Legal
Privacy Policy
Last updated: 2 July 2026
walpio (“walpio”, “we”, “us”) is a WhatsApp Business gateway operated from India and provided to business customers worldwide. This policy explains what data we handle, why, and the choices you have. We keep it short on purpose — and we hold ourselves to what it says.
1. Who this covers
Two situations are covered here: (a) visitors of this website and people who contact us, and (b) client workspaces — businesses that use the walpio service. For the personal data of a client's own customers (the people a client messages on WhatsApp), the client is the data controller and walpio acts as a processor on the client's instructions.
2. What we collect
- Website: nothing automatic. This site sets no analytics trackers and no advertising cookies. The only storage used is a single browser preference for your light/dark theme choice, kept on your device.
- Contact & access requests: whatever you send us by email — typically your name, email address, company and message.
- Client workspaces: account and billing contact details; the WhatsApp Business account identifiers a client connects (business account ID, phone number ID); access credentials for Meta's API, stored encrypted; message metadata — recipient number, direction, timestamps, delivery status, template used — and a short text preview (up to 160 characters) for the client's own message log. Full conversation content lives in the client's own WhatsApp/Meta account, not with us.
- Payments: subscription payments are processed by our payment provider (Razorpay). We receive confirmation of payment and basic billing details; we never see or store full card numbers.
3. How we use data
- To provide the service: routing WhatsApp messages through Meta's official Cloud API, tracking delivery, enforcing the 24-hour messaging window rules, and showing clients their own message logs.
- To operate securely: authentication, abuse prevention, rate limiting and troubleshooting.
- To respond when you contact us, and to manage subscriptions and billing.
- We do not sell personal data, and we do not use client message data for advertising or for training anything.
4. Who we share data with
- Meta Platforms — messages are transmitted through Meta's WhatsApp Business Cloud API; Meta processes them under its own terms with the client's WhatsApp Business account.
- Cloudflare — our infrastructure provider; the service and its database run on Cloudflare's global network.
- Razorpay — payment processing.
- Authorities, if the law genuinely requires it.
No other third parties receive personal data.
5. Where data lives
The service runs on Cloudflare's global edge network, so data may be processed outside your country. We deliberately minimise what we store — metadata, short previews and encrypted credentials rather than full conversations.
6. Security
Client API credentials are encrypted at rest with AES-256-GCM. Inbound webhooks are verified by cryptographic signature on every event. API keys are stored only as hashes and can be revoked instantly. Access to production systems is restricted to those who operate the service.
7. Retention
Workspace data is kept while the account is active and for up to 90 days after closure, then deleted. Contact emails are kept as long as needed to handle the conversation. Payment records are retained as required by law.
8. Your rights
You can ask us to access, correct or delete personal data we hold about you, or object to its use, by emailing hello@walpio.com. We respond within 30 days. If you are a customer of one of our clients, we will refer your request to that client, since they control that data.
9. Children
The service is for businesses and is not directed at children under 18.
10. Changes
If this policy changes materially, we will update this page and note the new date above. Continued use of the service after a change means the updated policy applies.
11. Contact
Questions about privacy: hello@walpio.com.