This Privacy Policy describes how HaaSystems LLC ("we", "us", or "our") collects, uses, and protects information in connection with HaaConnect, a WhatsApp Business API platform operated by HaaSystems LLC. HaaConnect is available at haaconnect.com.
By using HaaConnect, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.
1. Who We Are
HaaConnect is a product of HaaSystems LLC, a company registered in the United States. HaaConnect provides infrastructure that allows SaaS companies ("Applications") to enable their own clients ("Tenants") to send and receive WhatsApp Business messages via Meta's WhatsApp Cloud API.
For privacy-related inquiries, contact us at: support@haaconnect.com
2. Information We Collect
2.1 Information from Applications (SaaS Partners)
- Business name, contact email, and company information provided during registration
- API usage data — endpoints called, message volumes, error rates
- Webhook URLs and configuration settings
2.2 Information from Tenants (via Embedded Signup)
- WhatsApp Business Account (WABA) ID and phone number ID — obtained via Meta's Embedded Signup OAuth flow
- Business display name and phone number
- Meta access tokens (stored encrypted using AES-256-GCM)
2.3 Message Data
- Message content, recipient phone numbers, message type, and delivery status are logged for audit and troubleshooting purposes
- Incoming messages received via WhatsApp webhook are forwarded to the Application's configured webhook URL and logged
- Message logs are retained for 90 days by default
2.4 Technical Data
- IP addresses, request timestamps, HTTP headers for security and abuse prevention
- Application error logs and performance metrics
3. How We Use Information
- To provide and operate the HaaConnect platform and API services
- To route WhatsApp messages through Meta's Cloud API on behalf of Tenants
- To process and forward webhook events to Applications
- To detect and prevent fraud, abuse, or policy violations
- To respond to support requests and legal inquiries
- To comply with Meta's WhatsApp Business Platform policies and applicable laws
4. Meta / WhatsApp Data
HaaConnect integrates with Meta's WhatsApp Business Platform. When Tenants connect their WhatsApp Business Account via our Embedded Signup flow, we receive and store:
- OAuth access tokens (encrypted at rest)
- WhatsApp Business Account IDs and Phone Number IDs
We use this data solely to send and receive WhatsApp messages on behalf of the Tenant, as authorized through the Embedded Signup process. We do not sell or share Meta user data with third parties except as required to deliver the service (e.g., forwarding messages to Meta's API).
Use of WhatsApp data is governed by Meta's Platform Terms and WhatsApp Business Policy.
5. Data Sharing
We do not sell personal data. We may share data with:
- Meta Platforms, Inc. — to deliver WhatsApp messages via the Cloud API
- Microsoft Azure — our cloud infrastructure provider (data processed in Azure data centers)
- Applications (SaaS Partners) — message logs and delivery status for messages sent on their behalf
- Law enforcement — if required by applicable law, court order, or governmental authority
6. Data Security
We implement industry-standard security measures including:
- AES-256-GCM encryption for stored access tokens
- Encryption keys managed via Azure Key Vault
- All data in transit encrypted via TLS 1.2+
- API authentication via API keys with role-based access
- Regular security reviews
7. Data Retention
- Message logs: 90 days
- Account data: Retained while the account is active, deleted within 30 days of account termination upon request
- Encrypted access tokens: Deleted upon tenant disconnection or account termination
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict processing of your data
- Data portability
To exercise these rights, contact us at support@haaconnect.com.
9. Data Deletion Instructions
To request deletion of your data from HaaConnect:
- Send an email to support@haaconnect.com with the subject line "Data Deletion Request"
- Include the business name and email address associated with your account
- We will process your request within 30 days and confirm deletion by email
Upon deletion, we will remove all personally identifiable information, message logs, and access tokens associated with your account. Anonymized aggregate data may be retained for operational purposes.
10. Cookies
The HaaConnect website (haaconnect.com) uses minimal cookies for essential functionality only. We do not use tracking or advertising cookies. The HaaConnect API does not use cookies.
11. Children's Privacy
HaaConnect is a B2B platform intended for business use only. We do not knowingly collect data from individuals under 18 years of age.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered Applications of material changes via email. Continued use of HaaConnect after changes constitutes acceptance of the updated policy.
13. Contact
For privacy questions, data requests, or concerns: