Privacy Policy

Privacy Policy


Last Updated: [Date, 2026]

1. Introduction

Welcome to KretaNote. We provide a WhatsApp-based CRM platform ("Service") designed to help businesses manage customer interactions. This policy explains how we collect, use, and protect data when you use our site and our integration with the WhatsApp Business API.

2. Information We Collect

As a SaaS provider, we collect two types of data:

  1. Account Data: Information you provide when creating an account (Name, Email, Company Name, Billing details).
  2. Integration Data: When you use WhatsApp Embedded Signup, we collect your WhatsApp Business Account (WABA) ID, Phone Number ID, and Access Tokens to facilitate the connection between your account and Meta.
  3. Customer Data (Service Data): We process messages, contact names, and phone numbers sent through your WhatsApp instance. You (the Client) are the Data Controller for this data; we are the Data Processor.

3. How We Use Your Information

We use the collected data to:

  1. Provision and maintain your CRM dashboard.
  2. Facilitate the sending and receiving of messages via Meta’s Cloud API.
  3. Process billing and subscription payments.
  4. Provide automated "Health Checks" on your WhatsApp connection status.

4. WhatsApp & Meta Specific Disclosures

Your use of this Service involves the WhatsApp Business API.

  1. End-to-End Encryption: While WhatsApp encrypts messages in transit, once they reach our platform for display in your CRM, they are stored on our secure servers to provide you with chat history and analytics.
  2. Data Sharing with Meta: By connecting your WABA, certain data is shared with Meta Platforms, Inc. to facilitate message delivery. Please refer to the Meta Business Terms for their data handling practices.
  3. No Third-Party Selling: We do not sell your customer’s phone numbers or message content to third-party advertisers.

5. Data Retention & Deletion

  1. Account Data: Retained as long as your subscription is active.
  2. Message Logs: We retain message logs for [e.g., 6 months] unless a different retention period is configured in your settings.
  3. Account Termination: Upon account deletion, all Access Tokens are immediately revoked, and your data is purged from our active databases within [e.g., 30 days].

6. Security Measures

We implement enterprise-grade security to protect your CRM:

  1. Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  2. Token Security: WhatsApp Access Tokens are stored in an encrypted format and are never exposed in the frontend UI.
  3. Multi-tenancy Isolation: Our database architecture ensures your data is strictly isolated from other tenants.

7. User Rights (GDPR / CCPA / DPDPA)

Depending on your location, you and your customers may have the right to:

  1. Access the personal data we hold.
  2. Request the correction or deletion of data.
  3. Opt-out of automated processing.
  4. Withdraw Consent: Users can disconnect their WhatsApp number at any time via the dashboard.

8. Third-Party Services

We use the following sub-processors to run our Service:

  1. Infrastructure: [e.g., AWS / DigitalOcean / Google Cloud]
  2. Payments: [e.g., Stripe / PayPal]
  3. Communication: Meta (WhatsApp Business API)

9. Contact Us

For any privacy-related inquiries, please contact: PiCode Email: contact@picode.in Address: Pragati IT World, 817, Yogi Chowk Rd, opp. Maha laxmi soc, Yogi Chowk Ground, Chikuwadi, Nana Varachha, Surat, Gujarat 395010