Privacy Policy
Last updated: March 12, 2026
1. Overview
WhatNotify is a Shopify application that enables merchants to send automated WhatsApp messages to their customers. This policy explains what data we collect, how we use it, and how we protect it.
2. Information We Collect
- WhatsApp Account Access: When you connect your WhatsApp account, you log into our backend engine as a linked device. This allows us to securely manage all automated messaging on your behalf, including order confirmations, abandoned checkout retrieval, order fulfillment, and cancellation notifications. We have full access to your WhatsApp account for the purpose of sending these automated messages, but we do not interact with or access other features (e.g., chats, media).
- Merchant data: Shopify shop domain, app settings, WhatsApp session credentials, message usage counts.
- Order & Customer data: Phone numbers, customer details, cart contents, order statuses, and checkout activities — used solely to send the appropriate messages at various stages of the customer journey.
- WhatsApp session data: Encrypted authentication credentials stored in MongoDB to maintain your connection.
- Usage data: Basic app usage data collected to enhance performance and functionality of our automation suite.
3. How We Use Your Data
- Comprehensive message automation: WhatNotify uses your WhatsApp account to send automated messages throughout the customer shopping journey — order confirmations, abandoned cart reminders, fulfillment updates, and cancellation notifications. Our interaction is strictly limited to automated message transmission. No other WhatsApp data such as conversations or media is accessed.
- To maintain your WhatsApp connection across sessions.
- To track message usage for billing purposes.
- Data security: All communications between your WhatsApp account, our servers, and Shopify are encrypted using secure protocols. Your WhatsApp data is used only for its intended purpose and is never exposed or shared with third parties.
4. Browserless & Account Confidentiality
Our full-stack automation suite runs browserless, meaning there is no interface to access your WhatsApp data beyond sending HTTP requests for message delivery across all automation types. Your account remains completely confidential, and no sensitive information (chats, media, or contacts) is stored or accessed.
5. Data Sharing
We do not sell or share your data with third parties. Customer phone numbers and order data are used exclusively to send messages you have configured. Data is transmitted to WhatsApp via the Baileys library.
6. Data Retention
- WhatsApp session data is retained as long as your account is active.
- Order data is retained for 7 days then automatically deleted.
- Merchant settings are deleted upon app uninstall.
7. Customer Control
You have full control of your WhatsApp account:
- Disconnect your WhatsApp account at any time from the app.
- Delete the app from your Shopify store, and all access to your WhatsApp account will be revoked immediately. We do not retain any personal data after disconnection or deletion.
8. Data Security
All data is transmitted over HTTPS. WhatsApp credentials are stored encrypted in MongoDB Atlas. We use secret-based authentication between our internal services and follow industry-standard security measures including encryption and secure data storage. The scope of interaction with your WhatsApp account is strictly limited to what is necessary for our automation suite's functionality.
9. Your Rights
You may request deletion of your data at any time by uninstalling the app or contacting us. Uninstalling the app triggers automatic deletion of your session and settings.
10. GDPR Compliance
If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). WhatNotify ensures compliance with GDPR by providing you with the following rights:
- Right to Access: You may request access to the personal data we hold about you at any time.
- Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data.
- Right to Erasure: You may request the deletion of your personal data under certain conditions.
- Right to Restrict Processing: You may request a limitation on how we process your personal data.
- Right to Data Portability: You may request a copy of your personal data in a structured, machine-readable format.
To exercise any of these rights, please contact us. We respond to all requests in accordance with GDPR timelines. Disconnecting your WhatsApp account or uninstalling the app automatically removes all access to your data.
11. Contact
For privacy-related questions, contact us at your@email.com.
WhatNotify acts in good faith and in the best interests of merchants and buyers. We do not intentionally circumvent any critical platform functionality.