1. Controller
For data about you (the WhatsIA customer): Optima Quantum Services FZCO, Dubai, UAE. Contact: info@whatsia.io.
For data about your end-customers who write to your bot: you are the controller; we act as processor (see DPA).
2. Data we collect from you
Account info: business name, contact name, email, phone, WhatsApp number, website. Used to provide and bill the service.
Payment data: handled directly by Stripe.
3. Data passing through your bot
Messages your customers send (text, voice, images), their phone numbers, timestamps. Stored in your dedicated database and processed in transit by the OpenAI API.
4. Subprocessors
OpenAI (LLM, US), IONOS (hosting and email, Germany), Stripe (payments, EU), Cal.com (booking, US), Cloudflare (DNS/CDN, global), Meta (WhatsApp, EU/US).
5. Legal basis
Contract performance, legitimate interest, legal obligations.
6. Retention
Account data: while your subscription is active and a reasonable period thereafter. Conversation data: while your bot is active. Billing records as required by law.
7. Your rights
If you are based in the EU/UK or equivalent: access, rectification, erasure, restriction, portability, complaint to your data protection authority. Email info@whatsia.io to exercise.
8. Security
TLS in transit. Restricted server access. Per-customer database isolation.
9. International transfers
Some processing happens outside the EU/UAE. Standard Contractual Clauses or equivalent safeguards apply where required.
10. Changes
Material changes communicated by email fourteen days in advance.