Privacy Policy

WanguCRM (“we,” “our,” or “us”) operates the WanguCRM WhatsApp CRM and Shared Inbox platform. We are committed to protecting the privacy and security of your business data and the personal information of your customers.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and web application. By accessing or using WanguCRM, you consent to the data practices described in this policy.

We operate in compliance with applicable data protection laws in Africa, specifically the Cyber Security and Data Protection Act [Chapter 12:07] of Zimbabwe and the Protection of Personal Information Act (POPIA) of South Africa.

To provide our shared WhatsApp inbox and CRM features, we collect and process the following categories of information:

• Account Information: When you register, we collect your name, business name, phone number, email address, and authentication credentials.
• WhatsApp Business API Data: In order to synchronize chats, we process incoming and outgoing WhatsApp messages, contacts, phone numbers, media attachments, and message status metadata.
• EcoCash & Payment Metadata: For billing, we process transaction references, mobile numbers, and payment status. We do not store PINs or banking credentials.
• Usage & Device Data: We collect technical logs (IP addresses, browser type, operating system, and access times) to ensure stability, security, and optimize performance over local networks (such as 3G/4G).

We process your personal and business data strictly to fulfill our contract with you, specifically:

• Providing, operating, and maintaining the Shared WhatsApp Inbox and CRM.
• Processing subscription payments through EcoCash and other billing channels.
• Sending system alerts, setup notifications, and product updates.
• Providing customer support (via email or our dedicated WhatsApp support channel).
• Detecting, preventing, and addressing technical bugs, security incidents, or abuse.

We do not use your WhatsApp message history for marketing purposes, nor do we run automated ads targeting your customers.

We do not sell, rent, or trade your data to third parties. We share data only with trusted sub-processors necessary to run the service:

• Meta (WhatsApp Business API): Message payloads are transmitted through Meta’s servers as part of the official WhatsApp Business Cloud API.
• Cloud Infrastructure: We host our services and databases on secure, encrypted cloud servers.
• Payment Gateways: Transaction details are shared with authorized payment service providers in Zimbabwe (e.g., Paynow/EcoCash API integrations) solely to verify subscription payments.

We ensure all third-party sub-processors adhere to strict confidentiality agreements and implement appropriate security standards.

We implement rigorous security measures to protect your data:

• Tenant Isolation: Each business has an isolated database configuration, ensuring your customer records, tags, and notes cannot be accessed by other users of the platform.
• Encryption: All connection payloads are encrypted using SSL/TLS in transit, and databases are encrypted at rest.
• Access Control: Access to our systems is restricted to authorized personnel who require it to perform maintenance or support services.

We retain your data only for as long as your account remains active or as needed to provide you services:

• WhatsApp Message Cache: Messages are cached on our servers to enable team search, loading chats, and generating analytics. If you disconnect your WhatsApp account, this cache can be deleted upon request.
• Account Deletion: If you close your WanguCRM account, we delete or anonymize all associated business records and chat histories within 30 days, except where law requires us to retain payment histories for tax audits.

Under the Cyber Security and Data Protection Act of Zimbabwe and POPIA, you and your customers have the following rights:

• Right to Access: Request a copy of the personal data we hold about your business.
• Right to Rectification: Request correction of inaccurate or incomplete information.
• Right to Erasure: Request the deletion of personal data under certain conditions.
• Right to Object: Object to processing of personal data for direct marketing or profiling.
• Right to Withdraw Consent: Withdraw your consent at any time (e.g., by revoking cookie consent or account registration).

To exercise any of these rights, please contact our Data Protection Officer at privacy@wangucrm.com.