ZaploombybeenaIT Solutions

Privacy Policy

Effective date: May 14, 2026 · Zaploom ("Platform", "we", "us").

1. Purpose & scope

This Privacy Policy describes how we collect, use, disclose, and protect information when you use Zaploom to manage WhatsApp Business Account integrations, SMS channels, campaigns, automations, analytics, and related workspace features. It applies to visitors of our marketing pages, authenticated dashboard users, and API consumers where applicable.

2. Roles under privacy law

Depending on your jurisdiction and deployment model, your organization may act as a controller of end-customer data processed through your WhatsApp Business Account or SMS providers, while we typically process certain workspace and technical data as a processor or service provider on your behalf. Where we determine purposes and means for specific datasets (for example account authentication telemetry), we act as a controller for those limited purposes.

3. Information we collect

  • Account & workspace data: name, email address, password hash, workspace name, role assignments, audit logs of administrative actions, billing identifiers when enabled.
  • Messaging metadata: message IDs, delivery states, timestamps, channel identifiers, campaign linkage, conversation routing attributes (such as assignment and labels), and technical logs needed for reliability and abuse prevention.
  • Content you submit: message payloads transmitted through connected channels (including optional templates), automation definitions, chatbot configuration such as prompts and knowledge filenames, internal notes entered by your agents, and uploaded files you attach to knowledge workflows.
  • Device & network data: IP address, browser user agent, approximate region derived from network signals, cookie-based session identifiers for authenticated dashboard access.

4. How we use information

We use personal and technical information to:

  • Provide, operate, maintain, and secure the Platform;
  • Authenticate users, enforce authorization, and investigate misuse;
  • Deliver analytics surfaces that aggregate operational metrics;
  • Communicate essential service notices and policy updates;
  • Comply with legal obligations and respond to lawful requests;
  • Improve reliability through aggregated diagnostics that do not intentionally identify natural persons.

5. Legal bases (EEA, UK, Switzerland)

Where GDPR or equivalent frameworks apply, we rely on performance of a contract (providing the Platform), legitimate interests (security, product improvement balanced against your rights), consent where required (such as certain non-essential cookies if presented), and legal obligations where compelled.

6. Sharing & subprocessors

We share information with infrastructure vendors (hosting, databases, queues), observability providers, email delivery services for transactional notices, and Meta Platforms Technologies or messaging aggregators strictly as instructed by your configured integrations. We require subprocessors to implement appropriate confidentiality and security commitments. We may disclose information if required by law or to protect rights, safety, and integrity of customers and the public.

7. International transfers

If personal data is transferred across borders, we implement safeguards such as Standard Contractual Clauses or other mechanisms recognized by applicable regulators, supplemented by technical and organizational measures.

8. Retention

We retain account records while your workspace remains active and for a reasonable period afterward for legal, accounting, and dispute resolution purposes. Messaging logs follow configurable workspace retention windows where available; otherwise default retention balances troubleshooting needs against storage minimization. Backup snapshots may persist for a limited additional period before cycling.

9. Security

We implement administrative, technical, and physical safeguards—including encryption in transit for dashboard sessions where HTTPS is enforced, least-privilege access controls for production systems, and segmented credentials for channel integrations. No method of transmission or storage is perfectly secure; please rotate API keys promptly if compromise is suspected.

10. Your rights

Subject to jurisdiction, you may have rights to access, rectify, erase, restrict processing, port data, object to certain processing, or withdraw consent without affecting prior lawful processing. Workspace administrators may initiate many requests directly inside settings or via support. Individuals interacting with your brand over WhatsApp should contact your organization first; we assist controllers as contractually required.

11. Children

The Platform is not directed to children under 16 (or the digital age of consent in your region). Do not provision accounts for minors inconsistent with applicable law or WhatsApp eligibility rules.

12. Changes

We may update this Privacy Policy to reflect product, regulatory, or Meta partner requirement changes. Material updates will be communicated through in-product notices or email when appropriate. Continued use after the effective date constitutes acceptance unless objection rights apply.

13. Contact

Questions about this Privacy Policy or requests regarding personal data should be directed through your account's designated privacy contact channel published on your organization's official website.