Privacy Policy

Account data: When you register, we collect your email address, full name, and billing information.

Store & order data: When you connect a store, we receive and store order details (customer name, phone number, order total, items, and shipping address) forwarded via webhook by your e-commerce platform.

WhatsApp session data: Your WhatsApp session credentials (authentication keys for the linked device) are encrypted and stored in our cloud storage so your session can be restored after restarts. We never read, store, or analyse your personal WhatsApp messages or contacts.

Usage data: We collect logs of jobs processed, message delivery statuses, and error events for debugging and analytics. These logs do not contain message content beyond what is needed for troubleshooting.

We use the data we collect to:

• Deliver the Service — sending WhatsApp confirmations for new orders.
• Maintain session state and restore hibernated WhatsApp connections.
• Calculate and enforce your plan credit limits.
• Send transactional emails (receipts, password resets, critical alerts).
• Improve reliability and diagnose errors.

We do not sell your data or your customers' data to third parties.

Order data — including your customers' names and phone numbers — is processed solely to send the confirmation message on your behalf. We act as a data processor; you are the data controller responsible for your customers' consent under applicable law (GDPR, PDPL, etc.).

Customer phone numbers are retained only as long as necessary to service your account. You can request deletion at any time from the dashboard or by contacting us.

We share data only with:

• Supabase — database and file storage (EU region by default).
• Stripe — payment processing. We never store full card numbers.
• Meta (WhatsApp) — messages are delivered through WhatsApp infrastructure. Meta's own privacy policy governs message delivery.

Order and message records are retained for 12 months after creation, then automatically purged. You can request earlier deletion at any time. WhatsApp session credentials are deleted immediately when you remove a number from your account.

All data is encrypted in transit (TLS 1.2+) and at rest. WhatsApp session credentials are stored encrypted. We follow the OWASP Top 10 guidelines and conduct regular dependency audits.

Despite our best efforts, no system is completely secure. In the event of a breach that affects your data, we will notify you within 72 hours.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and all associated data.
• Export your order and message history.
• Object to processing (where applicable).

To exercise any of these rights, email privacy@akked.app.

We use only essential cookies required for authentication (Supabase session cookie) and security (CSRF token). We do not use advertising or tracking cookies.

We may update this policy as the Service evolves. Material changes will be announced via email and an in-dashboard notice at least 14 days before they take effect. Continued use after that date constitutes acceptance.

Questions about this policy? Reach us at privacy@akked.app or via our support page.