Privacy Policy
Last updated: June 2026
1. Introduction
Hayaa Whats respects your privacy. This policy explains what data we collect, how we use it, and the rights you have. It is written with the EU GDPR and the Saudi Personal Data Protection Law (PDPL) in mind.
2. Data we collect
We collect account data (name, email, organization), the contact and message data you upload or exchange through WhatsApp, usage and device information, and billing details processed by our payment provider.
3. How we use your data
We use data to provide and improve the Service, send transactional notifications, process payments, deliver support, and ensure security and compliance. We do not sell your personal data.
4. Legal basis (GDPR)
Where GDPR applies, we process data on the basis of contract performance (providing the Service), legitimate interests (security and product improvement), consent (marketing cookies), and legal obligation.
5. Data sharing & sub-processors
We share data with trusted sub-processors strictly to operate the Service: Meta/WhatsApp (message delivery), Stripe (payments), Amazon Web Services (hosting and email), and privacy-aware analytics providers. Each is bound by data-protection obligations.
6. International data transfers
Some sub-processors may process data outside your country. Where required, such transfers are protected by appropriate safeguards, such as standard contractual clauses.
7. Data retention
We retain personal data for as long as your account is active and as needed to provide the Service and meet legal obligations. After account closure, data is deleted or anonymized within a reasonable period.
8. Your rights
You have the right to access, correct, delete, and port your personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the details below.
9. PDPL specifics (Saudi users)
For users in the Kingdom of Saudi Arabia, we handle personal data in line with the PDPL, including honoring data-subject rights, applying purpose limitation, and notifying the competent authority and affected individuals of qualifying breaches without undue delay.
10. Cookies & tracking
Our marketing site uses cookies for analytics and advertising measurement, loaded through a consent-gated tag manager. Non-essential cookies fire only after you accept. You can change your choice at any time by clearing your browser storage.
11. Security measures
We apply encryption for sensitive credentials, access controls, network isolation, and regular monitoring. No system is perfectly secure, but we work continuously to protect your data.
12. Children’s privacy
The Service is intended for businesses and is not directed to children under 18. We do not knowingly collect personal data from children.
13. Contact & Data Protection Officer
For privacy questions or to exercise your rights, contact our Data Protection Officer at support@hayyawhats.com.
14. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the “last updated” date. Material changes may also be communicated by email.