Effective Date: February 19, 2026 |
Last Updated: April 26, 2026
1. Introduction
INIC ("we", "our", or "us") operates the WhatsApp API Management Platform accessible at
https://wap.inic.in (the "Service"). This Privacy Policy explains
how we collect, use, disclose, and protect information when you use our Service, including
our integration with the Meta (Facebook) WhatsApp Business API.
By accessing or using the Service, you agree to the collection and use of information in
accordance with this policy.
2. Information We Collect
Account Information
- Username and hashed password
- Account type (admin, manager, or agent)
- WhatsApp phone number associated with the account
WhatsApp & Messaging Data
- Phone numbers of message recipients and senders
- Message content sent and received through the Service
- Message delivery status and timestamps
- Template names and message logs (outbox)
- Auto-reply rules and keyword configurations
- Subscriber lists and opt-out records
Meta / Facebook API Data
- WhatsApp Business Account (WABA) ID and phone number ID
- Meta access tokens (stored encrypted, used to send messages via Meta's API)
- Message templates from your Meta Business account
Technical Data
- IP address and browser/device information (for authentication logs)
- Session data and authentication tokens (JWT, stored in cookies)
- Usage logs and queue statistics
3. How We Use Your Information
- To provide and operate the WhatsApp messaging Service
- To authenticate users and enforce access controls
- To send and receive WhatsApp messages on your behalf via whatsapp-web.js or Meta's Cloud API
- To process auto-replies, bulk messaging, and scheduled messages
- To maintain message logs and delivery reports
- To manage subscriber lists and opt-out requests
- To comply with Meta's WhatsApp Business Platform Terms
- To detect and prevent fraud or unauthorised access
4. Meta / Facebook Login & Permissions
We use the Facebook Login SDK and Meta's Embedded Signup flow to allow users to connect
their WhatsApp Business Account to this platform. When you authenticate via Facebook Login,
we receive an access token used solely to access your WhatsApp Business Account data
(phone numbers, message templates, webhook configuration) through the Meta Graph API.
Permissions We Request and Why
| Permission |
Purpose |
| whatsapp_business_management |
To list your WhatsApp Business Accounts (WABAs), retrieve connected and verified phone numbers, and subscribe to webhooks so incoming messages are delivered to your dashboard in real time. |
| whatsapp_business_messaging |
To send WhatsApp messages, media files, and approved message templates on behalf of your connected WhatsApp Business number. Used for transactional notifications, customer support replies, and broadcast campaigns. |
| whatsapp_business_manage_events |
To receive real-time delivery receipts, message read status updates, and incoming message notifications via Meta's webhook system. This powers the live inbox and conversation tracking features on the dashboard. |
| manage_app_solution |
To configure and manage our WhatsApp Business Platform integration, including setting up webhook subscriptions and API access for connected business accounts across our multi-user platform. |
| business_management |
To identify which WhatsApp Business Accounts and phone numbers belong to your Facebook Business Account, enabling seamless account linking during the connection flow. |
- We do not post to your Facebook profile or access personal Facebook data beyond what is necessary for WhatsApp Business API access.
- Access tokens are stored securely and encrypted on our server and are only used to interact with the Meta WhatsApp Business API on your behalf.
- We do not share your Meta access tokens with any third party.
- You can revoke our access at any time via your Facebook Business Integrations settings or by disconnecting your number from the platform dashboard.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
- Meta Platforms: Messages and templates are transmitted through Meta's WhatsApp Business API. Meta's Privacy Policy governs their handling of this data.
- Legal obligations: We may disclose information if required by law or to protect the rights and safety of our users.
- Service providers: Infrastructure and hosting providers who process data on our behalf under strict confidentiality obligations.
6. Data Retention
- Message logs are retained for operational purposes and can be deleted on request.
- Account data is retained for as long as your account is active.
- Meta access tokens are removed when you disconnect your Meta session.
- Subscriber and opt-out records are retained to honour unsubscribe preferences.
7. Data Security
We implement appropriate technical and organisational measures to protect your data,
including HTTPS encryption (TLS), hashed password storage, JWT-based authentication,
and server-side access controls. However, no method of transmission over the internet
is 100% secure.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Object to or restrict processing of your data
- Withdraw consent at any time (e.g., disconnect your Meta account)
- Lodge a complaint with your local data protection authority
To exercise these rights, contact us at the email address below.
9. Cookies
We use session cookies for authentication (JWT tokens). The Facebook JS SDK may set
its own cookies for the Facebook Login flow. We do not use advertising or tracking
cookies.
10. Third-Party Services
11. Children's Privacy
This Service is not directed at individuals under the age of 13. We do not knowingly
collect personal data from children. If you believe a child has provided us with
personal data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this
page with an updated effective date. Continued use of the Service after changes
constitutes your acceptance of the revised policy.
13. Contact Us
If you have questions or concerns about this Privacy Policy or wish to exercise your
data rights, please contact us: