Legal

Privacy Policy

Last updated:

Metiox Solutions LLC ("WhautX", "we", "us", or "our") operates the WhautX platform, a cloud-based WhatsApp Business messaging and automation service. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform.

By accessing or using WhautX, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.

1. Company Information

Metiox Solutions LLC ("Metiox", "we", "us", or "our") operates WhautX, a cloud-based WhatsApp Business messaging and automation platform, and is the data controller for the personal information collected through it.

  • Legal entity: Metiox Solutions LLC
  • Registered address: Sharjah Media City, Sharjah, United Arab Emirates
  • Email: [email protected]
  • Support: [email protected]
  • Website: https://whautx.com

2. Information We Collect

We collect the following categories of information to provide and improve the WhautX platform.

Account Information

  • Full name
  • Email address
  • Phone number
  • Company name
  • Billing details (processed by our payment provider)

WhatsApp Data

  • WhatsApp Business Account IDs (WABA ID)
  • Phone Number IDs
  • Template names and content
  • Message logs (metadata)
  • Contact data uploaded by customers

Technical Data

  • IP addresses
  • Browser type and version
  • Device information
  • Cookies and session tokens
  • Anonymized usage analytics

3. How We Use Information

We use the information we collect to:

  • Provide WhatsApp messaging services
  • Deliver automation workflows and AI features
  • Send transactional notifications
  • Process payments and manage subscriptions
  • Improve platform performance and reliability
  • Prevent fraud, abuse, and policy violations
  • Comply with legal and regulatory obligations

4. WhatsApp & Meta Data Usage

This section governs how we handle WhatsApp Business Platform data.

  • We access and process WhatsApp Business Platform data solely to provide the services our customers request. We do not sell, rent, lease, or otherwise commercially exploit WhatsApp message content for advertising, marketing, or any purpose outside of providing the WhautX platform.
  • We process WhatsApp data on behalf of our customers. Our customers — not WhautX — are the data controllers for the contact lists and message content they upload.
  • Meta Platforms, Inc. may receive data directly through the WhatsApp Business Platform for the purpose of message delivery and platform operation. Meta's handling of that data is governed by Meta's own privacy policy.
  • Customers are responsible for obtaining lawful opt-in consent from their end users before sending WhatsApp messages through WhautX, in accordance with the WhatsApp Business Messaging Policy.

5. Customer Responsibilities

When using WhautX, customers agree to:

  • Obtain proper opt-in consent from all contacts before sending WhatsApp messages
  • Comply with the WhatsApp Business Messaging Policy, the WhatsApp Commerce Policy, and Meta Platform Terms
  • Not send unsolicited messages, spam, or messages to contacts who have opted out
  • Not upload unlawful, infringing, or policy-violating data to the platform
  • Respect applicable privacy and data protection regulations, including GDPR and the UAE Personal Data Protection Law
  • Maintain records of consent for the duration required by applicable law

6. Data Retention

We retain personal information for as long as necessary to provide our services and comply with our legal obligations.

  • Message logs (metadata): retained for up to 90 days, unless otherwise required by law or requested by the customer
  • Account information: retained for the lifetime of the account, plus a reasonable period for tax, accounting, and legal purposes after closure
  • Billing records: retained for 7 years in accordance with UAE accounting requirements
  • Backup copies: retained for up to 35 days on encrypted backup infrastructure

7. Data Sharing

We disclose information only as described below.

Service Providers

  • Cloud hosting providers (AWS, hosted in UAE and EU regions)
  • Payment processors (Stripe)
  • Email delivery providers (transactional email only)
  • Analytics providers (anonymized usage data)

Legal Requests

  • When required by law, court order, or valid legal process
  • To cooperate with government investigations
  • To enforce our Terms and protect our rights

Meta Platforms, Inc.

Some information is transmitted to Meta as required for WhatsApp message delivery and platform operation. Meta's handling of this data is governed by Meta's privacy policy.

We do not sell personal information to third parties for advertising or marketing purposes.

8. International Data Transfers

WhautX uses cloud infrastructure operated in the UAE and the EU. Some of our service providers may process data in other jurisdictions.

  • Cloud hosting: data centers in the UAE (Sharjah) and EU (Frankfurt, Ireland)
  • Payment processing: cross-border transfers as required for transaction clearing
  • Customer support tools: hosted in the EU

Where personal data is transferred outside the UAE or EU, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) and equivalent legal mechanisms, to ensure your data remains protected.

9. Security Measures

We implement industry-standard security measures designed to protect your information, including:

  • Industry-standard encryption of data in transit and at rest
  • Secure authentication with role-based access controls and least-privilege principles
  • Secure infrastructure practices, monitoring, and access management
  • Regular vulnerability management and patching
  • Encrypted backups with restricted access

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Cookies

We use cookies and similar technologies to operate the platform:

  • Essential cookies: required for authentication, session management, and security — cannot be disabled
  • Analytics cookies: anonymized usage analytics to help us improve the platform — can be disabled
  • Preference cookies: store your language and display preferences — can be disabled

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

11. User Rights

GDPR Rights (for EU and EEA residents)

  • Right of access — request a copy of your personal data
  • Right of rectification — correct inaccurate or incomplete data
  • Right of erasure ("right to be forgotten") — request deletion of your data
  • Right of data portability — receive your data in a portable format
  • Right of restriction — limit how we process your data
  • Right to object — object to certain types of processing
  • Right to lodge a complaint with a supervisory authority

UAE Privacy Rights (under the Personal Data Protection Law)

  • Right to request information about how your data is processed
  • Right to correct inaccurate data
  • Right to request deletion, where applicable

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

12. Children's Privacy

The WhautX platform is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected information from a minor, we will delete it promptly.

13. Changes To This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, the platform, or applicable law. The "Last updated" date at the top of this policy indicates when the latest changes took effect. Material changes will be communicated by email or through the platform.

14. Contact Information

For privacy-related questions or to exercise your rights, contact us at [email protected] or by postal mail at the address listed in Section 1.

15. AI Processing & Automated Decision-Making

Certain features of the Service may use artificial intelligence technologies to generate suggested responses, automate workflows, classify messages, summarize conversations, or assist users in managing communications.

Customer data may be processed by AI systems solely for providing these features within the WhautX platform. We do not use customer message content to train public AI models without explicit customer consent.

AI-generated outputs are provided for assistance only and may not be accurate or complete. Customers remain responsible for reviewing AI-generated content before use or distribution.

16. Data Breach Response

If we become aware of a security incident affecting personal information, we will investigate promptly and take reasonable steps to contain and remediate the incident.

Where required by applicable law, we will notify affected customers without undue delay and provide information necessary for them to meet their own regulatory obligations.

Notification timing, content, and method will be determined based on the nature of the incident, applicable legal requirements, and the information available at the time of the investigation.

17. Business Transfers

If WhautX is involved in a merger, acquisition, financing, reorganization, asset sale, or similar transaction, customer information may be transferred as part of that transaction, subject to applicable privacy laws.

We will provide reasonable notice before customer information becomes subject to a different privacy policy. Customers may then have the right to opt out or request account closure in accordance with our standard practices.

18. Data Processor & Controller Roles

Under applicable data protection law, including the EU General Data Protection Regulation (GDPR), the parties have the following roles with respect to customer-uploaded contact information and message content:

  • Customers act as the Data Controller and are responsible for determining the lawful basis for processing personal data, obtaining necessary consents, and responding to data subject requests
  • WhautX acts as the Data Processor and processes personal data only on the documented instructions of the Data Controller
  • WhautX does not sell personal data and does not determine the purposes or means of processing

Customers may request a Data Processing Addendum (DPA) governing our processing activities by contacting [email protected].

20. Account Deletion Process and Timelines

You may delete your WhautX account at any time. We provide the following deletion mechanisms and timelines:

  • In-product deletion — go to Settings → Account → Delete Account. Your account is scheduled for deletion immediately and access is revoked within 24 hours
  • Email request — send a deletion request from the email address associated with your account to [email protected] with the subject line "Account Deletion Request". We confirm receipt within 5 business days
  • Verification — to prevent unauthorized deletion, we verify your identity via the email address on file before proceeding. We may ask for additional verification if your account has had recent security events
  • Data deletion timeline — personal data is permanently deleted within 30 days of verification. Backup copies are purged within 90 days. Aggregated, non-identifiable analytics may be retained
  • Legal retention exceptions — we retain data only where required by law (tax invoices for 7 years per UAE Federal Decree-Law No. 28 of 2022, anti-money-laundering records, ongoing legal holds). Retention scope and duration are limited to the legal requirement
  • WhatsApp data on Meta — message content and contact data synced with Meta's WhatsApp Business Platform remains subject to Meta's own data retention and deletion policies. You can disconnect your WhatsApp account at any time from Settings → WhatsApp

After deletion, we retain only a minimal audit record (account email, deletion timestamp, request ID) for regulatory and anti-fraud purposes for the legally required period.

21. Public Subprocessor List

WhautX uses the following third-party subprocessors to provide the platform. Each subprocessor is bound by appropriate data-processing agreements and security obligations:

  • Meta Platforms, Inc. (WhatsApp Business Platform) — message delivery and contact storage
  • Amazon Web Services (EU/UAE regions) — hosting, compute, and database services
  • Cloudflare, Inc. — content delivery, DDoS protection, and edge caching
  • Upstash, Inc. (Redis-compatible serverless) — job queue and rate-limit cache
  • Cloudflare R2 (S3-compatible object storage) — media and attachment storage
  • Stripe, Inc. — payment processing and subscription billing (card data handled directly by Stripe under PCI-DSS Level 1; we do not store raw card numbers)
  • Resend / transactional email provider — account verification, security alerts, billing notifications

We notify customers at least 30 days in advance of adding a new subprocessor that processes personal data. Customers may object to a new subprocessor by contacting [email protected]; if we cannot resolve the objection, the customer may terminate their subscription for a pro-rated refund.

22. Suspension and Termination for Meta Policy Violations

WhautX operates as a WhatsApp Business Solution Provider (BSP) under Meta's WhatsApp Business Platform Terms and the Meta Platform Terms. Customers must comply with:

  • The WhatsApp Business Messaging Policy — including restrictions on unsolicited messaging, content categories (no illegal, deceptive, threatening, or hateful content), and 24-hour customer service window rules
  • The Meta Commerce Policy and Meta Advertising Standards — when using WhautX for transactional, marketing, or authentication messaging flows
  • The Meta Platform Terms — including requirements for accurate business information, lawful use of Meta's APIs, and prohibitions on resale of API access
  • Applicable local laws — including telecommunications regulations, anti-spam laws (e.g. CAN-SPAM, GDPR PECR, India DPDPA), and consumer protection rules

If Meta notifies us of a policy violation associated with your account, or if we independently detect conduct that may result in Meta placing your WhatsApp number in a low-quality, restricted, or banned status, we may:

  • Immediately suspend message-sending capability to prevent further damage to your account's quality rating
  • Temporarily suspend account access pending your written explanation and a remediation plan
  • Terminate the account without refund if the violation is material, repeated, or involves illegal content

We will notify you of suspension or termination by email at the address on file, with the reason and any required remediation steps. Appeals may be submitted to [email protected] within 14 days; we respond to appeals within 10 business days.

23. Transmission Security and Encryption

All data transmitted between your browser, the WhautX application, and our backend services is encrypted in transit using Transport Layer Security (TLS) version 1.2 or higher. This includes:

  • Browser-to-application traffic — HTTPS only; HTTP requests are automatically redirected to HTTPS (HTTP Strict Transport Security / HSTS is enabled)
  • Application-to-backend traffic — all internal API calls use TLS; unencrypted internal traffic is not permitted in any environment
  • Storage encryption at rest — uploaded media is encrypted at rest in object storage using AES-256; database snapshots and backups are encrypted using the storage provider's default encryption
  • Sensitive field encryption — WhatsApp access tokens and PINs are encrypted at the application level using AES-256-GCM with a per-tenant key derived from the master encryption key stored in environment variables
  • Key rotation — production encryption keys are rotated at least annually and on any suspected compromise

Despite our safeguards, no method of transmission or storage is 100% secure. We notify affected users of material security incidents in accordance with applicable law (within 72 hours for GDPR breach notifications where applicable).

Contact

[email protected]
Metiox Solutions LLC — Sharjah Media City, Sharjah, United Arab Emirates