging services
  • To manage user roles, permissions, and team access
  • To facilitate event creation, attendee management, and confirmations
  • To process payments and manage subscriptions through Stripe
  • To provide analytics dashboards and usage insights

3.2 WhatsApp and Meta Integration Services

  • To send automated communications, confirmations, and reminders via WhatsApp
  • To capture, store, and manage WhatsApp message history for audit and support purposes
  • To process and store media files from WhatsApp conversations
  • To maintain conversation threads and contact communication history
  • To enable attendance confirmation through various methods (OTP, QR code, location sharing)
  • To synchronize contact profiles and business asset information

3.3 Security and Compliance

  • To ensure security, prevent fraud, and comply with legal obligations
  • To maintain compliance with Meta's Platform Policies and data use requirements
  • To conduct security monitoring and incident response

4. Meta Business Account OAuth 2.0 Data Processing

4.1 OAuth 2.0 Authorization

We use Meta's Facebook Login for Business with OAuth 2.0 to securely access your Meta Business Accounts. This process allows us to obtain the minimum necessary permissions to provide our services while maintaining the security of your business data.

4.2 Token Management and Security

  • We securely store and manage OAuth 2.0 access tokens using industry-standard encryption
  • Business Integration System User access tokens are used for automated server-to-server operations
  • User access tokens are used for real-time operations requiring user interaction
  • Tokens are stored with appropriate security measures and renewed as necessary
  • We implement proper token invalidation and cleanup procedures

4.3 Webhook Data Processing

We receive real-time data from Meta's APIs through secure webhook endpoints. This includes WhatsApp messages, delivery statuses, and business account changes. All webhook data is processed in compliance with Meta's data use policies.

4.4 Managed Meta Accounts

Our platform supports both personal Facebook accounts and Managed Meta Accounts (work accounts). We handle the transition process and re-authorization requirements for organizations migrating to Managed Meta Accounts.

5. Data Sharing & Third-Party Integrations

5.1 Meta/Facebook Integration

  • WhatsApp communications are processed through Meta's Business WhatsApp API
  • Message content and metadata are handled in compliance with Meta's data use policies
  • Business account data is accessed only within the scope of granted permissions
  • We maintain audit trails of all API interactions as required by Meta's policies

5.2 Other Third-Party Services

  • Payment and subscription data is securely handled by Stripe; we do not store full payment details
  • Cloud storage services for media files and platform data
  • Analytics and usage data may be processed by third-party analytics providers

5.3 Data Protection Commitment

We do not sell or rent your personal information to third parties. All third-party integrations are governed by strict data processing agreements and comply with applicable privacy laws.

6. Data Security and Storage

6.1 Security Measures

  • Industry-standard security measures including encryption in transit and at rest
  • Access controls and role-based permissions for sensitive data
  • Regular security reviews and compliance audits
  • Secure token storage and management for OAuth 2.0 integrations

6.2 Data Retention

  • WhatsApp message history is retained for audit trail and customer support purposes
  • Media files are stored securely with appropriate access controls
  • OAuth tokens are managed according to Meta's requirements and security best practices
  • Personal data is retained only as long as necessary for service provision and legal compliance

6.3 Cross-Border Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers, including compliance with applicable data protection laws and Meta's global data handling requirements.

7. Your Rights & Choices

7.1 Access and Control

  • You may access, update, or delete your personal information at any time via your account settings
  • You can revoke OAuth 2.0 permissions through your Meta Business Manager settings
  • You may request export or erasure of your data by contacting us
  • You may opt out of non-essential communications

7.2 Meta Business Account Management

  • You can disconnect your Meta Business Account at any time through Meta Business Manager
  • Disconnecting will stop new data collection but may not immediately delete previously collected data
  • You can request deletion of Meta-related data through our data deletion process

8. Legal Basis for Processing

We process your personal data based on various legal grounds including:

  • Contract Performance: To provide our CRM and messaging services
  • Consent: For Meta Business Account integration through OAuth 2.0 authorization
  • Legitimate Interests: For service improvement, security, and analytics
  • Legal Compliance: To meet regulatory and Meta platform policy requirements

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Meta's platform policies. We will notify users of significant changes via the platform or email.

10. Contact Us

If you have any questions about this Privacy Policy, your data, or our Meta Business Account integration, please contact us at:
Email: [email protected]
Data Protection Inquiries: [email protected]

Return to Home