WAPlus CRM for WhatsApp Web Privacy Policy
Last updated: May 26th, 2026
WAPlus CRM for WhatsApp Web ("WAPlus", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect from users of the WAPlus CRM for WhatsApp Web Chrome Extension (the "Extension"), how we use and protect that data, where it is stored, and with whom we share it.
WAPlus does not sell user data and does not use Extension data for advertising. We collect and process data only as needed to provide the Extension's CRM, messaging, automation, scheduling, sync, translation, AI, diagnostic, and integration features selected by the user.
1. What Data We Collect
We collect data only as needed to provide core functionality of the Extension. Here is a detailed breakdown:
| Data Type | How It's Collected | Purpose | Shared With |
|---|---|---|---|
| WAPlus account data, login status, account ID, workspace data, subscription or plan information, Extension version, install time, and Extension instance UUID | Automatically when the user logs in, installs the Extension, or uses WAPlus account features | Authenticate the user, connect the Extension to the WAPlus account, provide subscription features, support troubleshooting, and understand Extension stability | WAPlus servers; Alibaba Cloud infrastructure used by WAPlus for hosting, storage, and logs; payment or subscription service providers where needed for billing |
| Authentication data, including WAPlus identity cookie, authentication token, and integration OAuth tokens or authorization codes | From WAPlus login, browser cookie storage, Chrome extension storage, and OAuth flows started by the user | Keep the user logged in, authorize API requests, and connect optional Google, HubSpot, Salesforce, or Zoho integrations | WAPlus servers; the selected integration provider such as Google, HubSpot, Salesforce, or Zoho when the user connects that integration |
| WhatsApp account and contact data, including WhatsApp number, WhatsApp ID, LID, contact names, phone numbers, chat names, group names, profile photos or avatars, tags, notes, custom fields, tabs, reminders, and imported contacts | From WhatsApp Web on the user's device, from data entered or imported by the user, and from CRM actions performed in the Extension | Provide CRM contact management, tagging, notes, reminders, custom tabs, contact import, search, synchronization, and customer support features | WAPlus servers; Alibaba Cloud storage for avatars, media, and files where applicable; selected CRM providers such as HubSpot, Salesforce, or Zoho if the user enables those integrations |
| Message metadata, including message ID, sender and recipient identifiers, chat ID, timestamps, message type, delivery or sync status, and related conversation metadata | From WhatsApp Web when the user uses messaging, sync, sharing, CRM, automation, webhook, or AI features | Provide chat sync, conversation sharing, scheduled messages, reminders, quick replies, auto replies, broadcast messages, webhook events, AI replies, and troubleshooting | WAPlus servers; Alibaba Cloud logs and storage; selected CRM integrations; webhook URLs configured by the user when webhook features are enabled |
| Selected message content, selected chat history, prompts, replies, quick reply templates, auto reply rules, scheduled message content, broadcast content, AI chatbot content, and uploaded AI knowledge sources | Only when the user creates, selects, syncs, shares, sends, translates, rewrites, uploads, or enables features that process this content | Provide user-selected features such as chat sync, conversation sharing, scheduled messages, broadcast messages, quick replies, auto replies, AI chatbot, AI rewrite, AI reply, translation, and CRM integrations | WAPlus servers; WAPlus AI services; translation or AI providers used by WAPlus such as Google Translate, Tencent Transmart, and other AI/translation providers; selected CRM integrations; webhook URLs configured by the user |
| Files, media, images, documents, audio, voice messages, attachments, avatars, and file metadata | When the user uploads, sends, syncs, shares, saves, or uses media or file-based Extension features | Provide media upload, file templates, scheduled messages, broadcast messages, conversation sync, CRM records, AI knowledge sources, and troubleshooting | WAPlus servers; Alibaba Cloud OSS, CDN, and related storage services used by WAPlus; selected CRM integrations or webhook URLs when the user enables those features |
| Google Calendar and Google Contacts data, including OAuth authorization data, calendar event title, date, time, location, description, contact sync settings, and contact data needed for synchronization | Only when the user connects Google Calendar or Google Contacts and authorizes the requested Google scopes | Create or manage Google Calendar events and synchronize Google Contacts as requested by the user | Google APIs; WAPlus servers only as needed to provide the enabled Google integration |
| HubSpot, Salesforce, and Zoho CRM data, including OAuth tokens, contacts, leads, deals, tasks, calls, notes, tickets, events, and selected WhatsApp messages or contact details | Only when the user connects the relevant CRM integration and chooses to search, create, update, or sync records | Provide CRM integration features and keep WAPlus CRM data aligned with the selected third-party CRM | The selected CRM provider: HubSpot, Salesforce, or Zoho; WAPlus servers for token exchange, configuration, and sync support |
| Webhook configuration and webhook payload data, including webhook URLs and selected message or event payloads | Only when the user enables webhook features and configures webhook URLs | Send message-related or event-related payloads to the endpoints configured by the user | The webhook endpoint operators configured by the user; WAPlus servers where needed to manage webhook permission and settings |
| Browser language, timezone, browser type, operating system, user agent, platform, WhatsApp Web version, feature usage logs, request status, response status, performance data, and error logs | Automatically from browser settings, Chrome APIs, WhatsApp Web, and Extension diagnostic events | Localize the UI, align scheduling with local time, diagnose issues caused by browser or WhatsApp Web updates, improve stability, prevent abuse, and provide support | WAPlus servers; Alibaba Cloud Log Service and related cloud infrastructure used by WAPlus for logs and diagnostics |
| Installed extension metadata, including extension name, ID, version, and enabled status |
Only if the user grants the optional Chrome
management
permission
|
Detect potentially conflicting WhatsApp-related extensions, help the user disable conflicts, and troubleshoot compatibility issues | WAPlus servers and Alibaba Cloud logs for compatibility diagnostics where needed |
WAPlus does not automatically collect all WhatsApp message content. Message content and media are processed only when the user uses or enables features that require such processing, such as sync, conversation sharing, scheduled messages, broadcast messages, quick replies, auto replies, AI, translation, CRM integrations, or webhooks.
2. Permissions and Justification
We use the following Chrome permissions:
| Permission | Why It's Needed |
|---|---|
tabs
and
activeTab
|
Locate, open, focus, and interact with WhatsApp Web and WAPlus pages when the user starts an Extension feature. |
storage |
Save user preferences, settings, tokens, templates, queues, local logs, caches, and Extension state locally. |
cookies |
Read WAPlus authentication cookies, such as the WAPlus identity cookie, to detect login status and connect the Extension with the user's WAPlus account. |
scripting |
Load WAPlus code and user interface into WhatsApp Web so the CRM, scheduling, automation, translation, and integration features can work. |
contextMenus |
Add right-click actions, such as starting a chat or sending selected text through WAPlus features. |
alarms |
Run scheduled messages, reminders, sync tasks, token checks, and other time-based background jobs. |
management
(optional)
|
Detect potentially conflicting WhatsApp-related extensions if the user grants this optional permission. |
host_permissions |
Access
web.whatsapp.com
to interact with WhatsApp Web and provide WAPlus features. Optional host permissions are requested only for integrations or user-configured endpoints, such as HubSpot APIs or webhook URLs.
|
3. How We Use the Data
We only collect and process data that is necessary to deliver the following functionality:
- Authenticating users and connecting the Extension to WAPlus.
- Providing WhatsApp Web CRM features such as contact management, notes, tags, tabs, reminders, and customer profiles.
- Providing messaging tools such as scheduled messages, quick replies, auto replies, broadcasts, chat sync, and conversation sharing.
- Providing optional Google Calendar, Google Contacts, HubSpot, Salesforce, Zoho, webhook, AI, translation, chatbot, and file upload features when enabled by the user.
- Diagnosing issues caused by browser versions, Extension versions, or WhatsApp Web updates.
- Localizing content and aligning scheduled actions with the user's local time.
- Improving product stability, security, compatibility, and customer support.
4. Data Storage and Security
- Extension settings, preferences, tokens, caches, templates, and queues may be stored locally using Chrome's extension storage APIs or browser local storage.
- Account data, CRM records, sync data, uploaded files, logs, and integration data may be stored on WAPlus servers and cloud infrastructure used by WAPlus.
- Files, media, avatars, attachments, and logs may be stored or processed using Alibaba Cloud services, including OSS, CDN, ECS, database services, and Log Service.
- Extension diagnostic logs stored in Alibaba Cloud Log Service are automatically deleted after seven days through Alibaba Cloud's automatic log retention policy.
- All communication between the Extension and remote servers is secured via HTTPS/TLS where applicable.
- Access to cloud-stored data is limited to authorized personnel and service providers who need access to operate, secure, support, or improve WAPlus.
- We use reasonable technical and organizational safeguards to protect user data against unauthorized access, use, alteration, or destruction.
5. Data Sharing Policy
We do NOT sell, rent, or share user data with third parties for advertising. We share data only as needed to provide the Extension, as directed by the user, with service providers acting on our behalf, or where legally required.
Data may be shared with the following recipients:
- WAPlus servers and WAPlus-operated domains for account, CRM, sync, automation, billing, support, and Extension API services.
- Alibaba Cloud services, including OSS, CDN, ECS, database services, and Log Service, for hosting, file storage, delivery, logs, and diagnostics.
- Google APIs, including Google Calendar and Google Contacts, only when the user enables the relevant Google feature.
- Google Translate, Tencent Transmart, WAPlus AI services, and other AI or translation providers used by WAPlus, only when the user uses translation, AI rewrite, AI reply, AI chatbot, or related features.
- HubSpot, Salesforce, and Zoho, only when the user connects and uses the relevant CRM integration.
- Webhook URLs configured by the user, when webhook features are enabled.
- Authorized WAPlus personnel for debugging, customer support, product security, and service operation.
- Government authorities, courts, or other parties if required by law, subpoena, court order, or legal process.
- A successor organization as part of a merger, acquisition, reorganization, financing, or asset transfer, subject to this Privacy Policy or notice of material changes.
Alibaba Cloud and other service providers process data only as service providers for WAPlus. They are not permitted by WAPlus to use user data for their own advertising.
6. Google API Limited Use
WAPlus's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Google API data is used only to provide user-facing Google Calendar or Google Contacts features that the user enables.
- WAPlus does not use Google API data to train, develop, or improve generalized AI or machine learning models.
- WAPlus does not transfer Google API data to third parties for AI or machine learning model training.
- WAPlus does not use Google API data for advertising or unrelated profiling.
7. User Control and Data Deletion
Users have control over their data:
- Local data stored by the Extension can be cleared through Chrome settings, by logging out, or by uninstalling the Extension.
- Users can delete CRM records, notes, tags, templates, reminders, scheduled messages, broadcasts, and other user-created data where the product provides those controls.
- Users can disconnect optional integrations such as Google, HubSpot, Salesforce, Zoho, webhooks, AI, translation, and other connected services where available.
- Users can revoke Google permissions from their Google account security settings.
- Users can contact us at [email protected] to request access, correction, export, or deletion of server-stored personal data tied to their account or identifiers, subject to verification and legal exceptions.
8. Data Retention
- Local Extension settings and logs are retained on the user's device until the user clears Extension data, logs out, resets the relevant feature, or uninstalls the Extension.
- CRM records, contacts, notes, tags, reminders, templates, automations, broadcasts, uploaded files, and synced conversation data are retained while needed to provide the service or until the user deletes the data, disconnects the feature, closes the account, or requests deletion, unless retention is required for legal, security, backup, accounting, or legitimate business purposes.
- OAuth tokens and integration credentials are retained while the relevant integration remains connected or while needed to complete the requested sync, unless the user revokes access, disconnects the integration, or requests deletion.
- Diagnostic logs stored in Alibaba Cloud Log Service are retained for a maximum of seven days and are automatically deleted after seven days by Alibaba Cloud's automatic log retention policy. We use this seven-day window only for debugging, stability, security, abuse prevention, support, and service improvement.
- If a user contacts us about an issue, we may use the user's Extension UUID, account identifiers, or WhatsApp number to locate relevant logs within this seven-day window. After the seven-day period, those diagnostic logs are automatically deleted.
9. Children's Privacy
Our Extension is not intended for use by children under the age of 13, or under the minimum age required by applicable law in the user's jurisdiction. We do not knowingly collect personal information from children. If we discover that a child has provided personal information to us, we will take appropriate steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy as necessary to comply with regulations or reflect product, operational, or legal changes. The updated policy will be posted on this page with a revised date.
11. Contact Us
If you have questions or concerns regarding this Privacy Policy or your data, contact us at: [email protected]
