Last Updated: 11 March 2026
Effective Date: 11 March 2026
1. Introduction
Welcome to Wabot (“we,” “our,” or “us”), a WhatsApp automation and AI-powered messaging platform operated by Team Fames Sdn Bhd (“Company”).
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our services, including:
- The Wabot web application and dashboard (available at https://app.wabot.my and https://app.wabot.io)
- Our WhatsApp automation and bulk messaging tools
- Our AI chatbot and knowledge base features
- Our embeddable AI chat widget
- Our Telegram integration
- Any related mobile applications, APIs, or services (collectively, the “Service”)
By accessing or using Wabot, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.
2. Who This Policy Applies To
This policy applies to:
- Registered users (individuals and businesses who create a Wabot account)
- End users (contacts and customers whose phone numbers or messages are processed through Wabot on behalf of our registered users)
- Visitors to our website
Note for End Users: If you have received a WhatsApp or Telegram message sent via Wabot, your data is processed by one of our business customers. You should also review that business’s privacy policy for information specific to their data practices.
3. Information We Collect
3.1 Account and Registration Information
When you register for a Wabot account, we collect:
- Full name
- Username
- Email address
- Phone number
- Password (stored in hashed/encrypted form — we never store plain-text passwords)
- Timezone preference
- Profile avatar/image
- Referral or URL parameters used during sign-up
- IP address at the time of registration
3.2 WhatsApp and Messaging Data
When you connect a WhatsApp account or use our messaging features, we process:
- WhatsApp phone numbers and account identifiers
- Contact names and phone numbers in your contact lists
- Message content (text, images, audio, video, documents) sent and received through the platform
- Message delivery and read status
- WhatsApp group names, descriptions, and participant lists
- WhatsApp profile names and profile pictures of contacts
- Message templates and bulk campaign content
We process this data on behalf of our users (as a data processor) in connection with the Meta WhatsApp Business Platform. All use of WhatsApp data is subject to Meta’s Platform Terms and WhatsApp Business Policy.
3.3 Telegram Messaging Data
When you connect a Telegram account or use our Telegram integration, we process:
- Telegram chat IDs and account identifiers
- Message content sent and received via Telegram
- Bot interaction data
3.4 AI Chatbot and Knowledge Base Data
When you use our AI features (AI Playground, chatbot automation, or knowledge base features), we process:
- Documents, files, and URLs you upload to the knowledge base (PDFs, Word files, images, spreadsheets, etc.)
- Website content scanned during knowledge base setup
- Chat conversation history between your AI chatbot and end users
- AI-generated responses and queries
- Search indexes derived from your knowledge base content
- AI usage information (such as request counts and estimated usage costs)
- Feedback submitted on AI responses
This data is stored in secure databases and cloud systems, and may be transmitted to third-party AI service providers (see Section 6).
3.5 Payment and Billing Information
When you subscribe to a paid plan, we collect:
- Subscription plan details
- Transaction IDs and payment amounts
- Payment history records
We do not store full credit card numbers or raw payment credentials. Payment processing is handled by our third-party payment processors.
3.6 Media and Uploaded Files
Files you upload or that are transmitted through the Service, including:
- Images, audio files, video files, and documents shared via WhatsApp or uploaded to the knowledge base
- Media files are stored with cloud storage providers and processed on our systems where necessary
3.7 Usage and Technical Data
We automatically collect certain technical data when you use the Service:
- IP address
- Browser type and version
- Operating system
- Pages visited, features used, and actions taken within the dashboard
- Login timestamps and session data
- Error logs and diagnostic information
- Device identifiers
3.8 Google Integration Data
If you connect a Google account for integrations (e.g., Google Sheets), we may access:
- Google account email address and profile information (with your consent)
- Google Sheets content you authorize for use with automated messaging
- OAuth tokens (stored securely and used only for authorized integrations)
3.9 Location Data
We may collect approximate geographic location derived from IP addresses for account security, fraud prevention, and analytics purposes. We do not collect precise GPS location.
4. How We Use Your Information
We use your information to:
| Purpose | Data Used |
|---|---|
| Provide and operate the Service | Account data, messaging data, AI data |
| Authenticate and secure your account | Email, password hash, IP, session data |
| Send WhatsApp and Telegram messages on your behalf | Phone numbers, message content, templates |
| Power AI chatbot and knowledge base features | Uploaded documents, conversation history, AI queries |
| Process payments and manage subscriptions | Payment data, plan details |
| Store and deliver media files | Uploaded files |
| Provide customer support | Account data, communication history |
| Send service notifications and updates | Email, push notifications |
| Monitor platform performance and prevent abuse | Usage data, IP, logs |
| Comply with legal obligations | Any data as required by law |
| Improve and develop the Service | Aggregated, anonymized usage analytics |
We do not sell your personal information to third parties.
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, we process your personal data on the following legal bases:
- Contractual necessity — to provide the Service you have subscribed to
- Legitimate interests — to operate, secure, and improve our platform; to prevent fraud and abuse
- Consent — for social logins, optional integrations (e.g., Google Sheets), and marketing communications (where required)
- Legal obligation — to comply with applicable laws and regulations
6. Third-Party Services and Data Sharing
We may share or transmit certain data to the third-party services and providers below. Each provider has its own privacy policy governing its use of your data.
6.1 Meta / WhatsApp Business Platform
Wabot integrates with the Meta WhatsApp Business API (including official cloud connections and other supported connection methods) to send and receive WhatsApp messages on your behalf.
- Message content and contact data are transmitted to and from Meta’s infrastructure.
- Your use of WhatsApp through Wabot is subject to Meta’s Terms of Service, WhatsApp Business Policy, and Meta’s Privacy Policy.
- Meta Privacy Policy: https://www.facebook.com/privacy/policy/
- WhatsApp Business Policy: https://www.whatsapp.com/legal/business-policy/
6.2 Google
We use Google services for:
- Google reCAPTCHA — to protect our registration and login forms from automated abuse. reCAPTCHA collects hardware and software information and sends it to Google for analysis.
- Google Sheets Integration — to read data from your authorized spreadsheets for automated messaging workflows
- Google OAuth — for social login authentication (when enabled)
Google Privacy Policy: https://policies.google.com/privacy
6.3 Push Notification Providers
We use push notification providers (including Google services) to:
- Send notifications to registered users and end users (where applicable)
- Deliver notification messages through secure server-side integrations
6.4 AI Service Providers
When you use our AI chatbot or knowledge base features, queries and related context may be transmitted to third-party AI service providers for processing.
- Your data is handled under the terms and privacy policies of the AI provider used for your request.
- If you connect your own API keys (“BYOK” — Bring Your Own Key), your data is transmitted directly to the provider you choose.
6.5 Cloud Storage Providers
Media files uploaded to or transmitted through Wabot (images, audio, video, documents) may be stored with third-party cloud storage providers.
6.6 Telegram
If you enable the Telegram integration, messages and chat data are transmitted to and from Telegram’s infrastructure.
Telegram Privacy Policy: https://telegram.org/privacy
6.7 Infrastructure and Hosting Providers
We use the following infrastructure services which may process your data:
- Managed databases and data stores — to securely store account, messaging, and application data
- Caching and queue services — to support sessions, message flow, and platform performance
- Search and indexing services — to support AI knowledge base retrieval features
- Hosting providers — our servers may run on third-party cloud or data center infrastructure
6.8 Other Disclosures
We may also share your data:
- With your consent — when you explicitly authorize a specific integration or sharing
- For legal compliance — to comply with a court order, subpoena, or applicable law
- For safety and fraud prevention — to protect the rights, property, or safety of Wabot, our users, or others
- In a business transfer — in connection with a merger, acquisition, or sale of assets (you will be notified)
- With service providers acting on our behalf under data processing agreements
7. Data Retention
We retain your data for as long as necessary to provide the Service and as required by law:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of your account, plus up to 90 days after deletion |
| WhatsApp message logs | As configured by you in your account settings |
| AI conversation history | Duration of your account; deletable by you at any time |
| Knowledge base documents | Until you delete them; removed upon account termination |
| Payment records | As required by financial and tax regulations (typically 7 years) |
| System logs and diagnostic data | Up to 90 days |
| Backups | Up to 30 days after deletion |
You may request deletion of your account and associated data at any time by contacting us at [CONTACT_EMAIL].
8. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption in transit — all data transmitted between your browser and our servers uses TLS/HTTPS encryption
- Password hashing — passwords are stored using strong one-way cryptographic hashing (never stored in plain text)
- Session management — secure session tokens with expiry and multi-session support
- Access controls — data is isolated by team and account; users can only access their own data
- API authentication — all API endpoints are protected by authentication tokens
- Infrastructure security — servers are maintained with regular security updates
Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
If you believe your account has been compromised, please contact us immediately at [email protected].
9. Your Privacy Rights
Depending on your location, you may have the following rights:
9.1 GDPR Rights (EEA / UK users)
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data (“right to be forgotten”)
- Right to restriction — request that we restrict processing of your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — where processing is based on consent, you may withdraw at any time
9.2 CCPA Rights (California, USA users)
California residents have the right to:
- Know what personal information is collected about them
- Know whether and to whom their personal information is disclosed or sold
- Opt out of the sale of personal information (we do not sell personal information)
- Request deletion of their personal information
- Not be discriminated against for exercising their privacy rights
9.3 PDPA Rights (Malaysia users)
Users in Malaysia have rights under the Personal Data Protection Act 2010 (PDPA), including the right to access and correct personal data held about them.
9.4 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: [email protected]
WhatsApp: +60125153307
We will respond to your request within 30 days. We may need to verify your identity before processing your request.
10. Cookies and Tracking Technologies
We use the following technologies to enhance your experience:
| Technology | Purpose |
|---|---|
| Session cookies | Maintain your logged-in state |
| Persistent cookies (optional “Remember Me”) | Keep you logged in for up to 30 days |
| Google reCAPTCHA | Fraud and bot prevention on forms |
| Server-side logging | Security monitoring and diagnostics |
We do not use third-party advertising cookies or behavioral tracking cookies on our platform.
You can control cookies through your browser settings. Disabling session cookies will prevent you from logging in.
11. Children’s Privacy
Wabot is a business-to-business (B2B) platform intended for use by businesses and individuals who are at least 18 years of age (or the age of majority in their jurisdiction).
We do not knowingly collect personal information from children under the age of 13 (or under 16 in the EEA). Our Service is not directed to children.
If you are a parent or guardian and believe that a child has provided us with personal information, please contact us immediately at [CONTACT_EMAIL] and we will take steps to delete such information.
12. International Data Transfers
Wabot operates servers and infrastructure that may be located in various countries. If you are located outside of these countries, your data may be transferred to and processed in a country that may have different data protection laws than your own jurisdiction.
We take appropriate safeguards to ensure that such transfers comply with applicable data protection laws, including:
- Using service providers that participate in recognized data transfer frameworks
- Implementing contractual protections for cross-border data transfers
By using the Service, you consent to the transfer of your information to our facilities and to those third parties with whom we share it as described in this policy.
13. Meta Platform Compliance
Wabot uses the Meta WhatsApp Business Platform to deliver messaging services. In connection with this integration:
Data Use: We use WhatsApp data exclusively to provide the messaging and automation services you have requested. We do not use WhatsApp user data for purposes unrelated to the services or for advertising targeting.
Data Minimization: We only request and store WhatsApp data that is necessary to operate the features you have enabled.
User Consent: Our business customers are responsible for ensuring they have obtained appropriate consent from their WhatsApp contacts before sending marketing or automated messages through Wabot, as required by WhatsApp’s Business Policy and applicable laws.
No Unauthorized Sharing: We do not share WhatsApp message content or contact data with third parties except as described in Section 6 and as necessary to provide the Service.
Compliance with Meta Policies: Our platform complies with:
– Meta Platform Terms: https://developers.facebook.com/terms/
– WhatsApp Business Policy: https://www.whatsapp.com/legal/business-policy/
– Meta’s Data Use Policy
14. Google Play Store and Google Ads Compliance
For users accessing Wabot through Android applications or web applications served through Google platforms:
- We comply with Google Play Developer Program Policies and Google’s User Data Policy
- We use data collected through Google services only for the purposes described in this Privacy Policy
- We do not use personal data collected from users to serve personalized ads through Google without appropriate consent
- We comply with Google’s Sensitive and Restricted Permissions requirements and only request permissions necessary for the features you use
- Our use of Google reCAPTCHA is governed by Google’s Terms of Service and Privacy Policy
For inquiries related to Google Play data safety disclosures, contact us at [CONTACT_EMAIL].
15. Apple App Store Compliance
For users accessing Wabot through iOS applications:
- We comply with Apple’s App Store Review Guidelines and Apple’s Privacy Policy Requirements
- We provide accurate data type disclosures for all App Store submissions
- We do not collect data beyond what is disclosed in this Privacy Policy
- We support Apple’s App Tracking Transparency (ATT) framework where applicable
- Users may request deletion of their account and data as described in Section 9
Data Types Used by Wabot (App Store Disclosure):
| Data Category | Collected | Linked to Identity | Used for Tracking |
|---|---|---|---|
| Contact Info (name, email, phone) | Yes | Yes | No |
| User Content (messages, files) | Yes | Yes | No |
| Identifiers (user ID) | Yes | Yes | No |
| Usage Data | Yes | No | No |
| Diagnostics | Yes | No | No |
16. Automated Decision-Making
Wabot does not use your personal data to make automated decisions that produce legal effects or similarly significant effects on you without human involvement.
Our AI chatbot features use automation to generate responses based on your knowledge base content, but these responses are always delivered under your configuration and control as the Wabot user. End users may always contact a human by reaching out to the business directly.
17. Third-Party Links
Our Service may contain links to third-party websites or services (e.g., WhatsApp, Telegram, Google). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before interacting with their services.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page
- Notify registered users via email or an in-app notification
- For significant changes, we may ask for your renewed consent
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Company Name: Team Fames Sdn Bhd
Email: [email protected]
Website: https://wabot.my
Mailing Address: 1-2, Jalan Puteri 2A/8, Bandar Puteri Bangi, 43000 Kajang, Selangor
For data protection inquiries specific to GDPR, you may also contact our Data Protection Officer (DPO) at:
DPO Email: [email protected]
We are committed to resolving privacy-related complaints. If you are not satisfied with our response, you have the right to lodge a complaint with:
- Your local data protection authority (for EEA/UK users)
- The Federal Trade Commission (FTC) (for US users)
- The Department of Personal Data Protection (JPDP) (for Malaysian users)
This Privacy Policy was last reviewed on 11th March 2026 and covers all Wabot services and features currently in operation.
