Privacy Policy

Last updated: January 2025 · Effective: January 2025

1. Introduction

WA CRM Pro is a Chrome/Edge browser extension. This Privacy Policy explains what data we collect, how we use it, and your rights over your personal information.

2. Data We Collect

• Email address — used for account registration, OTP login, and support communication
• Hashed password — stored using bcrypt (we cannot see your plain-text password)
• Contacts you import — phone numbers and names; stored locally in your browser and optionally synced to our cloud for recovery
• Message send logs — stored locally in your browser only; not transmitted to our servers
• Device fingerprint — a one-way hash of your browser signature; used to enforce the one-device-per-account policy
• Subscription data — plan type, payment date, expiry date
• Support emails — content of emails you send to support@wacrm-pro.com

3. How We Use Your Data

• Authenticating your account via email OTP and password
• Providing bulk messaging, scheduling, CRM, and analytics features
• Processing and managing your subscription via Razorpay or PayPal
• Preventing abuse, account sharing, and brute-force attacks
• Responding to support requests sent to support@wacrm-pro.com

4. Data Storage and Location

All personally identifiable data is stored on servers in India — Supabase Asia Pacific (Mumbai, ap-south-1 region). Message logs are stored only in your local browser (IndexedDB) and are never transmitted to our servers. We comply with India's Digital Personal Data Protection Act (DPDPA) 2023.

5. Data Sharing

We do not sell your personal data. We share data only with these service providers who process it on our behalf:

• Supabase — database hosting (Mumbai, India) — account, contact, and template data
• Razorpay — payment processing (India) — INR subscription payments for Indian users
• PayPal — payment processing (international) — USD subscription payments for international users
• Zoho Mail — email delivery — sends OTP codes and support replies to your inbox

6. Data Retention

• Account data: retained while active, deleted within 90 days of account deletion request
• OTPs: deleted immediately after use or after 10-minute expiry
• Session tokens: deleted on logout or after 30 days of inactivity
• Support emails: retained for 2 years for quality assurance

7. Your Rights

Under applicable data protection laws including DPDPA 2023, you have the right to access, correct, delete, or export your personal data. Email privacy@wacrm-pro.com to exercise any of these rights. We respond within 30 days.

8. Security Measures

• Passwords hashed with bcrypt (12 rounds) — irreversible
• Session tokens stored as HMAC-SHA256 hashes — raw tokens never in database
• All API communication over HTTPS/TLS
• Account locked after 5 failed login attempts (30-minute lockout)
• Admin accounts protected by Time-based One-Time Password (TOTP) 2FA

9. Cookies

The WA CRM Pro website (wacrm-pro.com) uses only essential session cookies. We do not use advertising or tracking cookies.

10. WhatsApp Disclaimer

WA CRM Pro is not affiliated with WhatsApp Inc. or Meta Platforms Inc. "WhatsApp" is a trademark of WhatsApp Inc. Use of this Service must comply with WhatsApp's Terms of Service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email of material changes. Continued use after notification constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or data requests:
Email: privacy@wacrm-pro.com
Support: support@wacrm-pro.com
Website: wacrm-pro.com