Privacy Policy

Effective Date: April 21, 2026

This Privacy Policy explains how WhatsApp Bulk & Notify ("we", "our", or "the App") collects, uses, and protects your data when you use our service through the Shopify platform.

1. Information We Collect

To provide automated WhatsApp services, we access the following data from your Shopify store via authorized APIs:

• Personal Customer Data: Names, Email addresses, Phone numbers, and Default shipping addresses for message delivery.
• Transaction Data: Order IDs, Product details, Pricing, and Payment status to trigger order notifications.
• Abandonment Data: Checkout recovery tokens and cart contents to send recovery reminders.
• Store Meta-Data: Store name, timezone, and contact email for account administration.

2. How We Use the Information

We process this information solely for the following purposes:

• Facilitating the delivery of transactional and marketing messages via the Meta WhatsApp Business API.
• Providing analytics and delivery reports (Delivered, Read, Failed) to the store owner.
• Managing contact segments and marketing lists as defined by the store owner.
• Ensuring technical stability and preventing abuse of the WhatsApp platform.

3. Third-Party Data Sharing

We **never** sell your data. We only share information with third parties when absolutely necessary for the core service:

• Meta Platforms, Inc: Customer phone numbers and message content are transmitted to Meta to deliver messages via WhatsApp.
• Cloudflare: Our infrastructure is hosted on Cloudflare to ensure secure and fast data processing.

4. Data Retention and Deletion

In accordance with Shopify's data protection standards:

• GDPR Compliance: If a customer requests data deletion via Shopify, we automatically redact their personal information from our logs within 48 hours.
• App Uninstallation: Upon uninstallation, all store-specific data is scheduled for permanent deletion from our databases within 48 hours.

5. Security Measures

We employ enterprise-grade security protocols, including AES-256 encryption for data at rest and TLS 1.3 for data in transit. Access to our internal databases is strictly limited to essential automated processes.

6. GDPR and CCPA Rights

Users in the European Economic Area (EEA) and California have specific rights regarding their personal data, including the right to access, correct, or delete information. Since we act as a Data Processor, any such requests should be initiated through your Shopify Admin panel.

7. Contact Us

For any privacy-related inquiries, please contact our Data Protection Officer at: privacy@yourdomain.com