1. Scope, Structure and Legal Qualification of Processing
This Privacy Policy governs all processing of personal data carried out in connection with the use of WatsBridge services, including but not limited to any plugins, software, applications, APIs, standalone tools, interfaces, connectors, and gateway infrastructure, whether operated directly by WatsBridge or through integrated third-party environments.
Depending on the specific functionality used and the nature of the data processing operation, WatsBridge may act, without limitation and without prior notification, as a data controller, a data processor, or a mere technical intermediary enabling the transmission of data between systems.
Where WatsBridge acts as an independent data controller, such processing shall be strictly limited to internal operational purposes, including but not limited to security monitoring, fraud detection, billing, service integrity enforcement, performance optimization, and system analytics, and shall at all times be logically, functionally, and technically segregated from any processing activities carried out on behalf of the Client in its capacity as data processor.
The Client expressly acknowledges and accepts that such qualification may evolve dynamically depending on the configuration and use of the Services, and that no single qualification shall apply uniformly to all processing activities.
2. Categories of Data Processed
WatsBridge may process, directly or indirectly, a broad range of data categories, including but not limited to identification data, communication content, communication metadata, technical identifiers, device-related information, usage logs, transactional records, billing information, and any other data transmitted, generated, or inferred through the use of the Services.
Such processing may be carried out automatically, continuously, and at scale, without human intervention, to the extent necessary to ensure the proper functioning, security, and optimization of the Services.
3. Origin of Data and Client Representations
Data processed through the Services may originate from the Client, from End Users, from automated system capture mechanisms, or from Third-Party Services, including but not limited to Meta Platforms (WhatsApp API).
The Client represents and warrants, on an ongoing basis, that it has obtained all necessary rights, authorizations, and valid legal bases required under applicable laws to collect, process, and transmit such data, and that such data does not infringe any third-party rights or applicable regulations.
4. Purpose and Legal Basis of Processing
Data is processed for multiple purposes, including but not limited to the provision of the Services, routing and delivery of communications, system administration, billing and wallet management, fraud detection, security enforcement, regulatory compliance, and continuous service improvement.
Where required under applicable law, the Client shall be solely responsible for obtaining valid End User consent prior to initiating communications or processing activities, and for maintaining demonstrable records of such consent.
5. Structural Dependency on Third-Party Services
The Client expressly acknowledges that the Services rely on Third-Party Services, including but not limited to Meta Platforms (WhatsApp Business API), which operate as independent entities with their own policies, technical constraints, and regulatory obligations.
Such dependency is inherent to the nature of the Services and shall not be interpreted as a defect, limitation, or failure of WatsBridge services.
WatsBridge shall not be held liable for any interruption, limitation, modification, suspension, or termination of such Third-Party Services.
6. International Data Transfers
Data processed through the Services may be transferred to, stored in, and processed within jurisdictions outside the European Economic Area or outside the Client’s country of residence.
Where required under applicable law, such transfers shall be governed by Standard Contractual Clauses (SCCs), which are hereby incorporated by reference and deemed accepted and executed between the parties without further formality.
The Client expressly authorizes such transfers to the extent necessary for the provision of the Services.
7. Security Measures and Residual Risk
WatsBridge implements technical and organizational security measures aligned with recognized industry standards, including but not limited to encryption in transit, access control mechanisms, authentication systems, logging, monitoring, and anomaly detection processes.
However, the Client acknowledges that no system, infrastructure, or transmission method can guarantee absolute security, and that residual risks, including but not limited to unauthorized access, data leakage, or system compromise, may exist despite reasonable safeguards.
8. Data Retention, Deletion and Technical Constraints
Personal data shall be retained for the duration necessary to fulfill the purposes described herein, including contractual performance, legal compliance, evidentiary needs, security monitoring, and operational continuity.
Unless otherwise required by applicable law, personal data shall be deleted or irreversibly anonymized within a reasonable period following termination of the Services, subject to technical constraints, including but not limited to backup cycles, redundancy systems, and delayed deletion mechanisms inherent to distributed infrastructures.
9. Data Subject Rights and Limitations
Data subjects may exercise their rights under applicable law, including access, rectification, deletion, and restriction.
Where WatsBridge acts as a processor, such requests shall be handled by the Client, and WatsBridge shall provide reasonable assistance where technically feasible and proportionate.
Certain rights may be limited where necessary to comply with legal obligations, protect system integrity, or ensure security.
