Privacy Policy

Last updated: April 19, 2026

1Information We Collect

  • Account Info — Username, email address, and an encrypted password stored using industry-standard hashing.
  • Facebook / Meta Data — WhatsApp Business Account (WABA) credentials and related Meta permissions required to operate the messaging service.
  • Usage Data — Campaign history, message logs, delivery statuses, and platform interaction data to support your account.
  • Payment Data — Razorpay transaction IDs and order references. We do not store credit card or debit card numbers on our servers.

2How We Use Your Information

  • Provide and maintain the ChatBlast platform and all associated features.
  • Send WhatsApp messages on your behalf through Meta's official Cloud API.
  • Process subscription payments and generate invoices via Razorpay.
  • Send transactional emails such as OTPs, account alerts, and billing receipts.
  • Analyse aggregated usage patterns to improve platform performance, reliability, and user experience.

3Data Sharing & Third Parties

We work with a small set of trusted third-party providers strictly necessary to operate ChatBlast. Data shared with them is limited to what is required for their specific function:

  • Meta (Facebook) — Message delivery via the WhatsApp Business Cloud API.
  • Razorpay — Secure payment processing and subscription management.
  • Brevo — Transactional email delivery (OTPs, notifications, billing emails).
  • Aiven — Managed cloud database infrastructure for secure data storage.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4Data Security

We implement multiple layers of security controls to safeguard your data:

  • All data in transit is encrypted using HTTPS / TLS.
  • User passwords are hashed with Bcrypt — plain-text passwords are never stored.
  • Incoming webhooks from Meta are verified using HMAC-SHA256 signatures.
  • All state-changing API endpoints are protected with CSRF tokens.
  • Database queries are scoped with tenant-isolated filters, ensuring your data is never accessible to other accounts.

5Data Retention & Deletion Rights

We retain your data only as long as necessary to provide the service or as required by applicable law. You may request deletion of your data through the following channels:

  • In-App Deletion — Navigate to Billing → Danger Zone and initiate account deletion. Your data is removed instantly upon confirmation.
  • Meta Automated Deletion — Removing ChatBlast from your Facebook App triggers an automated data-deletion callback from Meta, which we honour immediately.
  • Manual Request — Email us at admin@chatblast.in. Requests are fulfilled within 30 days.

Upon deletion all personal data, campaign history, message logs, and associated records are permanently and irreversibly removed from our systems.

6Your Rights

  • Access — Request a copy of the personal data we hold about you at any time.
  • Correction — Ask us to correct inaccurate or incomplete personal data.
  • Deletion — Request erasure of your personal data (subject to legal retention obligations).
  • Portability — Request your data in a structured, machine-readable format where technically feasible.

7Contact Us

For privacy questions, data requests, or concerns about how we handle your information, please contact us at admin@chatblast.in. We aim to respond to all inquiries within 5 business days.