Legal · Privacy

Privacy Policy

This Policy explains, in clear terms, what personal data WoWSmS collects, what we do with it, what we do not do, and how you can exercise your rights — including deletion.

Effective date: 17 July 2026 · Last updated: 17 July 2026

1. Who we are

WoWSmS (the “Platform”, “Service”, “we”, “us”, or “our”) is operated by WoWSQL Technologies Private Limited (“Company”), and is available at https://wowsms.in.

We provide a multi-channel messaging platform for businesses in India and elsewhere, including Bulk SMS (with TRAI DLT workflows), RCS, and WhatsApp Business messaging via Meta’s WhatsApp Cloud API / Business Platform, together with credits, API access, sender registration, and related dashboard tools.

For privacy questions or data rights requests, contact: support@wowsms.in.

2. Scope and roles

This Policy applies to visitors of our website, registered customers (business users), authorised users of a customer account, and end users whose data is processed in connection with messages sent or received through the Platform.

  • Account / Platform data: For registration, billing, support and Platform security, we generally act as a data fiduciary / controller.
  • Messaging content & recipient lists: When a business customer uploads phone numbers, templates, or message content and instructs us to send messages, we generally act as a data processor / service provider on that customer’s behalf. The customer is responsible for having a lawful basis (consent, contractual necessity, or other permitted ground) to message recipients.

3. Personal data we collect

Depending on how you use WoWSmS, we may collect:

3.1 Account and identity data

  • Full name, email address, password (stored hashed / via auth provider)
  • Mobile number and organisation / business details you provide
  • Role and account status (e.g. customer, admin)

3.2 Business compliance and sender data (India DLT)

  • Principal Entity (PE) / Entity ID and related DLT registration details
  • Sender IDs / headers and Content Template IDs
  • Screenshots or documents you upload for verification / approval workflows
  • Approval / rejection status from our operations or upstream providers

3.3 Messaging and campaign data

  • Recipient mobile numbers and any variables / personalisation fields you supply (e.g. name, order ID)
  • Message body / template content and campaign metadata
  • Delivery and status information (sent, delivered, failed, pending), provider request IDs, and failure reasons where available
  • For WhatsApp: template names/languages, phone number IDs / WABA identifiers configured for your use, and webhook event payloads needed to process delivery or inbound events

3.4 API and technical data

  • API keys (we store hashed or masked representations; raw keys are shown once on creation where applicable)
  • IP address, user-agent, device/browser signals, timestamps
  • Server logs, error logs, and security/audit events
  • Session cookies and authentication tokens required to keep you signed in

3.5 Payment and wallet data

  • Order amounts, plan/credit purchases, wallet balances and transaction history
  • Payment references from our payment partner (e.g. Razorpay order / payment IDs). We do not store full card numbers or UPI PINs on our servers

3.6 Support and deletion requests

4. What we do not do

Without limiting other restrictions in this Policy, we do not:

  • Sell your personal data to data brokers or unrelated third parties for their independent marketing
  • Use Meta / WhatsApp customer data obtained through WhatsApp Business Platform APIs to build advertising profiles for unrelated products, or for any purpose prohibited by Meta’s WhatsApp Business Terms, Cloud API terms, or Tech Provider / Solution Partner requirements
  • Store payment card PAN / CVV on WoWSmS servers (card data is handled by the payment processor)
  • Intentionally collect sensitive personal data categories beyond what is necessary for the Service (e.g. we do not ask for Aadhaar as a routine Platform requirement)
  • Read or use your WhatsApp private chats unrelated to the Business API traffic you configure through our Service
  • Guarantee delivery of every message — telecom and Meta networks apply their own filtering, rate limits, and policies

5. How we use personal data

We use personal data to:

  • Create and authenticate accounts; provide the dashboard and APIs
  • Process SMS / RCS / WhatsApp sends, campaigns, templates, and delivery reporting
  • Operate DLT entity / sender / template workflows and compliance checks required for Indian commercial communication
  • Manage credits, wallets, invoices and payment confirmation
  • Provide support, investigate abuse, prevent fraud, and secure the Platform
  • Comply with applicable law, regulators, law-enforcement requests with valid legal process, and Meta / telecom partner audits where required
  • Improve reliability, diagnose errors, and (only in aggregated or de-identified form where feasible) understand Service usage

6. Meta, WhatsApp and Facebook / Instagram integrations

Where you enable WhatsApp Business messaging through WoWSmS, we integrate with Meta Platforms, Inc. and its affiliates (including WhatsApp) under Meta’s developer and WhatsApp Business Platform terms.

6.1 Data exchanged with Meta

  • Outbound message payloads (template or session messages), recipient WhatsApp numbers, and business phone / WABA identifiers
  • Inbound webhook events (e.g. delivery status, message receipts, customer replies) to the extent you configure webhooks
  • Technical tokens and configuration values necessary to call Meta Graph / Cloud APIs (access tokens, phone number IDs, WABA IDs)

6.2 Our commitments for Meta App Review / Tech Provider use

  • We process WhatsApp Business data only to provide the messaging Service you requested
  • We do not transfer WhatsApp customer data to third parties except subprocessors needed to operate the Service, or where required by law
  • We apply access controls, least-privilege tokens, and audit logging for administrative actions
  • End users and Meta users may request deletion of data we hold via https://wowsms.in/data-deletion/request

Meta’s own processing is governed by Meta’s privacy policies and WhatsApp terms. You should also review Meta’s documentation when you connect a WhatsApp Business Account.

7. Sharing with service providers (subprocessors)

We share personal data only as needed to operate WoWSmS, including with:

  • WoWSQL infrastructure — authentication, database and related hosting for Platform data
  • Messaging / telecom partners (including Bulk9 and upstream SMS/RCS operators) to route messages and sync credits / DLT status
  • Meta / WhatsApp — for Cloud API messaging and related webhooks
  • Razorpay — payment processing and settlement
  • Professional advisers, auditors, or authorities where legally required

We require processors to use data only on our instructions (or as required by law) and to apply appropriate security measures.

8. Cookies and similar technologies

We use essential cookies and similar storage for authentication (including session cookies via our auth layer), security, and basic site function. We do not use third-party advertising trackers as a core part of the Product. Disabling essential cookies may prevent login or API portal use.

9. Retention

We retain personal data only as long as needed for the purposes above, including:

  • Account data — while the account is active and as needed after closure for legal claims
  • Message logs and campaign records — for operational reporting, dispute resolution, and compliance; then deleted or anonymised on a rolling basis or upon verified deletion request, subject to legal holds
  • Payment and tax records — for periods required under Indian tax and accounting laws
  • Audit / security logs — for a limited period for integrity and investigations

10. Security

We implement reasonable technical and organisational measures, including encrypted transport (HTTPS), access control, hashed credentials / API key handling, and audit logging of sensitive actions. No method of transmission or storage is 100% secure; you must also protect your passwords and API keys.

11. Your rights and data deletion

Subject to applicable law (including India’s Information Technology Act, 2000 and rules, and the Digital Personal Data Protection Act, 2023 as it becomes applicable), you may request access, correction, or deletion of personal data we hold about you.

How to request deletion:

We aim to complete verified requests within 30 days. We may retain limited data where required by law, for fraud prevention, or to establish / defend legal claims.

12. Children

The Service is directed to businesses and adult authorised users. We do not knowingly collect personal data from children under 18 for account registration. If you believe a child has provided us data, contact support@wowsms.in.

13. International transfers

Infrastructure and partners may process data in India and other jurisdictions. Where data is transferred outside India, we take steps consistent with applicable law and contractual protections with processors.

14. Changes to this Policy

We may update this Policy to reflect product, legal, or Meta / regulatory changes. The “Last updated” date will change; material changes may be notified via the dashboard or email where appropriate. Continued use after the effective date constitutes acceptance of the updated Policy.

15. Related documents and contact

Operator: WoWSQL Technologies Private Limited · Brand: WoWSmS · Website: https://wowsms.in