Privacy Policy

Last updated: May 30, 2026

This Privacy Policy describes how Acticate Tech Pvt Ltd ("Acticate", "we", "us", or "our") collects, uses, discloses, and protects personal and business information when you access our website at https://actiwapi.com and use the ActiWAPI WhatsApp API SaaS platform (the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Important notices

Your responsibility for consent: You are solely responsible for obtaining all legally required consents, permissions, and opt-ins from individuals before sending them messages, adding them to contact lists, or processing their personal data through the Service. Acticate does not verify that you have obtained such consent.
Facilitation only: ActiWAPI is a technology platform that facilitates WhatsApp communication between you and your contacts. We do not control the content of messages you send or receive, and we are not a party to your communications with end users.
No affiliation with Meta: ActiWAPI is operated by Acticate Tech Pvt Ltd and is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc. WhatsApp is a trademark of Meta Platforms, Inc. Your use of WhatsApp through the Service remains subject to WhatsApp's own terms and policies.
No connectivity guarantee: We do not guarantee uninterrupted, error-free, or permanent WhatsApp connectivity. Session availability may be affected by WhatsApp policies, network conditions, device linking limits, account restrictions, maintenance, or factors outside our reasonable control.

1. Information collected

We collect information necessary to provide, secure, bill, and improve the Service. The categories of information we may collect include those described in Sections 2 through 8 below. We collect information directly from you, automatically when you use the Service, and from third parties such as payment processors where applicable.

2. Account information

When you register for or administer an account, we may collect:

Full name, email address, and mobile number (if provided)
Business or organization name, billing address, and tax identifiers (e.g., GSTIN) where applicable
Hashed passwords and authentication tokens (we do not store plain-text passwords)
Role assignments (e.g., owner, admin, member) and team membership details
Account preferences, notification settings, and support correspondence
Logs of login activity, IP addresses, and device/browser metadata for security purposes

3. WhatsApp session information

To connect your WhatsApp number(s) to the Service, we process session-related technical data, which may include:

Session identifiers, connection status, and linked phone numbers
QR code pairing data and session lifecycle events (connected, disconnected, logged out)
Device or client metadata associated with the linked session, as required for session maintenance
Session health logs and error diagnostics used for troubleshooting and support

We do not claim ownership of your WhatsApp account. You are responsible for compliance with WhatsApp's acceptable use policies and for maintaining control of devices authorized to link your number.

4. Message metadata

When you send or receive messages through the Service, we may process message metadata required to deliver and log communications, such as:

Sender and recipient phone numbers (or identifiers)
Message type (text, image, document, audio, etc.), timestamps, and delivery status
Associated session ID, campaign ID, or API request identifiers
Message and media storage references where you enable message history or media features

Message content (text bodies, captions, and media files) may be transmitted through our systems to fulfill your instructions. We process message content only as necessary to provide the Service, enforce usage limits, prevent abuse, comply with law, and respond to support requests. You control what content is sent through your account.

5. Contact information

You may upload or sync contact data into the Service, including names, phone numbers, labels, groups, and custom fields. This information is stored on your behalf to enable messaging, campaigns, and CRM-style features. You represent that you have a lawful basis to collect and process such contact data and that you will honor opt-out and data subject requests applicable to your end users.

Acticate acts as a data processor with respect to contact data you upload, and you act as the data fiduciary/controller determining the purposes and means of processing that data, to the extent recognized under applicable Indian law including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), where applicable.

6. Payment information

Paid subscriptions and add-ons are processed through third-party payment gateways (including Razorpay). We do not store full credit or debit card numbers on our servers. We may receive and retain:

Subscription plan, billing cycle, invoice amounts, and payment status
Transaction IDs, Razorpay order/payment references, and GST-related billing records
Billing name, email, and address provided at checkout

Payment processors handle card and UPI data according to their own privacy policies and PCI-DSS obligations. Please review Razorpay's privacy documentation for details on how they process payment information.

7. Usage analytics

We collect usage and operational analytics to operate the Service, enforce plan limits, and improve reliability, including:

API request counts, endpoint usage, rate-limit events, and error rates
Message volumes, campaign statistics, webhook delivery outcomes, and quota consumption
Dashboard interactions, feature usage, and aggregated performance metrics
Diagnostic logs, crash reports, and security incident indicators

Where we use analytics on our marketing website, we may collect page views, referral sources, and similar non-sensitive metrics. See our Cookie Policy for more information.

8. Cookies

We use cookies and similar technologies on our website and authenticated application to maintain sessions, remember preferences, secure accounts, and understand how visitors use our marketing pages. Essential cookies are required for login and core functionality. For a detailed description of cookie types and your choices, please read our Cookie Policy.

9. How we use information

We use collected information to:

Provide, operate, maintain, and improve the Service
Authenticate users, manage multi-tenant workspaces, and enforce role-based access
Process subscriptions, trials, invoices, refunds, and add-on purchases
Deliver API, webhook, campaign, and messaging functionality you request
Monitor usage against plan limits and prevent fraud, abuse, or unauthorized access
Provide customer support and communicate service-related notices
Comply with applicable laws, regulations, court orders, and lawful government requests
Generate aggregated, de-identified statistics that do not identify you or your end users

We process personal data based on lawful grounds including your consent (where required), performance of our contract with you, compliance with legal obligations, and our legitimate interests in securing and improving the Service, balanced against your rights.

10. Data retention

We retain personal and business data for as long as your account is active or as needed to provide the Service, unless a longer retention period is required or permitted by law. Typical retention practices include:

Account data: retained while your subscription or trial is active and for a reasonable period thereafter to allow reactivation or resolve disputes
Message and contact data: retained according to your plan features and dashboard settings until you delete them or request account deletion, subject to backup cycles
Billing records: retained as required under Indian tax and commercial laws (typically up to eight years for accounting records where applicable)
Security and audit logs: retained for a limited period necessary for incident investigation and compliance

After retention periods expire, we delete or anonymize data in accordance with our internal data lifecycle procedures, except where anonymized aggregates are retained for analytics.

11. Data security

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction, including:

Encryption of data in transit (TLS/HTTPS) for communications with the Service
Hashed storage of credentials and secure management of API keys
Multi-tenant logical isolation so one customer's data is not accessible to another
Role-based access controls for team members within your workspace
Regular monitoring, logging, and review of security-relevant events

No method of transmission or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your passwords, API keys, and webhook secrets.

12. Third-party services

We engage trusted third-party service providers who process data on our behalf to operate the Service, which may include:

Cloud hosting and database infrastructure providers
Payment processors (e.g., Razorpay)
Email delivery and customer communication tools
Monitoring, logging, and security vendors

These providers are contractually required to use personal data only for the purposes we specify and to maintain appropriate confidentiality and security measures. We do not sell your personal data to third parties for their marketing purposes.

When you integrate third-party systems via API or webhooks, data you choose to share with those systems is governed by their respective privacy policies, not this Policy.

13. Webhook processing

If you configure webhooks, we transmit event payloads (which may include message metadata, session events, or campaign updates) to URLs you specify. You are responsible for:

Securing your webhook endpoints (HTTPS, authentication, validation)
Ensuring your receipt and processing of webhook data complies with applicable privacy laws
Not exposing webhook URLs or signing secrets in public repositories or client-side code

We log webhook delivery attempts, HTTP response codes, and retry history for troubleshooting. Webhook logs may be retained for a limited period consistent with Section 10.

14. API usage

API requests made with your credentials or API keys are attributed to your tenant account. We log request metadata (timestamps, endpoints, IP addresses, response codes) to enforce rate limits, detect abuse, and provide usage billing. You must not share API keys publicly and must rotate compromised keys promptly through your dashboard.

Automated access to the Service is subject to our Terms and Conditions and acceptable use rules. Excessive or abusive API usage may result in throttling or suspension to protect platform integrity.

15. Disclosure of information

We may disclose information:

To service providers and subprocessors who assist in operating the Service
To comply with applicable law, regulation, legal process, or enforceable governmental request
To protect the rights, property, or safety of Acticate, our users, or the public
In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations
With your consent or at your direction (e.g., when you connect an integration)

16. User rights

Depending on your location and applicable law (including the DPDP Act where you qualify as a Data Principal in India), you may have the right to:

Access personal data we hold about you
Request correction of inaccurate or incomplete data
Withdraw consent where processing is consent-based (without affecting prior lawful processing)
Request erasure or restriction of processing in certain circumstances
Nominate another individual to exercise rights on your behalf in the event of death or incapacity, as permitted by law
Grievance redressal through our designated contact (see Section 17)

To exercise these rights, contact us at privacy@actiwapi.com. We will respond within timelines required by applicable law (including, where applicable, reasonable periods under the DPDP Act). We may need to verify your identity before fulfilling requests.

If you process end-user data through the Service, you must provide your own privacy notice and mechanisms for end users to exercise their rights. We will assist you with reasonable technical measures where required by law and contractually feasible.

17. Data deletion requests

You may request deletion of your account and associated personal data by emailing privacy@actiwapi.com or using account deletion options in your dashboard where available. Upon verified request:

We will deactivate your account and initiate deletion of personal data from active systems within a reasonable period
Residual copies may persist in encrypted backups for a limited time before automatic purging
We may retain certain records where required for legal, tax, audit, or dispute-resolution purposes
Aggregated or de-identified data that cannot reasonably identify you may be retained

Deletion of your account does not automatically delete data held by third parties (including WhatsApp or your webhook endpoints). You are responsible for removing integrations and notifying your contacts as required by law.

18. Account termination

If you terminate your subscription or we suspend or terminate your account for breach of our Terms, we will handle your data in accordance with this Policy and our Cancellation Policy. After termination:

Access to the dashboard and API may be disabled immediately or at the end of the billing period
WhatsApp sessions linked to your account should be disconnected; you may need to unlink devices via WhatsApp directly
Data may enter a post-termination retention window (typically up to 30 days) before deletion, unless you request earlier deletion or we are required to retain data longer by law

Export your contacts, message logs, and billing records before termination if you require backups. We are not obligated to maintain data indefinitely after account closure.

19. International data transfers

Acticate Tech Pvt Ltd is incorporated in India. Our primary data processing infrastructure may be located in India or other jurisdictions where our cloud providers operate. If you access the Service from outside India, you understand that your information may be transferred to, stored in, and processed in countries that may have different data protection laws than your country of residence.

Where required, we implement appropriate safeguards for cross-border transfers, such as contractual clauses with subprocessors and security measures consistent with this Policy. By using the Service, you consent to such transfers to the extent permitted by applicable law.

20. Children's privacy

The Service is intended for businesses and individuals who are at least 18 years of age (or the age of majority in their jurisdiction, if higher). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us at privacy@actiwapi.com and we will take steps to delete such information promptly.

21. Grievance officer (India)

In accordance with applicable Indian law, you may contact our Grievance Officer for privacy-related complaints:

Entity: Acticate Tech Pvt Ltd
Email: privacy@actiwapi.com
Website: https://actiwapi.com

We will endeavour to resolve grievances within timelines prescribed under applicable regulations. If you are not satisfied with our response, you may have the right to escalate to the Data Protection Board of India or other competent authority as provided under the DPDP Act and related rules.

22. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service. When we make material changes, we will post the updated Policy on this page with a revised "Last updated" date and, where appropriate, notify you by email or through the dashboard.

Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the changes, to the extent permitted by law. If you do not agree with the updated Policy, you must stop using the Service and may request account deletion as described in Section 17.

23. Contact us

For questions about this Privacy Policy or our data practices, contact:

Acticate Tech Pvt Ltd (ActiWAPI)
Email: privacy@actiwapi.com | Support: support@actiwapi.com
Website: https://actiwapi.com

Questions? Contact us.