Privacy Policy

Last updated: March 1, 2026

This Privacy Policy describes how Yapper ("Company", "we", "us", or "our") collects, uses, stores, and protects personal information when you use the Yapper platform, dashboard, and related services (the "Service"). This policy applies to Account Owners, their authorized users, and the end users who interact with the Service through WhatsApp.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, and organization details when you register or are invited to the platform.
• Business configuration: prompts, AI instructions, examples, and settings you configure in the dashboard.
• Payment information: billing details processed through our merchant of record, Paddle.com. Paddle collects your name, email, billing address, and payment method during checkout. We do not store full payment card numbers.
• Support communications: messages you send to our support team.

1.2 Information Collected Automatically

• Usage data: pages visited, features used, timestamps, and interaction patterns within the dashboard.
• Device and browser information: IP address, browser type, operating system, and device identifiers.
• Cookies: we use essential cookies for authentication and session management. See Section 8 for details.

1.3 End-User Conversation Data

When your end users send messages through WhatsApp, we process the following on your behalf:

• Phone numbers and WhatsApp profile names.
• Message content (text, media references).
• Conversation history and message timestamps.
• Client profiles generated from conversations (e.g., language preference, name).

This data is processed solely to provide the Service to you. As the Account Owner, you are the data controller for your end users' personal data, and we act as your data processor.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Generate AI-powered replies on behalf of Account Owners.
• Authenticate users and manage account access.
• Process payments and manage subscriptions.
• Provide customer support and respond to inquiries.
• Monitor and improve the performance, security, and reliability of the Service.
• Comply with legal obligations.

We do not sell your personal information. We do not use end-user conversation data to train AI models.

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Contract performance: processing necessary to provide the Service you have subscribed to.
• Legitimate interest: maintaining security, preventing fraud, and improving the Service.
• Legal obligation: complying with applicable laws and regulations.
• Consent: where required by law, such as for non-essential cookies or marketing communications.

4. Data Sharing and Disclosure

We may share personal data with the following categories of recipients:

• Cloud infrastructure providers: for hosting and data storage (e.g., Amazon Web Services).
• AI model providers: message content is sent to third-party AI providers to generate replies. This data is processed per their data processing terms and is not used for model training.
• WhatsApp / Meta: messages are delivered through WhatsApp's Business API, subject to Meta's data policies.
• Paddle.com (Merchant of Record): processes payments, manages subscriptions, handles invoicing and sales tax, and provides purchase-related customer support. See Paddle's Privacy Policy.
• Legal and regulatory authorities: when required by law, subpoena, or legal process.

We do not sell or rent personal data to third parties for their marketing purposes.

5. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. When transferring data outside your country of residence, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• The EU-U.S. Data Privacy Framework, where applicable.
• Any other transfer mechanisms recognized under applicable law.

6. Data Retention

We retain personal data as follows:

• Account data: for the duration of your account plus thirty (30) days after termination.
• Conversation data: retained according to your account settings. You may delete conversation data at any time through the dashboard.
• Usage and analytics data: up to twenty-four (24) months.
• Billing records: as required by applicable tax and accounting laws.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 All Users

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict certain processing activities.

7.2 European Economic Area (GDPR)

• Right to data portability.
• Right to withdraw consent at any time.
• Right to lodge a complaint with your local data protection authority.

7.3 California Residents (CCPA/CPRA)

• Right to know what personal information is collected, used, and shared.
• Right to delete personal information.
• Right to opt out of the sale or sharing of personal information.
• Right to non-discrimination for exercising your privacy rights.

We do not sell personal information as defined by the CCPA. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Service.

7.4 Mexico Residents (LFPDPPP)

• Right of Access: obtain confirmation of whether your data is being processed and access it.
• Right of Rectification: request correction of inaccurate or incomplete data.
• Right of Cancellation: request deletion of your data when it is no longer necessary.
• Right of Opposition: object to the processing of your data for specific purposes.

To exercise your ARCO rights, contact us at privacy@yapper.vip. We will respond within twenty (20) business days as required by Mexican law.

7.5 End Users

If you are an end user who has interacted with a business through Yapper's WhatsApp integration, please contact the business directly to exercise your data rights. The business is the data controller for your conversation data. If you are unable to reach the business, you may contact us at privacy@yapper.vip and we will assist in directing your request.

8. Cookies

We use essential cookies for authentication and session management, and may use analytics cookies with your consent. For a full list of the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

9. Security

We implement commercially reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, and regular security reviews.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected parties and relevant authorities in the event of a data breach, as required by applicable law.

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email or through the dashboard.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

• Email: privacy@yapper.vip
• General inquiries: legal@yapper.vip

For complaints regarding data processing, you may also contact your local data protection authority, PROFECO (Mexico), or the California Attorney General (California).