HomeHow It Works PricingAbout Us FAQsContact
Legal

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, why, and how we protect it.

Last updated: June 1, 2025  ·  Effective: June 1, 2025  ·  Questions? Contact us

1. Introduction

Whatpilot ("we", "our", "us") operates a WhatsApp automation platform for Shopify merchants. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our services, including our Shopify app, website (whatpilot.app), and related tools.

By using Whatpilot, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, Shopify store URL when you sign up
  • Billing information: Processed by our payment provider (Stripe). We do not store full card numbers
  • Support communications: Messages you send to our support team
  • WhatsApp connection: We store session credentials to maintain your WhatsApp connection. These are encrypted at rest

2.2 Information from Shopify

When you install Whatpilot on Shopify, we receive access to:

  • Orders: order number, total, status, customer name and phone number
  • Customers: name, phone number, email, Shopify customer ID
  • Webhooks: real-time event notifications for orders, fulfillments, cancellations, and checkouts

We access only the minimum data required to provide our automation services. We do not access product inventory, payment card data, or admin credentials.

2.3 Message Metadata

We log metadata about messages sent through Whatpilot, including: recipient phone number (hashed for storage), message type, delivery status, timestamp, and automation trigger. We do not store the full content of WhatsApp messages on our servers — messages are end-to-end encrypted by WhatsApp's protocol.

2.4 Usage Data

We automatically collect information about how you use our dashboard, including pages visited, features used, and performance data. This helps us improve the product.

3. How We Use Your Information

  • To provide, operate, and maintain the Whatpilot service
  • To send automated WhatsApp messages on behalf of your store
  • To process billing and manage your subscription
  • To provide customer support and respond to your inquiries
  • To send product updates, security alerts, and administrative notifications
  • To analyze usage patterns and improve our platform
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

We do not sell your data or your customers' data to third parties. We do not use your data to train AI models.

4. Data Sharing

We share your information only in these limited circumstances:

  • Service providers: Trusted partners who help us operate (hosting, payments, analytics) — bound by data processing agreements
  • Shopify: As required to provide the app integration
  • Legal requirements: If required by law, court order, or governmental authority
  • Business transfers: In the event of a merger or acquisition, with notice provided to you

5. GDPR & Data Rights (EU/EEA Users)

If you are located in the European Economic Area, you have the following rights under GDPR:

  • Right of access: Request a copy of the data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restriction: Request that we limit processing of your data
  • Right to portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests

To exercise any of these rights, contact us at whatpoilt1@gmail.com. We will respond within 30 days.

6. Your Customers' Data

When you use Whatpilot, your customers' phone numbers and names are processed by our system to send automations. You are the data controller for your customers' data. We are a data processor acting on your instructions.

You are responsible for:

  • Ensuring you have a legal basis to send WhatsApp messages to your customers
  • Providing a way for your customers to opt out of messages
  • Complying with applicable privacy laws in your jurisdiction

Whatpilot automatically handles opt-out requests — when a customer replies with "STOP", they are marked as opted-out and no further messages are sent.

7. Cookies

Our website uses essential cookies to maintain your session and preferences. We use analytics cookies (with your consent) to understand how visitors use our website. You can control cookie preferences through your browser settings.

We do not use third-party advertising cookies.

8. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • WhatsApp session credentials encrypted at rest using AES-256
  • Regular security audits and penetration testing
  • Strict access controls — only authorized personnel can access production data
  • Automated backups with encrypted storage

No method of transmission or storage is 100% secure. We will notify you promptly in the event of any data breach affecting your account.

9. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Account and billing data: deleted within 30 days
  • Message logs and analytics: deleted within 90 days
  • Backup copies: deleted within 180 days

Some data may be retained longer where required by law (e.g., tax records for 7 years).

10. International Transfers

Our servers are located in Europe (Germany). If you are accessing our services from outside Europe, your information may be transferred across international borders. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Whatpilot is not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email and by posting the new policy on this page with an updated "Last updated" date. Your continued use of Whatpilot after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us at: