Privacy Policy - GlobalMessage.cc

# PRIVACY POLICY
**Last Updated:** [Date]
**Company:** GlobalMessage.cc

## 1. Overview
GlobalMessage.cc ("we", "our", "us") respects your privacy. This policy describes how we handle data when you (the Business Client) use our WhatsApp Business tools. We act as a **Processor** on your behalf regarding your customer data, and as a **Controller** regarding your business account information.

## 2. Information We Collect

### 2.1 Business Account Data (Controller Role)
- **Registration Info:** Business name, email, billing address, VAT ID, phone number.
- **Payment Data:** Processed via [Stripe/PayPal/Third-party]; we do not store full credit card numbers.
- **Usage Logs:** IP addresses, browser type, API call timestamps (retained for 12 months for security).

### 2.2 Customer/End-User Data (Processor Role – Limited)
Because we provide the *tool* (not the account), **we do not store** the full message history or contact lists on our servers by default unless required for a specific feature (e.g., broadcast scheduling). If message content is temporarily cached for delivery:
- It is encrypted in transit (TLS 1.3).
- It is automatically deleted from our temp logs within 7 days or after successful delivery.
- **We do not read, mine, or sell your customer messages.**

*Note: The actual message history, contacts, and media reside on Meta/WhatsApp’s servers. You must direct privacy inquiries regarding your customers to Meta’s Privacy Policy.*

## 3. How We Use Data
- To provide the WhatsApp tool (routing messages, managing templates).
- To invoice and support your business account.
- To detect abuse or violations of our ToS (e.g., rate limiting, spam detection – but not content scanning).

## 4. No Liability for Business’s Privacy Compliance
You, the Business, are solely responsible for:
- Posting your own Privacy Policy to your customers.
- Obtaining opt-in consent from your customers before messaging them via WhatsApp.
- Responding to data subject requests (e.g., deletion, access) from your customers.
- GlobalMessage.cc acts only as a neutral pipeline. We assume no liability for your failure to comply with GDPR, CCPA, or LGPD regarding your customers’ data.

## 5. Data Sharing & Third Parties
We do not sell your data or your customers' data. We share data only:
- With **Meta/WhatsApp** (via their API) to deliver messages—subject to Meta’s terms.
- With **Legal Authorities** if required by court order.
- With **Sub-processors** (hosting providers like AWS/Azure) who are contractually bound to keep data confidential.

## 6. Data Retention
- Business account records: Retained for 3 years after account closure (for tax/audit purposes).
- Customer message metadata (not content): Retained for 30 days for debugging.
- You may request deletion of your business data by emailing [Privacy Email], subject to legal hold obligations.

## 7. Security
We use industry-standard encryption (AES-256 at rest, TLS 1.3 in transit). However, no method of transmission over the Internet is 100% secure. You are responsible for securing your own API keys and device access.

## 8. International Users
Our servers are located in [e.g., Germany / USA / EU]. If you access the Service from outside that region, you consent to the transfer of your business data to that jurisdiction.

## 9. Children
The Service is not for persons under 16 (or applicable age in your jurisdiction). We do not knowingly process data of minors.

## 10. Changes to This Policy
We will notify you via email or dashboard notice of material changes. Continued use after 30 days constitutes acceptance.

## 11. Contact Privacy Officer
For data protection requests (only regarding GlobalMessage.cc’s handling of *your* business data):
- Email: [Insert Privacy Email]
- Mail: [Insert Physical Address]