This Privacy Policy explains how Digital Bridge Apps (“we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data when you use our websites, applications, platforms, APIs, and services, including:

• WhatsApp Business Cloud API SaaS solutions
• Messaging, notifications, and broadcast services
• Chatbot and automation services
• Digital marketing and customer engagement solutions
• Web, mobile, and API-based integrations

This Privacy Policy applies to:

• Visitors to our websites
• Customers (businesses) and their authorized users
• End-users who communicate with our customers via WhatsApp or supported channels
• Business partners and vendors providing services on our behalf

• Personal Data: Information relating to an identified or identifiable individual.
• Customer: A business or organization using our SaaS services.
• End-User: A person who interacts with a Customer through WhatsApp or other channels.
• Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).
• Controller / Processor: As defined under applicable data protection laws.

3.1 Information You Provide

• Name, company name, job title (if provided)
• Email address and phone number
• Account credentials and authentication details
• Support requests and communications
• Configuration data (e.g., Phone Number ID, Business Account ID, access tokens, webhook URLs)
• Billing details (handled via payment processors where applicable)

3.2 Messaging & WhatsApp Data (Processed for Customers)

When Customers use our WhatsApp Cloud API services, we may process the following on their behalf:

• Phone numbers (sender/recipient)
• Message content (text, media, documents) as sent through the platform
• Message metadata (timestamps, delivery/read status, message IDs)
• Template names and variable parameters
• Conversation and chatbot flow interaction data
• Location data only if an end-user explicitly shares it

3.3 Automatically Collected Data

• IP address, device type, browser type, operating system
• Log data (access times, pages viewed, error logs, request identifiers)
• Usage and performance metrics to improve stability and security
• Cookies and similar technologies (see Cookies section below)

• Provide, operate, and maintain the platform and APIs
• Deliver messages/notifications and enable chatbot automation
• Authenticate users and manage access permissions
• Manage subscriptions, billing, invoices, and payments
• Provide customer support and respond to inquiries
• Monitor for fraud, abuse, and security incidents
• Improve features, usability, and service performance
• Comply with legal obligations and enforce our agreements

We process personal data based on one or more of the following legal grounds (as applicable):

• Performance of a contract (to provide the services you request)
• Compliance with legal obligations
• Legitimate interests (e.g., securing and improving our services)
• Consent (where required by applicable law)
• Customer instructions (for message data processed on behalf of Customers)

• For platform account, billing, and admin data: Digital Bridge Apps acts as a Data Controller.
• For WhatsApp message content and end-user messaging data: Digital Bridge Apps generally acts as a Data Processor on behalf of the Customer (the Customer is the Controller).

We do not sell personal data. We share data only as needed to provide the services:

• Meta / WhatsApp (to send and deliver messages)
• Hosting and infrastructure providers (cloud hosting, storage, backups)
• Payment processors (e.g., Stripe, PayTabs) to handle transactions and invoices
• Analytics / monitoring tools to improve stability and security
• Legal authorities where required by law or valid legal process
• Subcontractors who support service delivery under confidentiality and security obligations

Your data may be processed and stored in countries outside the UAE depending on infrastructure and subprocessors used. We apply appropriate safeguards such as contractual protections, access controls, and security measures to protect data during transfers.

We retain personal data only as long as necessary to provide services, meet contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements.

• Account and billing data may be retained for legal, tax, and audit requirements.
• Messaging data retention is generally controlled by the Customer, subject to technical and legal constraints.
• Customers may request deletion of their data where applicable and subject to legal obligations.

We implement industry-standard security controls, including:

• TLS/HTTPS encryption in transit
• Secure authentication and access control (role-based permissions)
• Logging, monitoring, and abuse prevention
• Least-privilege access principles for staff and systems
• Regular review of security measures and platform hardening

While we take reasonable steps to protect data, no method of transmission or storage is 100% secure.

We use cookies and similar technologies to enable core functionality, improve performance, and understand usage trends. You may manage cookies through your browser settings.

• Essential cookies: required for login/session security and basic functions
• Performance cookies: help us understand performance and improve reliability

Depending on applicable law, you may have rights such as:

• Request access to personal data
• Request correction of inaccurate data
• Request deletion (where applicable)
• Object to or restrict processing (where applicable)
• Withdraw consent (where processing is based on consent)
• Request data portability (where applicable)

Our services are intended for business use and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate action.

Our platform may integrate with third-party services (including WhatsApp/Meta, payment processors, and analytics/monitoring tools). Their handling of data is governed by their own policies and terms. We encourage you to review those policies.

Where permitted by law, we may send service announcements or marketing communications. You may opt out at any time by using the unsubscribe mechanism (if available) or by contacting us.

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date. Continued use of our services indicates acceptance of the updated policy.