Privacy Policy

WhatsBizPro we are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices when you use our Chrome browser extension for WhatsApp Web.

Contact Information

• Company: WhatsBizPro
• Address: Priv. Bahía 9, Las Playas, 39390 Acapulco de Juárez, Guerrero, México
• Email: [INSERT PRIVACY EMAIL]
• Website: https://whatsbizpro.org/

Data Stored on Our Servers

User Account Information

• Personal Information: First name, last name, email address
• Account Data: Username, encrypted password, account preferences
• Subscription Information: Plan type, billing status, subscription dates
• Authentication Data: Login sessions, security tokens, password reset tokens

Payment & Subscription Information

• Stripe Customer Data: Customer ID, billing information, payment history
• Subscription Details: Plan type, billing cycle, subscription status, trial periods
• Payment Methods: Card fingerprints, last 4 digits, brand (processed by Stripe)
• Transaction Records: Payment attempts, successful payments, failed payments, refunds
• Billing History: Invoices, receipts, subscription changes, cancellations

AI Training Materials

• PDF Documents: Training materials, company policies, and guidelines you upload for AI customization
• AI Configuration Data: Communication style preferences, business context, and custom instructions
• Training Materials: Custom business guidelines and communication templates you create

AI Processing & Analytics Data

• AI Conversation Data: WhatsApp conversation context sent to Google Gemini API for analysis (immediately deleted after processing)
• AI Usage Statistics: Daily request counts, token usage, response times, request types
• AI Request Logs: Request history, success/failure status, error messages, performance metrics
• Document Processing Data: PDF content analysis, language detection, personality suggestions
• Chat Insights Queries: User questions about conversations (addresses, prices, times) processed temporarily

Scheduling & Automation Data:

• Contact Navigation Data:
• WhatsApp contact search and navigation actions performed by the extension
• Manual Send Prompts:
• Popup displays and user interactions for manual message sending
• Scheduling Execution Logs:
• Success/failure status of automated contact navigation and manual send prompts

Data Stored Locally on Your Device

• CRM Contact Information: Business contact details you manually enter
• Scheduled Messages: Message content and scheduling data
• Extension Settings: User preferences and configuration options
• Session Data: Temporary data for current browsing session

Data Processed Temporarily

• Conversation Content: WhatsApp conversation text sent to AI services for analysis (immediately deleted after processing)
• AI Requests: Real-time queries sent to Google Gemini API (not stored)
• Security & Analytics Data: Login attempts, user activity logs, session information, and security events for fraud prevention and service improvement

Security & Usage Analytics

We collect analytics data for security, fraud prevention, and service improvement:

• Security Monitoring: Login attempts, IP addresses, failed authentication events
• Usage Analytics: User activity logs (registration, login, feature usage, subscription events)
• Session Data: Extension sessions, browser information, interaction patterns
• Fraud Detection: Payment method fingerprints, IP risk analysis, subscription pattern monitoring
• Subscription Analytics: Plan changes, cancellation reasons, reactivation events
• Error Tracking: Technical errors, webhook processing, system performance metrics

We use your information for the following purposes:

Core Service Functions

• Providing AI-powered conversation analysis and suggestions
• Customizing AI responses based on your training materials
• Enabling message broadcasting and scheduling features
• Managing your CRM contact information locally

AI Processing & Enhancement

• Generating AI-powered responses based on your conversation context and personality settings
• Improving and completing your draft messages using AI assistance
• Analyzing uploaded PDF documents to create personalized AI communication guidelines
• Extracting business insights from conversations (addresses, prices, scheduling information)
• Detecting document language to provide appropriate AI responses
• Monitoring AI usage patterns to enforce daily limits and improve performance
• Tracking AI request success rates and response times for service optimization
• Automating contact navigation and providing manual send prompts for scheduled messages
• Tracking scheduling execution success rates to improve contact navigation reliability

Service Improvement

• Improving AI response accuracy and relevance
• Enhancing extension functionality and user experience
• Developing new features based on user needs
• Analyzing usage patterns and security events to optimize performance and prevent fraud
• Monitoring system health and identifying technical issues

Payment & Fraud Prevention

• Processing subscription payments and managing billing
• Detecting and preventing fraudulent payment activities
• Analyzing payment patterns for risk assessment
• Managing subscription lifecycle (upgrades, downgrades, cancellations)
• Collecting feedback on subscription cancellations for service improvement
• Sending payment confirmations, receipts, and billing notifications

Legal and Compliance

• Complying with applicable laws and regulations
• Responding to legal requests and preventing fraud
• Protecting our rights and the security of our service

We work with the following third-party services to provide our functionality:

Google Gemini AI Service

Chrome Web Store

• Purpose: Extension distribution and updates
• Data Shared: Extension installation and update data
• Privacy Policy: Google Privacy Policy

Stripe Payment Processing

Railway Hosting Services

• Purpose: Cloud hosting infrastructure for our servers and databases
• Data Shared: All server-stored data including user accounts, PDF documents, AI training materials
• Privacy Policy: Railway Privacy Policy

MySQL Database

• Purpose: Secure data storage for user accounts and AI training data
• Data Stored: User profile information, account credentials, PDF documents, AI personality settings, training materials
• Security: Encrypted database hosted on Railway infrastructure with secure access controls

Hostinger Domain & Email Services

• Purpose: Domain hosting and business email services
• Data Shared: Domain registration information, email communications
• Privacy Policy: Hostinger Privacy Policy

Storage Locations

• Server Storage: Secure MySQL databases hosted on Railway cloud infrastructure (user accounts, AI training data)
• Local Storage: Your device's browser storage (Chrome extension storage and localStorage)
• Temporary Processing: Google's servers for Gemini AI processing (immediately deleted)
• Payment Data: Processed and stored by Stripe (PCI DSS compliant)

Security Measures

• Encryption: Data encrypted in transit using TLS 1.2+ and at rest in MySQL database
• Access Control: Restricted access to authorized personnel only with secure authentication
• Infrastructure: Hosted on Railway's secure cloud infrastructure with regular security updates
• Payment Security: PCI DSS compliant payment processing through Stripe
• Data Minimization: We only collect and store data necessary for service functionality

Data Retention

• User Account Data: Retained while your account is active and for 30 days after account deletion
• AI Training Documents: Stored indefinitely until you delete them or request removal
• AI Usage Statistics: Retained for service analytics and usage limit enforcement (1 year)
• AI Request Logs: Retained for 90 days for debugging and service improvement
• Payment Records: Retained for 7 years as required by law and Stripe's policies
• Fraud Detection Data: Retained for security purposes and regulatory compliance
• Subscription History: Retained for billing and support purposes during active subscription plus 3 years
• Local Extension Data: Retained until you uninstall the extension or clear browser data
• AI Conversation Data: Processed temporarily via Google Gemini API and immediately deleted (not stored)

AI Usage Monitoring & Limits

We monitor AI usage to ensure fair access and service quality:

• Daily Request Limits: AI requests are limited based on your subscription tier
• Usage Tracking: We track request counts, types, and success rates per user
• Performance Monitoring: Response times and token usage are logged for service optimization
• Language Detection: Document language is detected to provide appropriate AI responses
• Content Analysis: PDF documents are analyzed to generate AI personality suggestions

Fraud Prevention & Risk Assessment

To protect our service and prevent fraudulent activities, we implement fraud detection measures:

• Risk Scoring: Automated analysis of payment patterns and user behavior
• IP Address Monitoring: Tracking IP addresses for suspicious subscription activity
• Payment Method Analysis: Fingerprinting payment methods to detect duplicate or suspicious cards
• Behavioral Analytics: Monitoring subscription patterns for anomalies
• Alert System: Automated alerts for high-risk transactions requiring manual review

Data Access & Management

• View Your Data: Access all locally stored data and account information through the extension interface
• Edit Training Materials: Modify or update AI training documents and settings
• Export Data: Download your account data, training materials, and settings in portable formats (JSON, PDF)
• Delete Data: Remove training documents, delete account data, and clear local data at any time

Data Portability & Export

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. We provide data export functionality for:

• Account Information: Profile data, settings, and preferences (JSON format)
• AI Training Materials: Uploaded documents and custom training data (original formats + JSON metadata)
• Configuration Data: AI personality settings and communication templates (JSON format)
• Usage History: Account activity and subscription information (CSV/JSON format)

Privacy Rights

• Right to Information: Request details about data we process
• Right to Correction: Request correction of inaccurate data
• Right to Deletion: Request deletion of your data from our servers
• Right to Portability: Request a copy of your data in a portable format (JSON/PDF export)
• Right to Object: Object to processing of your personal data

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [INSERT PRIVACY EMAIL]
• Response Time: We will respond within 30 days of receiving your request
• Verification: We may need to verify your identity before processing requests

Applicable Privacy Laws

We comply with applicable privacy laws and regulations, including:

GDPR (General Data Protection Regulation)

• Applies to: Users located in the European Union
• Legal Basis: Contract performance (providing services), Consent (AI training), Legitimate interest (service improvements)
• Data Protection Officer: Not required
• EU Representative: Not applicable

CCPA (California Consumer Privacy Act)

• Applies to: California residents
• Categories of Data: Personal identifiers, commercial information, internet activity
• Sale of Data: We do not sell personal information
• Third-Party Sharing: Limited to service providers (Google Gemini API)

Mexican Privacy Laws (LFPDPPP)

• Applies to: Our operations in Mexico and Mexican users
• Compliance: Privacy notice provided (this document), user consent mechanisms implemented for data collection, data subject rights procedures established
• INAI Registration: Not required for our scale of data processing operations

Age Restrictions

International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including:

• United States (Google Gemini): AI conversation analysis, response generation, document processing, and chat insights (data processed temporarily and immediately deleted)
• United States (Stripe): Payment processing for subscription billing
• United States (Railway): Cloud hosting infrastructure where our servers and MySQL databases are located

We ensure appropriate safeguards are in place for such transfers through:

• Service agreements with providers that include data protection commitments
• Industry-standard encryption for data in transit and at rest
• Compliance with applicable data transfer regulations (GDPR adequacy decisions, standard contractual clauses)
• Regular security assessments of our third-party providers

Contact Information

Mailing Address

Policy Updates

We may update this Privacy Policy from time to time. When we make changes:

• The updated policy will be posted with a new "Last Updated" date
• Significant changes will be communicated through extension notifications
• Updates will be available on our website and through the extension
• Your continued use constitutes acceptance of the updated policy

Privacy Complaints

If you have privacy concerns that we haven't addressed satisfactorily, you may also contact:

• EU Users: Your local data protection authority
• California Residents: California Attorney General's Office
• Mexican Users: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)