Privacy Policy

Effective Date: April 6, 2026
Last Updated: June 22, 2026

This Privacy Policy explains how Contextwise (“Contextwise,” “we,” “us,” or “our”) collects, uses, discloses, stores, protects, and deletes personal data when you use our website, application, APIs, WhatsApp Business Platform integration, automation tools, customer messaging features, and related services (collectively, the “Services”).

This Privacy Policy is intended to explain clearly how our app uses, discloses, and manages user data, including data received through Meta and the WhatsApp Business Platform.

1. Who We Are

Company: Contextwise
Email: contact@contextwise.xyz
Website: https://contextwise.xyz
Data Protection Contact: privacy@contextwise.xyz

Contextwise provides a SaaS platform that helps businesses connect their Meta/WhatsApp Business accounts, send and receive WhatsApp messages, manage contacts, automate conversations, route customer support conversations, create message templates, manage workflows, and integrate messaging data with business tools such as CRM, e-commerce, helpdesk, analytics, and internal systems.

2. Scope of This Policy

This Privacy Policy applies to:

1. Visitors to our website.
2. Businesses and organizations that create an account with us.
3. Authorized users of customer workspaces, including administrators, agents, employees, contractors, and collaborators.
4. End users, leads, customers, prospects, or contacts who communicate with our business customers through WhatsApp or other connected messaging channels.
5. Personal data received through Meta, WhatsApp Business Platform, webhooks, APIs, or integrations authorized by our customers.

This Privacy Policy does not replace the privacy policies of Meta, WhatsApp, or our customers. When you communicate with a business using WhatsApp, that business may separately control how it uses your information. You should also review that business’s own privacy policy.

3. Our Role: Controller and Processor

Depending on the context, we may act as either a data controller or a data processor.

3.1 Data We Control

We act as a data controller when we determine how and why personal data is processed, including for:

• Our website visitors.
• Account registration.
• Billing and payments.
• Product analytics.
• Security and fraud prevention.
• Customer support.
• Marketing communications from us.
• Internal business operations.

3.2 Data We Process for Customers

For WhatsApp contacts, customer conversations, message content, automation workflows, CRM data, and contact lists uploaded or connected by our customers, our customer is generally the data controller and we act as a data processor or service provider.

In this role, we process personal data only to provide the Services, follow our customer’s instructions, operate the platform, maintain security, comply with law, and fulfill our contractual obligations.

Customers are responsible for ensuring that they have the required notices, permissions, lawful basis, opt-ins, and consents to collect, upload, share, message, and otherwise process personal data using our Services.

4. Personal Data We Collect

We collect different categories of personal data depending on how the Services are used.

4.1 Account and Business User Data

When a business or authorized user creates an account or uses our platform, we may collect:

• Name.
• Email address.
• Phone number.
• Job title or role.
• Company name.
• Company address.
• Login credentials or authentication identifiers.
• Workspace name and settings.
• User permissions and access controls.
• Billing information.
• Subscription plan and payment status.
• Support requests and communications with us.
• Product usage data.
• Security logs, audit logs, and session information.

We do not intentionally collect payment card numbers directly unless stated otherwise. Payment information may be processed by our payment provider.

4.2 Meta and WhatsApp Business Integration Data

When a customer connects Meta or WhatsApp Business Platform to our Services, we may collect and process data necessary to provide the integration, including:

• Meta Business Account identifiers.
• WhatsApp Business Account identifiers.
• WhatsApp business phone number identifiers.
• Business profile information.
• Message template information.
• Approved, rejected, or pending template status.
• Webhook events.
• Message delivery, sent, failed, read, and received statuses.
• Access tokens or authorization credentials required to operate the integration.
• Configuration data chosen by the customer.
• Permissions granted by the customer through Meta or WhatsApp.

We only request permissions that are reasonably necessary to provide the features selected by the customer.

4.3 WhatsApp Contact and Conversation Data

When customers use our Services to communicate with people through WhatsApp, we may process:

• Contact name.
• WhatsApp phone number.
• WhatsApp user identifier or business-scoped identifier, if available.
• Conversation history.
• Message content, including text messages.
• Media shared in messages, such as images, documents, videos, audio, or files.
• Interactive message responses, such as buttons, list replies, quick replies, and form responses.
• Message timestamps.
• Delivery, read, failed, and status information.
• Opt-in and opt-out status.
• Consent records.
• Tags, labels, notes, contact properties, and segmentation data.
• Assigned agent, team, workflow, campaign, or automation information.
• Customer support history.
• CRM, e-commerce, or helpdesk data connected by the customer.

The amount and type of data depends on how the customer configures the Services and what the WhatsApp user chooses to share.

4.4 Automation and Workflow Data

If customers use automation, AI-assisted workflows, chatbots, routing rules, or integrations, we may process:

• Workflow rules and triggers.
• Contact attributes used for segmentation or routing.
• Messages sent or received by automations.
• Bot replies and suggested replies.
• Customer intent, category, or classification data generated by workflows.
• Lead qualification data.
• Internal notes or conversation summaries.
• Integration payloads.
• Logs showing workflow execution and errors.

If AI-assisted features are enabled, message content may be processed to generate replies, summaries, classifications, recommendations, or workflow actions. We do not use customer conversation data to train general-purpose AI models unless the customer has expressly enabled or agreed to that use.

4.5 Website, Device, and Usage Data

When users visit our website or use our platform, we may collect:

• IP address.
• Device type.
• Browser type.
• Operating system.
• Referring pages.
• Pages visited.
• Date and time of access.
• Session duration.
• Feature usage.
• Clickstream data.
• Error reports.
• Cookies and similar technologies.
• Approximate location derived from IP address.
• Security and authentication logs.

We use this data to operate, secure, analyze, and improve the Services.

4.6 Data from Third-Party Integrations

If customers connect third-party tools, we may process data from those integrations, such as:

• CRM contact data.
• E-commerce order data.
• Helpdesk tickets.
• Calendar or booking information.
• Webhook payloads.
• Spreadsheet or database fields.
• Payment or invoice status.
• Internal user or agent data.
• Other data selected or authorized by the customer.

Customers control which integrations are connected and what data is shared.

5. How We Use Personal Data

We use personal data to:

1. Provide, operate, maintain, and improve the Services.
2. Enable WhatsApp Business Platform messaging.
3. Send and receive WhatsApp messages on behalf of customers.
4. Manage contacts, conversations, and customer records.
5. Power automations, chatbots, workflows, routing, and notifications.
6. Help customers manage opt-ins, opt-outs, templates, and campaign settings.
7. Provide customer support and troubleshoot issues.
8. Authenticate users and secure accounts.
9. Detect, prevent, and respond to fraud, abuse, spam, unauthorized access, and security incidents.
10. Process billing, subscriptions, invoices, and payments.
11. Maintain audit logs and service records.
12. Analyze platform performance and improve product functionality.
13. Comply with legal, regulatory, contractual, and platform obligations.
14. Enforce our Terms of Service and acceptable use rules.
15. Communicate with customers about product updates, administrative notices, security alerts, and service messages.
16. Send marketing communications where permitted by law and user preferences.

We do not sell WhatsApp message content or contact lists. We do not use WhatsApp conversation data to build unrelated consumer profiles. We do not share one customer’s WhatsApp conversation data with another customer.

6. WhatsApp and Meta Platform Data

Our Services may receive data from Meta or WhatsApp when a customer authorizes our app or configures webhooks.

We use Meta and WhatsApp data only as necessary to provide the Services, including:

• Connecting customer WhatsApp Business accounts.
• Managing WhatsApp business phone numbers.
• Sending customer-approved messages.
• Receiving inbound messages.
• Receiving delivery and status events.
• Managing message templates.
• Displaying conversation and contact data to authorized customer users.
• Troubleshooting and securing the integration.
• Complying with Meta and WhatsApp platform requirements.

We do not use Meta or WhatsApp Platform Data for purposes that are unrelated to providing or improving the customer-selected Services. We do not sell Meta or WhatsApp Platform Data. We do not transfer Meta or WhatsApp Platform Data except as described in this Privacy Policy, as instructed by the customer, as necessary to provide the Services, or as required by law.

7. WhatsApp Opt-In, Opt-Out, and Messaging Compliance

Customers are responsible for ensuring that they only contact people on WhatsApp when they have a lawful basis and required opt-in permission.

Customers must:

1. Obtain the recipient’s mobile phone number lawfully.
2. Obtain permission to send messages or calls through WhatsApp.
3. Clearly explain the types of messages the recipient may receive.
4. Use approved message templates where required.
5. Honor opt-out, unsubscribe, block, or stop requests promptly.
6. Avoid spam, deceptive messaging, or unexpected communications.
7. Provide a clear path to human support when automation is used.
8. Maintain accurate business identity and contact information.
9. Avoid requesting or sharing sensitive information unless legally permitted and appropriately protected.

We may provide tools to help customers manage opt-ins, opt-outs, and suppression lists, but customers remain responsible for their own messaging practices and compliance with applicable law and platform policies.

8. Sensitive Personal Data

Our Services are not designed to collect highly sensitive personal data unless the customer has a lawful basis and appropriate safeguards.

Customers should not use the Services to request or transmit:

• Full payment card numbers.
• Bank account numbers.
• Government ID numbers.
• Passwords.
• Health or medical information, unless legally permitted and appropriately protected.
• Sensitive personal information that is not necessary for the conversation.
• Data about children unless legally permitted.
• Any information prohibited by law or platform policy.

If sensitive data is accidentally submitted, customers should delete it or request deletion where appropriate.

9. Legal Bases for Processing

Where applicable law requires a legal basis, we process personal data based on one or more of the following:

• Contract: to provide the Services and fulfill our agreements.
• Consent: where a user or customer has given consent, including for marketing or optional cookies.
• Legitimate interests: to secure, maintain, analyze, and improve the Services, prevent abuse, and support customers.
• Legal obligation: to comply with laws, regulations, tax rules, court orders, or regulatory requests.
• Customer instructions: where we process personal data as a processor on behalf of our customers.

For Brazilian users, we process personal data in accordance with the Brazilian General Data Protection Law (LGPD), including applicable legal bases such as consent, contract performance, legal obligation, legitimate interest, and regular exercise of rights.

10. How We Share Personal Data

We may share personal data with the following categories of recipients.

10.1 Meta and WhatsApp

We share data with Meta and WhatsApp as necessary to provide WhatsApp Business Platform functionality, such as sending messages, receiving messages, managing templates, and receiving status events.

10.2 Service Providers and Sub-Processors

We may use trusted service providers to help us operate the Services, including:

• Cloud hosting providers.
• Database and storage providers.
• Email delivery providers.
• Payment processors.
• Analytics providers.
• Error monitoring providers.
• Customer support tools.
• Security and authentication providers.
• AI or automation infrastructure providers, if enabled.
• Communication infrastructure providers.
• Professional advisors.

These providers are authorized to process personal data only as necessary to provide services to us and must protect the data under appropriate contractual obligations.

10.3 Customer-Configured Integrations

When a customer connects third-party integrations, we may share data with those tools according to the customer’s configuration and instructions.

Examples may include CRM systems, e-commerce platforms, helpdesks, spreadsheets, webhook endpoints, payment systems, analytics tools, and internal business applications.

10.4 Authorized Customer Users

Customer workspace administrators, agents, employees, contractors, and collaborators may access personal data according to their permissions inside the customer workspace.

Customers are responsible for managing their own users, roles, permissions, and access controls.

10.5 Legal and Safety Disclosures

We may disclose personal data if we believe it is reasonably necessary to:

• Comply with law, legal process, court orders, or government requests.
• Enforce our Terms of Service.
• Protect the rights, safety, privacy, or property of us, our customers, users, or the public.
• Detect, prevent, or address fraud, security incidents, spam, abuse, or illegal activity.
• Respond to lawful regulatory or law enforcement requests.

10.6 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

11. International Data Transfers

We may process and store personal data in countries other than the country where the user is located. These countries may have data protection laws different from the user’s country.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, standard contractual clauses, or other lawful transfer mechanisms.

12. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of data:

• Account data is generally retained while the account is active.
• Billing and tax records may be retained as required by law.
• WhatsApp contact and conversation data is retained according to customer settings, contract terms, and operational needs.
• Security logs and audit logs may be retained to protect the Services.
• Backup copies may persist for a limited period before being overwritten or deleted.
• Data required for legal claims, disputes, investigations, or compliance may be retained as necessary.

When a customer deletes data from the Services or terminates the account, we will delete or anonymize personal data according to our agreement with the customer, applicable law, and technical backup cycles.

13. Data Deletion Requests

Users may request deletion of personal data as described below.

13.1 Business Account Users

Business account users may request deletion by:

1. Logging into the account and using available deletion or account settings; or
2. Emailing us at privacy@contextwise.xyz with the subject line “Data Deletion Request.”

We may need to verify the requester’s identity before processing the request.

13.2 WhatsApp Contacts and End Users

If you are a person who communicated with one of our customers through WhatsApp and want to access, correct, delete, or restrict your data, you may:

1. Contact the business you communicated with directly; or
2. Email us at privacy@contextwise.xyz with the subject line “WhatsApp Data Request.”

Because our customer is generally the controller of WhatsApp contact and conversation data, we may forward or coordinate your request with the relevant customer.

To help us locate your data, please include:

• Your WhatsApp phone number.
• The business you communicated with.
• The approximate date of the conversation.
• The type of request you are making.

We will respond to valid requests in accordance with applicable law and our role as controller or processor.

13.3 Meta Platform Data Deletion

If you connected our app through Meta or WhatsApp and want us to delete data received through Meta or WhatsApp, you may email privacy@contextwise.xyz with the subject line “Meta Data Deletion Request.”

You may also disconnect our app through your Meta Business settings, revoke permissions, or delete the integration inside our platform. After receiving a verified deletion request, we will delete or anonymize applicable Meta Platform Data unless we are required to retain it for legal, security, fraud prevention, or compliance reasons.

14. User Rights

Depending on where you live, you may have rights regarding your personal data, including the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete personal data.
• Restrict processing.
• Object to processing.
• Withdraw consent.
• Request data portability.
• Opt out of marketing communications.
• Lodge a complaint with a data protection authority.

Brazilian users may also have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking or deletion of unnecessary or excessive data, portability, information about sharing, revocation of consent, and review of certain automated decisions where applicable.

To exercise rights, contact us at privacy@contextwise.xyz.

We may ask for information to verify your identity and locate your data. If we process the data on behalf of a customer, we may direct your request to that customer or assist the customer in responding.

15. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect personal data from unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These safeguards may include:

• Encryption in transit.
• Access controls.
• Role-based permissions.
• Authentication protections.
• Logging and monitoring.
• Secure cloud infrastructure.
• Least-privilege access.
• Employee confidentiality obligations.
• Vendor security reviews.
• Backup and recovery procedures.
• Incident response processes.

No system is completely secure. Customers are responsible for using strong passwords, protecting credentials, limiting user access, managing workspace permissions, and securing connected systems.

16. Access Tokens and Credentials

To operate Meta and WhatsApp integrations, we may store access tokens, API keys, webhook secrets, or other credentials authorized by the customer.

We use these credentials only to provide the requested integration and related Services. Customers may revoke permissions through Meta, WhatsApp, or our platform settings where available.

Customers must not share credentials with unauthorized users and must notify us promptly if they suspect unauthorized access.

17. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

• Operate the website and platform.
• Keep users logged in.
• Remember preferences.
• Improve performance.
• Analyze usage.
• Prevent fraud and abuse.
• Measure marketing effectiveness.

Where required, we obtain consent for non-essential cookies. Users can manage cookies through browser settings or cookie preference tools where available.

18. Marketing Communications

We may send marketing emails or messages to business users where permitted by law. Recipients may opt out at any time by using the unsubscribe link or contacting us.

Opting out of marketing does not prevent us from sending transactional, security, billing, or service-related communications.

19. Children’s Privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children without appropriate consent. If you believe a child has provided personal data to us, contact us at privacy@contextwise.xyz.

20. Customer Responsibilities

Customers using our Services are responsible for:

• Providing their own privacy notices to their contacts.
• Obtaining required opt-ins and consents.
• Using WhatsApp messaging lawfully.
• Honoring opt-out and deletion requests.
• Ensuring message content complies with applicable law and platform policies.
• Managing user access and permissions.
• Avoiding prohibited or sensitive data unless legally permitted and adequately protected.
• Configuring integrations responsibly.
• Maintaining accurate business identity and contact information.

We may suspend or restrict use of the Services if we believe a customer is violating law, platform rules, our Terms of Service, or this Privacy Policy.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, platform requirements, or data practices.

When we make material changes, we will update the “Last Updated” date and provide notice where required by law.

Continued use of the Services after an updated Privacy Policy becomes effective means the updated policy applies to future use.

22. Contact Us

For privacy questions, requests, or complaints, contact us at:

Contextwise
Email: privacy@contextwise.xyz
Website: https://contextwise.xyz

For data deletion requests, use the subject line “Data Deletion Request” or “Meta Data Deletion Request.”