Privacy Policy

Effective: 26 April 2026. Draft — replace with lawyer-reviewed copy.

1. What we collect

• Account: name, email, password hash (handled by Better Auth).
• Customer data you upload: phone numbers, names, plan details, subscription expiry dates, area names — for the sole purpose of sending WhatsApp messages on your behalf.
• Message activity: sent / delivered / read / failed status per recipient, retained for 90 days unless your plan extends it.
• Payment evidence: sender name, transfer date, transaction reference number you submit when buying credits. Retained until reconciled with the bank statement, then 12 months for accounting.
• Operational logs: request timestamps, IP addresses, user-agent strings, error traces. Retained 30 days.

2. Why we collect it

To operate the service: authenticate you, deliver the WhatsApp messages you instruct us to send, bill correctly, comply with our obligations, and improve the service.

3. Third parties

We share data with these processors only as needed to operate the service:

• Cloudflare — hosting (Workers, D1, R2).
• Resend — transactional email (account verification, billing notifications).
• Meta (WhatsApp Cloud API) — recipient phone numbers and message content for delivery.
• Sentry, Posthog — error tracking and product analytics (only after your cookie consent).

4. Your rights

• Access — request a copy of your data via support@deep-iq.net.
• Deletion — initiate from Settings → Danger Zone, or by email. Soft-delete grace period 7 days, then hard delete.
• Correction — edit your account details directly, or email us for fields not in the UI.

5. Security

Passwords are hashed (never stored in clear). Sessions are short-lived signed tokens. WhatsApp Cloud API access tokens are stored server-side and never exposed to the browser.

6. Contact

Questions: support@deep-iq.net.