Privacy Policy

1. Introduction

Welcome to WAVE CRM ("we," "our," "us," or the "Company"). WAVE CRM is an Indian WhatsApp Business CRM platform operated and maintained for businesses across India. We are committed to protecting and respecting your privacy in accordance with applicable Indian and international data protection laws.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you access or use our website (whatsapp.aaservice.in), mobile applications, APIs, and all related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

WAVE CRM provides a comprehensive WhatsApp Business CRM platform that enables businesses to manage customer communications, run marketing campaigns, deploy AI-powered chatbots, automate follow-ups, and analyze engagement — all through Meta's official WhatsApp Business Platform.

2. Information We Collect

We collect the following categories of information to provide, improve, and secure our Services:

a) Personal Information You Provide Directly:

• Account Registration Data: Your full name, email address, phone number, business name, and password when you create an account on our platform.
• Business Information: Your company details, GST number, billing address, and business category as required for service provisioning.
• Payment Information: Billing details and transaction records processed through our payment partners. We do not store full credit/debit card numbers on our servers.

b) WhatsApp Account Data:

• WhatsApp Business Account details and phone number(s) connected to our platform.
• WhatsApp Business API credentials and access tokens.
• Business profile information (display name, profile picture, business description) configured through our platform.
• Message templates submitted and approved through Meta's template review process.

c) Message Content and Communication Data:

• Content of messages sent and received through our platform, including text, images, documents, audio, video, and location data.
• Contact lists and customer phone numbers uploaded or synced to our platform.
• Campaign data including recipient lists, message templates, delivery status, and engagement metrics.
• Chatbot conversation logs and AI-generated responses.

d) Usage and Analytics Data:

• Login timestamps, session duration, and feature usage patterns.
• Campaign performance metrics (delivery rates, read receipts, response rates).
• Dashboard interactions and navigation patterns.

e) Device and Technical Information:

• IP address, browser type and version, operating system, and device identifiers.
• Screen resolution, language preferences, and time zone settings.
• Referring URLs and pages visited within our platform.

f) Cookies and Similar Technologies:

• Session cookies to maintain your login state and preferences.
• Analytics cookies to understand how you interact with our platform.
• Security cookies for fraud detection and prevention.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing Core Services: To operate and maintain the WAVE CRM platform, including account management, WhatsApp Business API connectivity, message delivery, and CRM functionality.
• WhatsApp Business Messaging: To facilitate sending and receiving messages on your behalf through Meta's WhatsApp Business Platform (Cloud API), managing message queues, delivery tracking, and read receipt monitoring.
• AI-Powered Chatbots: To power intelligent chatbot responses using artificial intelligence providers, process natural language queries from your customers, and continuously improve chatbot accuracy and response quality.
• Campaign Management: To execute bulk messaging campaigns, schedule follow-up messages, segment audiences, and provide campaign performance analytics and reporting.
• Analytics and Insights: To generate business intelligence reports, track message delivery and engagement metrics, and provide actionable insights to improve your communication strategy.
• Marketing Campaigns: To send you service updates, new feature announcements, and promotional materials (only with your explicit consent, and you may opt out at any time).
• Account Security: To verify your identity, detect fraudulent activity, prevent unauthorized access, and maintain the security and integrity of our platform.
• Customer Support: To respond to your queries, troubleshoot issues, and provide technical assistance.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including Indian IT Act requirements and Meta platform policies.
• Service Improvement: To analyze usage patterns, conduct research, and develop new features and improvements to our platform.

4. WhatsApp Business Platform

When you use our Services to send and receive WhatsApp messages, the following applies:

• Message Processing: Messages sent through our platform are transmitted via Meta's WhatsApp Business Cloud API infrastructure. Messages are encrypted end-to-end between the sender and receiver as per WhatsApp's standard encryption protocol.
• Meta's Data Handling: Meta (the parent company of WhatsApp) processes certain data in accordance with their own privacy policies. This includes message metadata, delivery status information, and account verification data. We encourage you to review WhatsApp's Privacy Policy and Meta's Privacy Policy for details on how Meta handles data.
• Business Messaging Compliance: All messages sent through our platform must comply with Meta's WhatsApp Business Policy, Commerce Policy, and applicable messaging guidelines. We enforce opt-in requirements, STOP keyword support, and message template approval processes.
• Data Stored by WAVE CRM: We store message content, delivery status, and conversation history on our servers to provide CRM functionality, analytics, and support. This data is stored securely with encryption and access controls as described in Section 9 (Data Security).
• Template Messages: Marketing, utility, and authentication message templates are submitted to Meta for approval before use. Template content and approval status are stored on our platform.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you create an account, connect your WhatsApp Business number, or opt-in to receive marketing communications, you provide explicit consent for us to process your data for those specific purposes. You may withdraw consent at any time.
• Contract Performance: Processing is necessary to fulfill our contractual obligations to you — including providing the CRM platform, executing messaging campaigns, maintaining chatbot services, and delivering the features included in your subscription plan.
• Legitimate Interests: We process certain data based on our legitimate business interests, including platform security, fraud prevention, service optimization, and product improvement — provided these interests do not override your fundamental rights and freedoms.
• Legal Obligations: We may process your data when required to comply with applicable laws, court orders, regulatory requirements, or government requests under Indian law.

6. Data Sharing and Third Parties

We may share your data with the following categories of third parties, solely as necessary to provide our Services:

• Meta / WhatsApp: Your WhatsApp Business Account data, message content, and related metadata are transmitted to Meta's WhatsApp Business Platform for message delivery and processing. Meta processes this data under their own privacy policies and terms.
• AI Service Providers: To power our AI chatbot features, we share relevant conversation data with trusted AI providers (such as Google Gemini, Groq, DeepSeek, and similar services). This data is used solely for generating chatbot responses and is not retained by these providers beyond the processing session, in accordance with their data processing agreements.
• Payment Processors: Payment information is shared with our payment gateway partners to process subscription payments and manage billing. These processors comply with PCI-DSS standards and applicable Indian financial regulations.
• Hosting and Infrastructure Providers: We use secure hosting services to store and process your data. Our infrastructure providers are contractually bound to maintain appropriate security measures and data protection standards.
• Legal and Regulatory Authorities: We may disclose your information to law enforcement, government agencies, or regulatory bodies when required by law or in response to valid legal processes.

7. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

• Account Data: Your account information is retained for the duration of your active subscription and for up to 12 months after account closure or cancellation, to allow for reactivation or dispute resolution.
• Conversation History: WhatsApp message content and conversation logs are retained for up to 6 months from the date of the last message in each conversation, unless you request earlier deletion.
• Campaign Data: Campaign reports, recipient lists, and performance metrics are retained for up to 12 months after campaign completion for analytics and reporting purposes.
• Chatbot Conversation Logs: AI chatbot conversations are retained for up to 3 months to improve chatbot accuracy and for quality assurance.
• Billing and Transaction Records: Financial records are retained for a minimum of 8 years as required by Indian tax laws and accounting regulations.
• Auto-Deletion: We implement automated data cleanup processes that periodically purge expired data in accordance with the retention periods specified above. You may also manually request data deletion at any time (see Section 10).

8. Your Rights

Under the Information Technology Act, 2000 (India), the Digital Personal Data Protection Act, 2023 (India), and the General Data Protection Regulation (GDPR) where applicable, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you. You can access most of your data directly through your WAVE CRM dashboard.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data. You can update most information directly in your account settings.
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data, subject to our legal obligations and legitimate business interests. See Section 10 for the data deletion process.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at support@aaservice.in or call +91 82529 29204. We will respond to your request within 30 days.

9. Data Security

We take the security of your data seriously and implement comprehensive measures to protect it:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). Sensitive data stored in our databases, including API tokens and passwords, is encrypted at rest using industry-standard encryption algorithms.
• Access Controls: We implement role-based access controls (RBAC) to ensure that only authorized personnel can access your data. All access is logged and monitored for security purposes.
• Regular Security Audits: We conduct periodic security assessments, vulnerability scans, and code reviews to identify and remediate potential security risks.
• Secure Hosting: Our servers are hosted in secure data centers with physical security controls, redundant power supplies, and disaster recovery capabilities.
• Password Protection: User passwords are hashed using secure, one-way hashing algorithms. We never store passwords in plain text.
• Session Management: We implement secure session management with automatic timeout, session invalidation on logout, and protection against session hijacking.
• Incident Response: We maintain an incident response plan to promptly address any security breaches. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

10. Data Deletion

You have the right to request deletion of your personal data at any time. Here's how the process works:

• Manual Request: You can request data deletion by contacting us at support@aaservice.in with the subject line "Data Deletion Request." Please include your registered email address and phone number for verification.
• Meta Data Deletion Callback: If you connected your Facebook account to our Services, Meta may send us a data deletion request on your behalf. We process these requests automatically through our data deletion callback endpoint. You will receive a confirmation code and can check the status of your deletion request at any time.
• Account Dashboard: You can delete specific data (contacts, conversations, campaigns) directly from your WAVE CRM dashboard.

What happens when you request deletion:

• Your account profile and login credentials are permanently removed.
• All contact lists and customer data associated with your account are deleted.
• Conversation histories and message logs are purged from our servers.
• Campaign data, reports, and analytics are permanently removed.
• Chatbot training data and conversation logs are deleted.
• Data already transmitted to Meta/WhatsApp is subject to Meta's own data retention and deletion policies.

Please note that certain data may be retained as required by law (e.g., billing records for tax compliance). Deletion requests are processed within 30 days of verification.

11. International Data Transfers

WAVE CRM is based in India, and your data is primarily stored on servers located in India. However, in the course of providing our Services, your data may be transferred to and processed in other countries in the following circumstances:

• Meta's Infrastructure: WhatsApp messages are processed through Meta's global infrastructure, which may include servers located outside India.
• AI Service Providers: AI processing for chatbot features may occur on servers located in the United States, Europe, or other regions where our AI provider partners operate.
• Cloud Infrastructure: Certain backup and CDN services may involve data processing in multiple geographic locations.

Where your data is transferred internationally, we ensure that appropriate safeguards are in place, including contractual data protection clauses and compliance with applicable cross-border data transfer regulations.

12. Cookies and Tracking

Our platform uses cookies and similar tracking technologies to enhance your experience:

• Essential Session Cookies: These cookies are strictly necessary for the operation of our platform. They maintain your login session, remember your preferences, and ensure secure navigation. These cookies expire when you close your browser or after your session times out.
• Functionality Cookies: These cookies remember choices you make (such as language preference, time zone, and dashboard layout) to provide a more personalized experience.
• Analytics Cookies: We use analytics tools to understand how users interact with our platform, which features are most used, and how we can improve the user experience. This data is collected in aggregate form and does not personally identify you.
• Security Cookies: These cookies help us detect and prevent fraudulent activity, unauthorized access, and security threats.

You can control cookie preferences through your browser settings. Please note that disabling essential cookies may affect the functionality of our platform.

13. Children's Privacy

WAVE CRM is a business-to-business (B2B) platform designed for use by businesses and professionals. Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18 years of age.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such information from our servers. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at support@aaservice.in so that we can take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy:

• We will update the "Last Updated" date at the bottom of this page.
• We will notify registered users via email and/or a prominent notice on our platform dashboard.
• For significant changes affecting how we process your data, we will provide at least 15 days' advance notice before the changes take effect.

Your continued use of our Services after the effective date of any updated policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically to stay informed about our privacy practices.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

We aim to respond to all privacy-related inquiries within 48 business hours.

Last Updated: May 21, 2026