Privacy Policy

Aumpfy is the data controller for personal information collected through the Waumfy platform. For questions regarding this policy or our data practices, contact us at info@aumpfy.com.

We collect the following categories of personal information:

We process your personal data on the following legal bases:

• Contractual necessity: Processing required to deliver the Service you have subscribed to, including account management, message delivery, and billing.
• Legitimate interests: Security monitoring, fraud prevention, service improvement, and aggregate analytics, where these interests are not overridden by your privacy rights.
• Legal obligation: Compliance with applicable laws, regulations, and lawful requests from competent authorities.
• Consent: Where we request your consent for a specific processing activity (e.g., marketing communications), you may withdraw that consent at any time.

We use the information we collect to:

• Create and manage your account and authenticate your access.
• Provide, operate, and maintain the WhatsApp API platform and all associated features.
• Process subscription payments, apply discounts, and issue invoices.
• Deliver inbound and outbound WhatsApp messages on your behalf.
• Send transactional emails, including account confirmations, billing receipts, subscription renewals, and service alerts.
• Detect, investigate, and prevent fraudulent, abusive, or illegal activity.
• Monitor service performance, diagnose technical issues, and improve the Platform.
• Comply with legal obligations and respond to lawful requests from authorities.
• Communicate with you about product updates, new features, and changes to our policies (you may opt out of non-essential communications).

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

We share your data only in the following circumstances:

• Service providers: We engage trusted third-party processors to operate our infrastructure, including database hosting (Railway / PostgreSQL), cloud infrastructure, and email delivery services. These providers process your data solely on our instructions and are bound by data processing agreements.
• Payment processor: Razorpay processes payment transactions. Your card and payment credentials are governed by Razorpay's Privacy Policy.
• WhatsApp: Messages you send through the Platform are transmitted via WhatsApp's network. WhatsApp's own data practices apply to that transmission.
• Legal requirements: We may disclose your data if required by law, court order, or a government authority with appropriate jurisdiction, or to protect the rights, property, or safety of Aumpfy, its users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified by email and/or a prominent notice on our website at least 30 days before your data becomes subject to a different privacy policy.

• Account data: Retained for the duration of your account and for up to 30 days after account closure, after which it is permanently deleted.
• Message logs: Retained for 90 days by default. You may export or delete logs from your dashboard at any time.
• Billing records: Retained for 7 years as required by applicable financial regulations.
• Server access logs: Retained for 30 days for security monitoring purposes.
• Support correspondence: Retained for 2 years from the date of your last interaction with our support team.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: API keys and sensitive credentials are encrypted using AES-256.
• Password hashing: Passwords are hashed using bcrypt with a salt factor of 12 before storage.
• Access controls: Production system access is restricted to authorised personnel via multi-factor authentication.
• Monitoring: We continuously monitor for anomalous activity, intrusion attempts, and security incidents.

Despite these measures, no method of transmission or storage is 100% secure. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

We use the following types of cookies:

• Strictly necessary cookies: Required for the Platform to function, including authentication session tokens and security tokens. These cannot be disabled.
• Functional cookies: Store your preferences such as theme (light/dark) and sidebar state to improve your experience.

We do not use advertising, tracking, or analytics cookies from third-party advertising networks. We do not engage in cross-site tracking.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to restriction: Request that we restrict the processing of your data in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@aumpfy.com. We will respond to all verified requests within 30 days. We may need to verify your identity before processing certain requests.

Our servers and infrastructure providers may be located in jurisdictions outside your country of residence, including India and other countries. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, to protect your data in accordance with applicable privacy laws.

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly. If you believe we have collected data from a minor, please contact us at info@aumpfy.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by sending an email to your registered address and/or posting a prominent notice on the Platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to working with you to resolve any concerns about your privacy. If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.