WizzovaWizzova

Privacy Policy

Last updated: April 2026

Introduction

Welcome to Wizzova. This Privacy Policy describes how Wizzova (hereinafter "we", "our", or "the Platform") collects, uses, stores, shares, and protects the personal information of users who access and use our WhatsApp Business API-based marketing and automation platform. This policy applies to all users of the Platform, including account holders, team members, and anyone who interacts with our services. By registering for or using Wizzova, you agree to the practices described in this document. We recommend that you read this policy carefully. If you do not agree with any of its provisions, please do not use our services. This policy has been drafted in compliance with Argentina's Personal Data Protection Law 25.326, Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), and the European Union's General Data Protection Regulation (GDPR), as applicable.

Information We Collect

We collect the following categories of personal information: 1. Registration and account data: Full name, email address, password (stored in encrypted form), company or organization name, country, timezone, preferred language, and industry. 2. Platform usage data: Information about how you interact with Wizzova, including features used, access frequency, bot and conversation flow configurations, broadcast campaigns created and sent, contacts imported and managed, message templates created, and user activity logs. 3. WhatsApp messaging data: Content of messages sent and received through the WhatsApp Business Cloud API, phone numbers of our customers' end contacts (message recipients), message delivery statuses (sent, delivered, read, replied), multimedia files shared in conversations (images, videos, audios, documents), and bot session and automated flow data. 4. Payment and billing data: Information about the subscription plan selected, payment and invoice history, and payment method data processed securely through Stripe and/or MercadoPago (Wizzova does not store credit card numbers directly). 5. Technical data: IP address, browser type and version, operating system, device identifiers, cookie and similar technology data, and error logs captured by our monitoring system. 6. End contact data: When our customers import or manage contacts on the Platform, we process the data they provide, including names, phone numbers, email addresses, tags, and custom fields. This data is provided by our customers under their responsibility as data controllers.

WhatsApp Data and the Cloud API

Wizzova operates as a solution provider based on Meta's WhatsApp Business Cloud API. Regarding WhatsApp data, it is important that you understand the following: 1. Meta as processor: Meta Platforms, Inc. acts as a data processor for messages sent and received through the WhatsApp Business Cloud API. Meta may access message content for service delivery, spam detection, and policy compliance. 2. Message retention by Meta: Meta retains messages on its servers for a period of up to 30 days after sending, after which they are deleted from their systems. Wizzova may retain copies of messages on its own infrastructure according to the retention periods described in this policy. 3. Encryption: WhatsApp messages are protected by encryption in transit between the end user's device and Meta's servers. However, when using the Cloud API, messages are accessible in plain text on Meta's and Wizzova's servers for processing. 4. Multimedia files: Multimedia files (images, videos, audios, documents) shared in conversations are stored on our S3-compatible storage servers. Meta may also temporarily retain these files on its servers according to its policy. 5. Metadata: Meta collects and processes message metadata, including sender and recipient phone numbers, timestamps, delivery statuses, and message type.

How We Use Your Information

We use the information collected for the following purposes: 1. Service delivery: To provide, operate, and maintain the Platform and all its features, including sending and receiving WhatsApp messages, executing automated bots, sending broadcast campaigns, and managing contacts and conversations. 2. Account management: To create and manage your account, authenticate your identity, manage your subscription and payment processing, and provide technical support. 3. Service improvement: To analyze usage patterns to improve Platform functionality, develop new features, optimize performance and user experience, and generate aggregated and anonymized statistics. 4. Communications: To send you service-related notifications (updates, maintenance, security alerts), inform you about changes to our terms or policies, and respond to your inquiries. 5. Security and compliance: To detect, prevent, and investigate fraudulent or unauthorized activities, protect the security of the Platform and our users, comply with applicable legal and regulatory obligations, and enforce our Terms and Conditions. 6. Analytics and reporting: To provide our customers with metrics and reports on campaign performance, message delivery rates, bot performance, and conversation analytics.

Legal Bases for Processing

We process your personal data based on the following legal bases, as applicable: 1. Contract performance: Processing is necessary to fulfill the service agreement we enter into with you when you register and subscribe to Wizzova. This includes service delivery, account management, payment processing, and technical support. 2. Consent: For certain data processing activities, we request your express consent. This includes sending marketing communications about Wizzova, using non-essential cookies, and any processing that exceeds what is strictly necessary for service delivery. You may withdraw your consent at any time by contacting us at the email address provided at the end of this policy. 3. Legitimate interest: We process certain data based on our legitimate interest in improving and securing the Platform, preventing fraud, generating anonymized usage statistics, and ensuring the technical stability of our systems. In all cases, we assess that our legitimate interest does not override your fundamental rights and freedoms. 4. Legal obligation: We may process data when necessary to comply with applicable legal obligations, such as requirements from judicial or administrative authorities, tax regulations, or data protection legislation.

Data Sharing with Third Parties

Wizzova shares personal information with third parties only in the following circumstances and with the following providers: 1. Meta / WhatsApp: As the foundation of our platform, messages and associated data are processed through Meta's WhatsApp Business Cloud API. Meta acts as a data processor for message delivery. Meta may access message content to detect spam, abuse, and ensure compliance with WhatsApp Business Policies. For more information, see Meta's Privacy Policy (https://www.facebook.com/privacy/policy/). 2. Stripe: We process credit and debit card payments through Stripe, Inc. Stripe receives the payment data necessary to securely process transactions. Wizzova does not store complete card numbers. Stripe is PCI DSS Level 1 compliant. 3. MercadoPago: For users in Latin America, we process payments through MercadoPago. MercadoPago receives the data necessary to complete payment transactions. MercadoPago complies with applicable payment security regulations. 4. Pusher: We use Pusher for real-time notification and message delivery via WebSockets. Pusher processes channel identifiers and event data necessary for real-time communication. 5. Amazon Web Services (AWS) S3: We store multimedia files and documents on S3-compatible servers. These files may include multimedia content shared in WhatsApp conversations and files imported by users. 6. Sentry: We use Sentry for error monitoring and application stability. Sentry may receive limited technical data (error traces, browser information, anonymized IP addresses) to diagnose technical issues. We do not sell, rent, or commercialize personal data to third parties for marketing purposes. We may share anonymized and aggregated data that does not identify any individual. We may also disclose information when required by law, legal process, or applicable government request.

Data Retention Periods

We retain your personal data for the following periods: 1. Account data: For the entire period your account is active, and up to 90 days after account deletion or closure, to allow recovery in case of accidental deletion. 2. Messaging data: Messages and conversations are retained while the account is active. After account deletion, this data is removed within 90 days. Meta retains messages on its servers for up to 30 days independently. 3. Contact data: Contacts imported and managed by customers are retained while the account is active. After account closure, they are deleted within 90 days. 4. Payment data: Billing and transaction records are retained for the legally required period in the applicable jurisdiction (generally between 5 and 10 years for accounting and tax purposes). 5. Technical data and logs: Activity logs and technical data are retained for a maximum period of 12 months, unless a longer period is necessary for security investigations or legal compliance. 6. Anonymized data: Anonymized and aggregated statistical data may be retained indefinitely, as it does not constitute personal data. Once retention periods have been fulfilled, data is securely deleted or irreversibly anonymized.

Your Data Protection Rights

In accordance with applicable legislation, including Argentina's Law 25.326, Mexico's LFPDPPP, and the European Union's GDPR, you have the following rights over your personal data: 1. Right of access: You may request information about the personal data we hold about you, the purposes of processing, and the third parties with whom it is shared. 2. Right of rectification: You may request the correction of inaccurate or incomplete personal data. You can also update much of your information directly from your account settings. 3. Right of erasure (deletion): You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw your consent, or the processing is unlawful. Note: Some data may be retained due to legal or tax obligations. 4. Right to portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller. 5. Right to object: You may object to the processing of your personal data based on legitimate interest or other grounds, unless there are compelling legitimate reasons for the processing. 6. Right to restrict processing: You may request the restriction of processing of your data in certain circumstances, such as when you contest the accuracy of the data or object to the processing. 7. Right not to be subject to automated decisions: You have the right not to be subject to decisions based solely on automated processing of your data that produce legal effects on you. To exercise any of these rights, contact us at nahuefer173@gmail.com. We will respond to your request within the timeframes established by applicable legislation (generally 10 business days in Argentina, 20 business days in Mexico, and 30 calendar days under the GDPR). In Argentina, you may also file a complaint with the Agency for Access to Public Information (AAIP). In Mexico, with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI).

International Data Transfers

Since Wizzova is a SaaS platform that operates globally and uses service providers located in different jurisdictions, your personal data may be transferred and processed outside your country of residence. In particular: 1. WhatsApp messages are processed by Meta Platforms, Inc. on servers located in the United States and other jurisdictions where Meta operates. 2. Payment data is processed by Stripe, Inc. (United States) and/or MercadoPago (Argentina/Uruguay), depending on the payment method selected. 3. Multimedia files may be stored on AWS servers located in various geographic regions. 4. Error monitoring through Sentry may involve the processing of technical data on servers in the United States. For users in Argentina, these transfers are made in compliance with Article 12 of Law 25.326, ensuring adequate levels of protection. For users in Mexico, transfers comply with Articles 36 and 37 of the LFPDPPP. For users in the European Union, we implement appropriate safeguards pursuant to Article 46 of the GDPR, including standard contractual clauses where applicable. By using Wizzova, you expressly consent to the transfer of your data to the aforementioned jurisdictions for service delivery.

Cookies and Similar Technologies

Wizzova uses cookies and similar technologies for the following purposes: 1. Essential cookies: Necessary for the operation of the Platform, including session authentication, language preferences, and tenant identification. These cookies cannot be disabled without affecting service functionality. 2. Performance cookies: Help us understand how users interact with the Platform, allowing us to improve its performance and functionality. 3. Functionality cookies: Allow us to remember your preferences and settings to provide you with a personalized experience. We do not use advertising or third-party tracking cookies for marketing purposes. You can configure your browser to reject non-essential cookies. However, some Platform features may be affected if you disable essential cookies.

Security Measures

Wizzova implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: 1. Encryption: Communications between your browser and our servers are protected by TLS/SSL encryption. Passwords are stored using secure hashing algorithms (bcrypt). 2. Authentication: We use OAuth2 with JWT tokens through Laravel Passport for secure API authentication. 3. Data isolation: Our multi-tenant architecture ensures that each customer's data is logically isolated through unique tenant identifiers, preventing cross-account access. 4. Access control: We implement role-based access control (RBAC) that allows administrators to define granular permissions for their team members. 5. Secure payment processing: Payment data is processed by PCI DSS certified providers (Stripe and MercadoPago). Wizzova does not store complete credit card data. 6. Monitoring: We use monitoring tools to detect security anomalies and system errors. 7. Secure file storage: Multimedia files are stored on S3-compatible infrastructure with appropriate access controls. While we strive to protect your data, no Internet transmission or electronic storage method is 100% secure. In the event of a security breach affecting your personal data, we will notify you in accordance with applicable legislation.

Minors

Wizzova is designed exclusively for commercial and business use. Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors under 18. If we become aware that we have collected personal data from a minor without verifiable parental consent, we will take steps to delete such information from our servers. If you are a parent or guardian and believe your child has provided personal data to Wizzova, contact us at nahuefer173@gmail.com so we can take the necessary measures.

Wizzova as a Data Processor

In the context of providing our services, it is important to distinguish the roles of the parties regarding data protection: 1. Our customers (account holders) act as data controllers with respect to the personal data of their end contacts (WhatsApp message recipients). They are responsible for obtaining the necessary consents, complying with applicable data protection laws, informing their contacts about data processing, and ensuring they have a valid legal basis for sending messages. 2. Wizzova acts as a data processor with respect to end contact data. We process this data solely according to our customers' instructions and for service delivery. We do not use end contact data for our own marketing purposes nor share it with third parties beyond what is necessary for service delivery. 3. Wizzova acts as a data controller with respect to our customers' account data (registration information, payment data, platform usage data). If you are an end contact and wish to exercise your data protection rights, we recommend contacting the company that sent you messages through Wizzova directly, as they are the controllers of your data.

WhatsApp Opt-In Requirements

The WhatsApp Business Policy requires that end users give their explicit consent (opt-in) before receiving commercial messages. As a Wizzova user, you are responsible for: 1. Obtaining prior and explicit consent from your contacts before sending them messages through WhatsApp, including a clear indication of your company name, an explanation of the types of messages they will receive, and a clear mechanism to grant or deny consent. 2. Maintaining verifiable records of the consents obtained. 3. Providing a simple mechanism for contacts to revoke their consent (opt-out) at any time. 4. Immediately honoring opt-out requests. Wizzova provides tools to manage the opt-in status of your contacts ("Marketing OptIn" field), but the responsibility for obtaining and managing consents rests solely with you as the data controller. Failure to comply with opt-in requirements may result in the suspension of your WhatsApp number by Meta.

Updates to This Policy

We reserve the right to update this Privacy Policy periodically to reflect changes in our data practices, new Platform features, or legal requirements. When we make significant changes: 1. We will update the "Last updated" date at the top of this policy. 2. We will notify you of material changes through a notice on the Platform or by email. 3. For changes that require your consent, we will ask you to accept the updated policy before continuing to use the service. We recommend reviewing this policy periodically. Continued use of Wizzova after the publication of changes constitutes your acceptance of the updated policy.

Contact

If you have questions, comments, or requests related to this Privacy Policy or the processing of your personal data, you may contact us at: Email: nahuefer173@gmail.com We are committed to responding to all inquiries and requests within the legally established timeframes. To exercise your data protection rights (access, rectification, erasure, portability, objection), please include in your request your full name, the email address associated with your Wizzova account, a clear description of your request, and a copy of an identification document (if required by applicable legislation).