Schedule your 15-minute demo now

    We’ll tailor your demo to your immediate needs and answer all your questions. Get ready to see how it works!

    Privacy Policy

    Effective Date: 05/09/2025
    Entity: Banensa Tech Private Limited (“Company,” “we,” “us,” or “our”)
    Brand/Product: WAPon
    Website: wapon.io
    Contact: care@wapon.io

    1. Introduction

    Banensa Tech Private Limited, through its SaaS platform WAPon, provides global conversational automation and WhatsApp API solutions. We recognize that your privacy is fundamental. This Privacy Policy sets out how we collect, use, disclose, and safeguard personal data in compliance with:

    • The Information Technology Act, 2000 (India) and its 2011 Privacy Rules.
    • The General Data Protection Regulation (EU) 2016/679 (GDPR).
    • The UK GDPR and Data Protection Act 2018.
    • The California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA).
    • The Virginia Consumer Data Protection Act (VCDPA).
    • The Personal Information Protection and Electronic Documents Act (PIPEDA, Canada).
    • Other applicable global privacy and data protection frameworks.

    Your use of WAPon constitutes acceptance of this Privacy Policy. If you do not agree, you should discontinue use of our services.

    2. Scope

    This Policy applies to:

    • Visitors of wapon.io.
    • Registered customers (businesses using WAPon).
    • End-users whose data is processed by our customers via WAPon.
    • Third parties interacting with us via partnerships, events, or APIs.

    This Policy does not apply to external websites, applications, or services linked from WAPon. Those third-party providers govern their own data practices.

    3. Information We Collect

    We collect information through direct submission, automated tracking, and third-party integrations.

    3.1 Personal Data (Direct Submission)

    • Name, job title, company name, business email, phone number.
    • Billing details including addresses, tax IDs (e.g., GST, VAT).
    • Login credentials (hashed passwords, multi-factor authentication).
    • Payment data (processed by PCI-DSS-compliant third parties).

    3.2 Service & Usage Data

    • Device identifiers, browser type, operating system.
    • IP addresses, geolocation (if enabled).
    • Log files: access times, clicks, pages viewed, campaign activity.
    • API request metadata (headers, tokens, endpoints called).

    3.3 Content & Communication Data

    • WhatsApp messages, multimedia, and campaign reports.
    • Uploaded customer contact lists (names, phone numbers, emails).
    • Conversation histories (retained per client settings).

    3.4 Data from Integrations

    • Google OAuth tokens (with explicit user consent).
    • Meta/WhatsApp Business API data.
    • CRM and payment gateway data (e.g., Shopify, Stripe, Razorpay).

    3.5 Tracking Data (Cookies & Pixels)

    We use:

    • Strictly Necessary Cookies: Session management, authentication.
    • Analytics Cookies: Google Analytics, Mixpanel, or equivalent.
    • Marketing Cookies: Pixels from Meta, LinkedIn, or Google Ads.

    4. Legal Bases for Processing

    4.1 Under GDPR/UK GDPR

    We rely on the following bases:

    • Consent: e.g., email marketing subscriptions.
    • Contractual Necessity: delivering purchased services.
    • Legitimate Interests: fraud detection, analytics, service optimization.
    • Legal Obligations: compliance with tax and regulatory frameworks.

    4.2 Under CCPA/CPRA

    • Right to know what categories of personal data are collected.
    • Right to request deletion.
    • Right to opt-out of sale/sharing (we do not sell personal data).
    • Right to non-discrimination for exercising privacy rights.

    4.3 Under PIPEDA (Canada)

    We collect, use, and disclose data only with valid consent, except where law permits otherwise (fraud investigations, legal requests, etc.).

    4.4 Under Indian IT Act

    We comply with Section 43A and Section 72A of the IT Act and related rules on reasonable security practices and sensitive personal data.

    5. How We Use Data

    We use personal data to:

    • Deliver WAPon services including WhatsApp campaigns, API integrations, and automations.
    • Verify identity and secure accounts.
    • Generate analytics for performance and feature improvement.
    • Send billing and subscription communications.
    • Provide support and resolve disputes.
    • Detect, investigate, and prevent security incidents.
    • Conduct lawful marketing with opt-out mechanisms.

    We do not engage in automated decision-making with legal or similarly significant effects.

    6. Sharing of Data

    6.1 Service Providers

    We may share data with cloud hosting providers (AWS, GCP), payment processors, customer support software providers, and analytics vendors.

    6.2 Business Transfers

    If Banensa Tech is merged, acquired, or sells assets, data may be transferred to the new entity.

    6.3 Legal & Regulatory Disclosure

    We may disclose data where legally compelled:

    • Court orders, law enforcement requests, or government inquiries.
    • Compliance with tax, corporate, or financial regulations.

    6.4 Cross-border Transfers

    Where data is transferred outside India, we use mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards.

    7. Data Retention

    • Account data: Retained while the account is active and for up to 7 years for tax purposes.
    • Campaign data: Retained 30–90 days, anonymized thereafter.
    • Deleted accounts: Purged within 90 days unless retention is mandated by law.

    8. International Data Transfers

    We operate globally. Data may be processed in India, the EU, the US, and Singapore. Safeguards:

    • EU/UK data: Compliant with GDPR Chapter V requirements.
    • US transfers: Protected by SCCs and contractual obligations.
    • India: Protected under IT Act 2000 obligations.
    • Canada: Aligned with PIPEDA cross-border transfer requirements.

    9. User Rights

    9.1 EU/UK Residents

    • Right to access, rectify, erase, restrict processing.
    • Right to data portability.
    • Right to lodge complaints with supervisory authority.

    9.2 California Residents (CCPA/CPRA)

    • Right to know: Categories of data collected.
    • Right to delete: Request erasure of personal data.
    • Right to opt out: Stop data “sharing” for targeted advertising.
    • Right to correct inaccuracies.
    • Right to limit use of sensitive data.

    9.3 Virginia Residents (VCDPA)

    • Rights to access, correct, delete, and opt-out of targeted advertising.

    9.4 Canadian Residents (PIPEDA)

    • Right to request access to and correction of personal data.
    • Right to withdraw consent at any time.

    9.5 Indian Residents

    • Rights under IT Act Rules: Notice, consent, access, correction, withdrawal.

    10. Children’s Privacy

    We do not knowingly collect data from individuals under 18. Parents or guardians may request deletion at care@wapon.io.

    11. Security Measures

    We adopt ISO 27001-aligned practices:

    • Data encryption in transit (TLS 1.2/1.3) and at rest (AES-256).
    • Role-based access control and MFA for staff.
    • Intrusion detection and regular penetration testing.
    • Vendor due diligence and data processing agreements.

    12. Cookies & Tracking

    Detailed cookie notice:

    • Session cookies: Authentication.
    • Persistent cookies: Save user preferences.
    • Third-party cookies: Analytics, marketing.

    Users can opt out via browser settings or tools like aboutads.info/choices.

    13. Do Not Track & Global Opt-Outs

    We do not respond to Do Not Track signals due to lack of global standard. However, we respect opt-outs under GDPR, CPRA, and other frameworks.

    14. Third-Party Integrations & Liability

    • WAPon integrates with Meta, Google, Shopify, Razorpay, etc.
    • Each has its own privacy policy.
    • We disclaim liability for third-party misuse beyond our control.

    15. Data Subject Requests

    To exercise rights, email care@wapon.io.
     Verification may require proof of identity (e.g., government-issued ID, business authorization). Requests are answered within:

    • 30 days (GDPR/UK GDPR).
    • 45 days (CCPA/CPRA).
    • As per local law elsewhere.

    16. Supervisory Authorities & Regional Contacts

    • EU Supervisory Authority list: ec.europa.eu/data-protection.
    • UK ICO: ico.org.uk.
    • California AG: oag.ca.gov/privacy.
    • Canada (PIPEDA): priv.gc.ca.
    • India: Ministry of Electronics and Information Technology (MeitY).

    17. Updates to Policy

    We may update this Policy periodically. Material changes will be communicated via email, website banners, or account notifications. The latest effective date will always be displayed at the top.

    18. Contact Us

    Banensa Tech Private Limited
    2nd floor, Unit No 213-214, Welldone Tech Park, Sec-48, Gurgoan, Gurugram, Haryana, 122018

    Email: care@wapon.io

    WAPon logo

      We Care About your Data in Our Privacy Policy

      WAPon

      Resources

      Why WAPon?

      © 2026 WAPon. All rights reserved.

      india city skyline