Privacy Policy

Secuno LLC ("Secuno," "we," "us," or "our") operates WAPing, a WhatsApp messaging platform (the "Service"). This Privacy Policy explains what information we process, why we process it, and the choices you have. By using the Service, you acknowledge this policy.

If you are in the European Economic Area (EEA), Switzerland, or the United Kingdom, additional rights and legal bases apply as described below. California residents may have additional rights under the CCPA/CPRA as applicable.

For a procurement-oriented summary of certifications we do not hold and where binding processor terms live, see Compliance overview for buyers.

Secuno LLC is the data controller for personal data processed in connection with our website (waping.app), marketing, and account relationship with business customers, unless we act strictly as a processor on your instructions (for example, when we host message content you send through the WAPing platform on behalf of your organization — see our Data Processing Addendum).

Contact: [email protected] (or [email protected] for general legal notices). Postal: Secuno LLC, United States — registered mailing address available on request via [email protected].

Account & identity

• Name, email address, company name, and billing details when you register or purchase a subscription.
• Authentication data (hashed credentials, session tokens, API keys metadata) needed to secure access.

Service & usage data

• Content and metadata you submit through the Service (e.g. messages, templates, contacts, campaign settings, device labels) as required to deliver features you configure.
• Technical logs: IP address, device/browser type, timestamps, API request metadata, error logs, and security signals (e.g. rate-limit events).
• Support interactions: messages you send to us by email or contact form, and internal notes needed to resolve tickets.

Payments

Payment processing is handled by our payment service provider. We do not store full payment card numbers on our servers; we receive limited billing status and last-four digits where needed for invoicing.

Information we do not sell

We do not sell your personal information as a product. We do not use your customer lists for third-party advertising networks.

• To provide, operate, and improve the Service (routing, delivery, dashboards, APIs, webhooks, and reliability).
• To authenticate users, prevent fraud and abuse, enforce our Terms and Acceptable Use Policy, and protect the platform.
• To communicate with you about the Service (service notices, security alerts, billing, support responses).
• To analyze aggregated or de-identified usage to improve performance and product design.
• To comply with legal obligations and respond to lawful requests from authorities, subject to applicable law.

Where GDPR applies, we rely on one or more of the following:

• Contract — processing necessary to perform our agreement with you.
• Legitimate interests — securing the Service, preventing abuse, improving the product, and internal analytics, balanced against your rights.
• Legal obligation — where the law requires us to retain or disclose data.
• Consent — where required (for example, non-essential cookies or certain marketing communications), which you may withdraw at any time.

We share personal data only as needed with:

• Infrastructure and service providers (hosting, databases, email delivery, logging, customer support tooling) bound by data-processing terms.
• Payment processors for billing.
• Professional advisers where required (lawyers, auditors) under confidentiality obligations.
• Authorities when required by law or to protect rights, safety, and integrity of users and the public.

A current list of categories of sub-processors is available on request to enterprise customers and may be summarized in your order form or DPA. We remain responsible for their processing in line with our agreements.

We may process data in the United States and other countries where we or our providers operate. Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures where required.

We retain data only as long as needed for the purposes above, including legal, accounting, and dispute-resolution requirements. Message and log retention may follow plan limits you select in the product. When data is no longer needed, we delete or anonymize it in accordance with our internal schedules, subject to backup rotation and legal holds.

We implement administrative, technical, and organizational measures designed to protect personal data — including encryption in transit, access controls, least-privilege practices, monitoring, and training. No method of transmission or storage is 100% secure; we notify you of certain breaches where the law requires.

Further detail appears on our Security page. That page is descriptive and does not substitute for a SOC 2 report or other attestation we do not publish.

Depending on your location, you may have the right to:

• Access, correct, or delete your personal data.
• Object to or restrict certain processing, or request portability.
• Withdraw consent where processing is consent-based.
• Lodge a complaint with a supervisory authority.

To exercise rights, email [email protected]. We will verify your request as required by law and respond within the applicable timeframe. California residents may designate an authorized agent; we may require proof of authorization.

Our website and app use cookies and similar technologies as described in our Cookie Policy. You can control non-essential cookies through our banner (where provided) and browser settings.

The Service is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. For material changes, we will provide additional notice as appropriate (e.g. email or in-product notice). Continued use after the effective date constitutes acceptance unless prohibited by law.

Questions about this Privacy Policy or our data practices: [email protected]