WAPlus Private Policy

Website Visitors

Like most website operators, WAPlus collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. WAPlus’s purpose in collecting non-personally identifying information is to better understand how WAPlus’s visitors use its website. From time to time, WAPlus may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

WAPlus also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on our blog. WAPlus only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that blog commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog where the comment was left.

Gathering of Personally-Identifying Information

Certain visitors to WAPlus’s Website choose to interact with WAPlus in ways that require WAPlus to gather personally-identifying information. The amount and type of information that WAPlus gathers depends on the nature of the interaction. Those who engage in transactions with WAPlus are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, WAPlus collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with WAPlus. WAPlus does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

Aggregated Statistics

WAPlus may collect statistics about the behavior of visitors to its website. WAPlus may display this information publicly or provide it to others. However, WAPlus does not disclose personally-identifying information other than as described below.

Protection of Certain Personally-Identifying Information

WAPlus discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on WAPlus’s behalf or to provide services available at WAPlus’s website, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using WAPlus’s websites, you consent to the transfer of such information to them. WAPlus will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, WAPlus discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when WAPlus believes in good faith that disclosure is reasonably necessary to protect the property or rights of WAPlus, third parties or the public at large. If you are a registered user of a WAPlus website and have supplied your email address, WAPlus may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with WAPlus and our products. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. WAPlus takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

Google Workspace API Usage Restrictions

We hereby explicitly state that all use of Google Workspace API strictly adheres to its service terms and data privacy requirements. Any data obtained through this API is used solely for delivering core functionalities of our service. We affirm that:

No AI/ML Model Development: User data, metadata, or derived information will not be used for:
- Training or improving machine learning (ML) models
- Developing general artificial intelligence (AGI) systems
- Optimizing generative AI models
Third-Party Prohibition: Strictly prohibit transferring API-derived data to any third parties for AI/ML model development purposes.
Scope Limitation: This restriction applies to all technical processes including but not limited to batch processing, real-time analytics, and data augmentation activities.

Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. WAPlus uses cookies to help WAPlus identify and track visitors, their usage of WAPlus website, and their website access preferences. WAPlus visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using WAPlus’s websites, with the drawback that certain features of WAPlus’s websites may not function properly without the aid of cookies.

Chrome Extension Data Handling

The WAPlus Chrome extension requires certain browser permissions to provide core features and a smooth user experience. Below is the type of data we may access, how we use it, and how we protect your privacy.

Permissions Used and Purpose

"tabs" and "activeTab" – Used to detect the current active tab and interact with WhatsApp Web to enable features such as tagging contacts, adding notes, and initiating messages.
"storage" – Used to locally store user preferences, session data, and extension settings to ensure a consistent user experience.
"cookies" – Used to detect login status or maintain web sessions; we do not access or store third-party cookies beyond what is necessary for functionality.
"scripting" – Used to inject scripts that enhance the WhatsApp Web user interface and enable CRM features without accessing content outside the user's action scope.
"contextMenus" – Used to add right-click menu items such as "Save Contact to WAPlus CRM."
"alarms" – Used to schedule background tasks like syncing tags or sending scheduled messages.
"management" (optional) – Used to detect potentially conflicting extensions to ensure compatibility; no personal data is collected.

Purpose of Data Collection

WhatsApp contact names and message metadata (e.g., timestamps) (only when use profile feature)
Extension usage data (feature usage frequency, anonymous error logs, Used for problem analysis and monitoring of issues that need to be resolved due to WhatsApp version updates.)
Browser language and timezone information (Used to determine internationalization, scheduled messages, and Google Calendar schedules)
Chat content and contact information (only when Sync & Backup feature is enabled)
Group chat information (only when Sync & Backup feature is enabled)

Data Sharing and Security

By default: We do not share extension data with any third parties
If the user uses zoho, hubspot, salesforce, webhook, we will transfer the data required for the corresponding function to the platform selected by the user.
Data transmission and storage are encrypted where applicable
Users can delete any data stored by the extension at any time

Data Handling

All data in transit is encrypted using modern cryptography (HTTPS/TLS or WSS), as required for handling personal/sensitive user data.
We only request the minimal permissions necessary and collect only the data required to fulfill the extension’s advertised features.
Any collection of personal/sensitive data—especially WhatsApp backups—is performed only after the user explicitly opts in via the “Sync & Backup” feature.
We do not use personal data for advertising, nor do we share/sell it to third parties except as necessary for providing the user-selected features. Any internal access by humans (e.g. for support) is only with user consent or anonymized.

Data Storage

Extension settings, temporary session tokens, and non-sensitive data are stored locally in Chrome Storage (chrome.storage.local/sync). These are isolated per-extension and are persistent beyond browser cache clearing, unless the user uninstalls.
WhatsApp backup data (messages, contacts, group info) is encrypted with industry-standard algorithms (e.g., AES‑256) at rest on our servers.
On the server, we implement lifecycle management to purge outdated or user-deleted data.
Access to stored data is restricted to authorized personnel/systems. We routinely perform security audits and vulnerability checks to ensure data integrity.

Compliance

The WAPlus Chrome extension complies with the Chrome Web Store User Data Policy. We do not collect personal data without user consent, nor do we use data for AI/ML training, profiling, or advertising.

For questions or data requests, please contact [email protected].

Business Transfers

If WAPlus, or substantially all of its assets, were acquired, or in the unlikely event that WAPlus goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of WAPlus may continue to use your personal information as set forth in this policy.

WAPlus’s website does not participate in any advertising network and therefore does not transfer any cookie related information to any 3rd parties.

Accessing and Correcting Your Information

You can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your account at https://waplus.io. For other personal information we hold, we will provide you with access for any purpose including to request that we correct the data if it is inaccurate or delete the data if we are not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

California Privacy Rights

If you are a California resident, you may have certain additional rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. California Business and Professions Code Section 22581 permits registered users who are minors to request and obtain deletion of certain posted content.

Comments

Comments and other content submitted to us are saved on our servers.

Children's Privacy

WAPlus does not knowingly collect or solicit personal information from children under the age of 13 (or under 16 in some jurisdictions). If we discover that unverified children’s data has been collected, we will promptly delete it.

If you believe that a child under the legal age has provided personal information to us, please contact us at [email protected], and we will take appropriate action.

Privacy Policy Changes

Although most changes are likely to be minor, WAPlus may change its Privacy Policy from time to time, and in WAPlus’s sole discretion. WAPlus encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Contact Us

If you have any questions or comments, we may be reached at [email protected]

Notice to European users

The information provided in this “Notice to European users” section applies only to individuals in the United Kingdom, Switzerland, and the European Economic Area (hereafter collectively referred to as “Europe”).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. WAPlus is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.	Legal basis
For Service delivery	Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request. Processing of Google Workspace API data is strictly limited to contractual necessity under Article 6(1)(b) GDPR
For research and development For marketing and advertising purposes Compliance and protection purposes Sharing your personal information as described in this Privacy Policy	These activities may constitute our legitimate interests, may be necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services, or may be based on your consent. To the extent that these activities constitute our legitimate interests, we do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with applicable law	Processing is necessary to comply with our legal obligations.
With your consent	Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for Compliance and protection purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services, or otherwise to us.

If you provide us with any sensitive personal information to us when you use the services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our services.

Your rights. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
EU residents may request audit reports verifying compliance with these API usage restrictions

You may submit these requests by email to [email protected]. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-border data transfer. If we transfer your personal information from Europe to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.