🎉 1 Month Free Access SentSays for free - no credit card needed Limited-time offer for new users
Last updated: July 7, 2025
This Privacy Policy describes how SentSays ("we", "us", or "our") collects, uses, and protects information in connection with your use of our website, services, and products. We are committed to protecting your privacy and handling your data with the utmost care and responsibility. This policy applies to all users of our services, including visitors to our website, customers who use our messaging automation platform, and business partners who integrate with our systems.
We collect personal information that you provide directly to us when you create an account, use our services, or communicate with us. This includes your full name, email address, phone number, and any other contact information you choose to provide. When you create an account with us, we store your login credentials, including your username and encrypted password, as well as any profile information you add to your account such as your company name, job title, and business address.
We also collect billing and payment information when you purchase our services, including your credit card details, billing address, and payment history. This information is necessary to process your payments and maintain accurate financial records. Additionally, we maintain records of all communications between you and our support team, including emails, chat messages, and phone call logs, to provide you with effective customer service and resolve any issues you may encounter.
As part of our WhatsApp messaging automation services, we collect and process various types of business data that you provide or that is generated through your use of our platform. This includes customer phone numbers that you upload or integrate from your e-commerce platforms, which are essential for delivering automated WhatsApp notifications to your customers. We understand the sensitive nature of this customer data and implement strict security measures to protect it.
We collect order and cart data from your connected e-commerce platforms such as WooCommerce, Shopify, or other supported integrations. This data includes order details, product information, pricing, shipping addresses, and customer purchase history. This information is necessary to trigger appropriate automated messages based on customer actions and order status changes.
Your message templates and automation configurations are stored in our systems, including the content of messages you create, trigger conditions you set up, and scheduling preferences you configure. We also receive and process webhook payloads from your connected platforms, which contain real-time information about orders, shipping updates, customer actions, and other relevant business events that trigger our automated messaging system.
We automatically collect certain technical information when you access and use our services. This includes your IP address, which helps us identify your general location and detect potential security threats. We collect information about your device, including the type of device you're using, operating system, browser type and version, screen resolution, and other technical specifications that help us optimize our services for your device.
Our systems generate detailed logs of your interactions with our platform, including login times, features accessed, API calls made, message delivery status, and system performance metrics. This information helps us monitor system performance, troubleshoot issues, and improve our services. We also collect usage analytics that show how you navigate through our platform, which features you use most frequently, and how long you spend on different sections of our service.
The primary purpose of collecting your information is to deliver our core services effectively. We use your business data to send automated WhatsApp messages to your customers through the Meta WhatsApp Business API. This includes processing order confirmations, shipping notifications, delivery updates, and other transactional messages that you configure in our system. We ensure that all messages are sent in compliance with WhatsApp's policies and relevant regulations.
We use your contact information to communicate with you about your account, send important service updates, notify you of system maintenance, and provide technical support when needed. Your payment information is used exclusively to process subscription fees and any additional charges for premium features. We also use your information to authenticate your identity when you log into our platform and to maintain the security of your account.
We analyze usage patterns and performance metrics to continuously improve our services and develop new features that better serve your needs. This includes studying message delivery rates, analyzing which automation triggers are most effective, and identifying areas where our platform can be optimized for better performance. We use this data to enhance user experience, fix bugs, and develop new functionality based on user behavior and feedback.
We conduct research and development activities using aggregated and anonymized data to understand market trends, improve our algorithms, and develop innovative solutions for business messaging automation. Your data also helps us ensure the security and integrity of our platform by detecting unusual activity patterns, preventing fraud, and identifying potential security threats before they can affect your account or data.
We maintain strict policies regarding the sharing of your personal and business information. We do not sell, rent, lease, or trade your personal information to third parties for their marketing purposes. Your data belongs to you, and we respect your ownership rights and privacy expectations.
However, there are specific circumstances where we may need to share your information to provide our services effectively or comply with legal requirements. We may share your data with trusted service providers who assist us in delivering our services, such as cloud hosting providers, payment processors, email service providers, and analytics platforms. These service providers are bound by strict contractual agreements that require them to protect your data and use it only for the specific purposes we authorize.
We may disclose your information when required by law, legal process, or government request. This includes responding to court orders, subpoenas, search warrants, or other legal demands from authorized law enforcement agencies. We may also share information to protect our rights, property, or safety, or the rights, property, or safety of our users or the general public, including in cases of suspected fraud, security breaches, or violations of our terms of service.
In the event of a business transaction such as a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity as part of the transaction. We will notify you of any such transaction and ensure that the acquiring entity agrees to protect your data in accordance with this privacy policy. We will only share your information with your explicit consent for any purposes not covered in this policy.
We are committed to complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) for our European users and the Digital Personal Data Protection (DPDP) Act, 2023 for our Indian users. We continuously monitor changes in privacy legislation worldwide to ensure our practices remain compliant as new laws are enacted or existing laws are updated.
Under these regulations, you have several important rights regarding your personal data. You have the right to access all personal information we hold about you, including the right to receive a copy of this data in a structured, commonly used, and machine-readable format. You can request corrections to any inaccurate or incomplete personal information, and we will make these corrections promptly upon verification of the requested changes.
You have the right to request deletion of your personal data, subject to certain legal limitations such as our need to retain certain information for tax, legal, or regulatory compliance purposes. You can also request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing activities.
You have the right to data portability, which means you can request that we transfer your personal data directly to another service provider where technically feasible. You also have the right to object to certain types of data processing, particularly for direct marketing purposes or when processing is based on legitimate interests rather than legal requirements.
To exercise any of these rights, please contact our Privacy Officer at privacy@sentsays.com. We will respond to your request within the timeframes required by applicable law, typically within 30 days of receiving a valid request.
We implement comprehensive security measures designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction. Our security framework includes both technical and organizational measures that are regularly reviewed and updated to address emerging threats and maintain the highest standards of data protection.
All data transmitted between your devices and our servers is encrypted using industry-standard Transport Layer Security (TLS) protocols. Data stored in our systems is encrypted at rest using advanced encryption algorithms. We maintain strict access controls that ensure only authorized personnel can access your data, and all access is logged and monitored for security purposes.
Our team undergoes regular security training to understand their responsibilities for protecting customer data and recognizing potential security threats. We conduct regular security assessments, vulnerability testing, and penetration testing to identify and address potential weaknesses in our systems. We also maintain comprehensive incident response procedures to quickly detect, contain, and resolve any security incidents that may occur.
We use multi-factor authentication for administrative access to our systems and require strong password policies for all user accounts. Our infrastructure is hosted with reputable cloud service providers who maintain their own robust security measures and compliance certifications. We regularly backup your data to secure, geographically distributed locations to ensure data availability and recovery capabilities in case of system failures or disasters.
We retain your information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods are based on the type of information, the purpose for which it was collected, and applicable legal requirements.
Message logs and delivery records are retained for 365 days from the date of message delivery. This retention period allows us to provide you with comprehensive reporting on message performance, troubleshoot delivery issues, and maintain compliance with telecommunications regulations. After this period, message logs are automatically and securely deleted from our systems.
Order and transaction data connected to your account through platform integrations is retained for 365 days. This data is necessary for generating analytics reports, processing refunds or chargebacks, and maintaining accurate business records. Account information, including your profile data, preferences, and configuration settings, is retained until you close your account or request deletion.
Certain information may be retained for longer periods when required by law, such as financial records for tax purposes or data needed for ongoing legal proceedings. When you close your account, we will delete or anonymize your personal information according to our standard retention schedule, unless extended retention is required for legal compliance. All data deletion is performed using secure methods that make recovery impossible.
We use cookies, web beacons, and similar tracking technologies to enhance your experience with our services, analyze usage patterns, and improve our platform's functionality. Cookies are small text files stored on your device that help our website remember information about your visit and preferences.
Essential cookies are necessary for basic website functionality, including user authentication, security features, and core platform operations. These cookies cannot be disabled without significantly impacting your ability to use our services. Performance and analytics cookies help us understand how users interact with our platform, which pages are most popular, and where users encounter difficulties. This information is used to optimize our user interface and improve overall user experience.
Preference cookies remember your settings and customizations, such as language preferences, dashboard layouts, and notification settings. These cookies enhance your user experience by maintaining your preferred configurations across sessions. We may also use cookies for security purposes, such as detecting suspicious activity and protecting against unauthorized access attempts.
You can control cookie settings through your browser preferences, including the ability to block or delete cookies. However, please note that disabling certain cookies may affect the functionality of our website and limit your ability to use some features. We respect browser-based "Do Not Track" signals and will honor your privacy preferences as communicated through these mechanisms.
Our services are designed for and directed to businesses and individuals who are at least 18 years of age. We do not knowingly collect, use, or disclose personal information from children under the age of 13, or under the applicable age of digital consent in their jurisdiction. Our platform is not intended for use by minors, and we do not market our services to children.
If we become aware that we have collected personal information from a child under the applicable age without proper parental consent, we will take immediate steps to delete that information from our systems. Parents or guardians who believe we may have collected information from their child should contact us immediately at privacy@sentsays.com, and we will investigate and take appropriate action to remove such information.
We encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our services without parental permission. If you are under 18 years of age, please do not use our services or provide any personal information to us.
As a global service provider, your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer your personal information internationally, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable privacy laws.
For transfers from the European Economic Area (EEA) to countries outside the EEA, we rely on adequacy decisions by the European Commission where available, or implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. For transfers from other jurisdictions, we use similar mechanisms recognized by local data protection authorities to ensure your data receives adequate protection.
Our cloud service providers and technology partners are carefully selected based on their ability to provide adequate data protection guarantees. We maintain contractual agreements with all service providers that handle your data, requiring them to implement appropriate technical and organizational measures to protect your information and restrict its use to the specific purposes for which it was shared.
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or other operational, legal, or regulatory reasons. When we make material changes to this policy, we will provide you with prominent notice through various channels, including email notification to your registered email address, prominent notices on our website, or in-app notifications when you log into your account.
We will also update the "Last updated" date at the top of this policy to indicate when the most recent changes were made. For significant changes that materially affect your rights or how we handle your personal information, we may require your explicit consent to continue using our services under the updated terms.
We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our services after any modifications to this policy constitutes your acceptance of the updated terms. If you do not agree with any changes made to this policy, you should discontinue using our services and contact us to close your account.
We are committed to addressing any questions, concerns, or requests you may have regarding this Privacy Policy or our data handling practices. Our privacy team is available to assist you with any privacy-related matters and to help you understand or exercise your privacy rights.
For general inquiries about this Privacy Policy or our privacy practices, please contact us at contact@sentsays.com. For specific privacy-related requests, including requests to access, correct, or delete your personal information, please contact our designated Privacy Officer at privacy@sentsays.com.
When contacting us about privacy matters, please include sufficient information to help us understand and respond to your inquiry effectively. This may include your account information, specific details about your request, and any relevant documentation. We will acknowledge receipt of your inquiry promptly and provide a substantive response within the timeframes required by applicable law.
Our services integrate with various third-party platforms and services to provide you with comprehensive messaging automation capabilities. These integrations are essential for delivering our core functionality, but they also involve sharing certain data with our trusted partners under strict contractual agreements.
We work closely with Meta (formerly Facebook) through their WhatsApp Business API to deliver messages to your customers. All messages sent through our platform are subject to WhatsApp's terms of service and privacy policies. We recommend reviewing their policies to understand how they handle message data. You can find WhatsApp's Business Policy at https://www.whatsapp.com/legal/business-policy
Additionally, Meta's general privacy policy, which covers their broader data handling practices, can be found at https://www.facebook.com/privacy/policy. We encourage you to review these policies to understand how your data may be processed by our integration partners.
