User Privacy

Privacy Policy – Flowhora At Flowhora, privacy, security, and compliance are core to our platform design. This Privacy Policy explains how Flowhora (“Company”, “we”, “our”, “us”) collects, processes, uses, and protects personal data in connection with our WhatsApp Business API and messaging automation services. This Policy should be read together with our Terms & Conditions. Capitalized terms not defined here have the meaning assigned to them in the Terms & Conditions. By accessing or using Flowhora, you confirm that you have read, understood, and agreed to this Privacy Policy and the Terms & Conditions. 1. Our Role Under This Policy - Flowhora acts solely as a technology and infrastructure provider. - We provide APIs, software, dashboards, and automation tools to enable business messaging. - Flowhora does not initiate, compose, review, or send messages on behalf of users. - Users remain the data controller for all customer data they upload or process. - Flowhora acts as a data processor where applicable, strictly under user instructions. Nothing in this Policy overrides user responsibilities defined in the Terms & Conditions. 2. Information We Collect 2.1 Account & Business Information Collected during onboarding or account usage: - Name, email address, and phone number - WhatsApp number - Business name and KYC documentation - Billing, payment, and tax-related information This data is required to provide services under our Terms & Conditions. 2.2 Platform & Technical Data Collected automatically for security and service delivery: - IP address and device identifiers - Browser and session metadata - Login history and access logs - API usage, webhook, and error logs - System diagnostics and performance metrics 2.3 End-Customer Data - Users are solely responsible for collecting and processing end-customer data. - Users must obtain valid and lawful consent (opt-in) before messaging customers. - Flowhora does not store or access WhatsApp message content or customer conversations. 2.4 WhatsApp Business API Metadata - Template usage and approval status - Phone number quality and reputation indicators - WABA lifecycle events - Delivery and performance metrics Message content is not stored, except for temporary, permission-based technical debugging, and is automatically deleted. 3. How We Use Data Data is processed strictly to: - Provide, operate, and improve Flowhora services - Onboard and verify users and businesses - Enforce platform security and prevent abuse - Comply with Meta WhatsApp policies - Provide customer and technical support - Process payments and subscriptions - Perform analytics, monitoring, and optimization - Comply with applicable laws and regulations Flowhora does not sell data, rent data, or use data for advertising. 4. Data Ownership & Control - Users retain full ownership and control of their data. - Flowhora processes data only to the extent required to perform services under the Terms & Conditions. - We do not access customer contact lists or content unless explicitly authorized or legally required. 5. What We Explicitly Do Not Do Flowhora follows strict data-minimization principles: - We do not sell or monetize personal data - We do not read or store message content - We do not share data with unauthorized parties - We do not track users outside the platform - We do not create user campaigns or messaging logic 6. Data Sharing & Third Parties Data may be shared only with: - Meta Platforms Inc. (for WhatsApp Business API operations) - Cloud, hosting, and infrastructure providers - Payment processors (e.g., Razorpay, Stripe) - Security and fraud prevention partners - Government or regulatory authorities, when legally required All third parties operate under contractual and confidentiality obligations consistent with this Policy and our Terms & Conditions. 7. Security & Safeguards Flowhora implements enterprise-grade security controls, including: - Strong encryption (256-bit) - Secure SSL/TLS communication - Multi-layer firewalls and intrusion detection - API rate limiting and DDoS protection - Encrypted backups - Role-based access controls - Continuous monitoring and security audits Users are responsible for safeguarding credentials, API keys, and account access, as stated in the Terms & Conditions. 8. Data Retention Data is retained only as long as required for operational or legal purposes: - API logs: up to 90 days - Login and access logs: up to 180 days - Billing and financial records: 7 years - Debug logs: automatically deleted within 7 days Retention may extend where required by law or to enforce contractual rights. 9. User Rights Subject to applicable law, users may: - Access and review their personal data - Request correction or updates - Request deletion (where legally permissible) - Withdraw consent - Request data portability - Raise privacy or data protection complaints Requests are handled in accordance with this Policy and the Terms & Conditions. 10. User Obligations Users must: - Comply with Meta WhatsApp Business & Commerce Policies - Follow DPDP Act 2023 and IT Act 2000 - Use only consent-based customer data - Avoid spam, fraud, or prohibited content - Not upload scraped or purchased databases - Maintain accurate business and KYC information Flowhora bears no liability for violations arising from user activity. 11. Policy Updates - This Privacy Policy may be updated to reflect legal, regulatory, or platform changes. - Material changes will be communicated through the platform or email. - Continued use of Flowhora constitutes acceptance of the updated Policy and Terms & Conditions. 12. Contact & Data Protection For privacy or data-related inquiries: - Email: info@flowhora.com 13. Legal Alignment With Terms & Conditions - This Privacy Policy forms an integral part of Flowhora’s Terms & Conditions. - In case of conflict, the Terms & Conditions shall prevail. - Flowhora’s role, limitations, and liability exclusions apply fully to data processing activities. - Use of Flowhora confirms acceptance of all safeguards, disclaimers, and limitations described herein.