Privacy Policy

Last Updated: August 17, 2025

1. Introduction

Welcome to Mahadata ("we," "us," or "our"). We provide a communication platform as a service ("CPaaS") that enables businesses ("Clients") to communicate with their end-users ("End Users") via various channels, including but not limited to the WhatsApp Business Platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Portal, Back-Office, APIs, and related services (collectively, the "Services"). It also describes your privacy rights and how the law protects you.

2. The Data We Handle: Our Role as a Data Processor

It is critical to understand our role. Our Clients are the Data Controllers. They determine the purpose and means of processing personal data of their End Users. Mahadata acts as a Data Processor on behalf of our Clients. We only process data as instructed by our Clients through their use of our Services.

This policy covers two types of data:

• Client Data: Information we collect from our Clients when they register for and use our Services (e.g., your name, email, company details).
• End User Data: Information that our Clients transmit through our Services when communicating with their End Users (e.g., phone numbers, message content).

3. Information We Collect

3.1 Client Data

When you register for a Mahadata account, we collect information necessary to provide and manage your account, including:

• Account Information: Your name, company name, email address, and password.
• Billing Information: Payment details, billing address, and transaction history.
• Business Verification Information: Legal business name, address, and website, as required for channel provider (e.g., Meta) verification.
• Technical Information: IP address, browser type, and usage data when you interact with our Portal.

3.2 End User Data

As a Data Processor, we handle the data our Clients send through our platform. This may include:

• Contact Information: Phone numbers of End Users.
• Message Content: The text, media, and content of messages sent to and received from End Users.
• Metadata: Timestamps, message IDs, delivery statuses (`sent`, `delivered`, `read`), and channel information.

We do not own or control End User Data. Our Clients are solely responsible for ensuring they have the necessary legal basis (e.g., consent) to communicate with their End Users.

4. How We Use Your Information

4.1 Use of Client Data

• To provide, operate, and maintain our Services.
• To process transactions and manage your subscription.
• To manage your account and provide customer support.
• To comply with legal obligations, including business verification processes required by partners like Meta.
• To send you important service updates, security alerts, and administrative messages.

4.2 Use of End User Data

Our use of End User Data is strictly limited to what is necessary to provide the Services to our Clients, as directed by them. This includes:

• To reliably transmit messages to and from the specified channel providers (e.g., Meta).
• To process delivery status updates.
• To display message history and analytics within the Client's Portal.
• To troubleshoot delivery issues.

We will never use End User Data for our own marketing purposes, nor will we sell it to third parties.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information under the following limited circumstances:

• With Channel Providers: We must share End User Data with underlying channel providers like Meta in order to transmit the messages as instructed by our Client.
• With Service Providers: We may share information with third-party vendors who perform services for us (e.g., payment processing, infrastructure hosting).
• For Legal Compliance: We may disclose information if required to do so by law or in response to valid requests by public authorities.

6. Data Security

We implement administrative, technical, and physical security measures designed to protect your information. This includes encryption in transit (TLS), encryption at rest, and strict access controls within our organization. While we have taken reasonable steps to secure the information you provide to us, please be aware that no security measures are perfect or impenetrable.

7. Data Retention

We will retain Client Data for as long as your account is active or as needed to provide you with Services and comply with our legal obligations. We retain End User Data on behalf of our Clients according to the terms of our agreement with them.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal data. Please contact us to exercise your rights regarding your Client Data.

If you are an End User, please contact the business (our Client) that you are communicating with, as they are the Data Controller.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@mahadata.io.