1. What Data We Collect

1.1 Data Provided by Merchants

Merchants upload and manage customer information on our system. This may include:

• Customer names
• WhatsApp numbers, phone numbers
• Email addresses
• Area/locality details
• Billing and payment history
• Membership, subscription, or supply-related information

We do not collect customer data directly.

All customer information is provided by the merchant only.

2. Multi-Tenancy Data Isolation

Wasooli.Online uses a 100% isolated multi-tenant database architecture, ensuring:

• Each merchant's data is completely separated
• No merchant can view or access another merchant's data
• Internal system rules enforce strict separation
• Cross-merchant data leakage is impossible by design

Your business and customer information is securely isolated within your tenant.

3. Who Can Access the Data

3.1 Internal Company Access

Only authorized backend systems can access encrypted data for service functionality.

No staff member can view:

• Customer personal details
• Merchant WhatsApp messages
• Sensitive business information

We enforce strict internal access control.

3.2 Third-Party Hosting Providers

We host our systems on secure third-party infrastructure providers.

They operate under strict compliance policies and cannot use, view, or share any data stored on the servers.

3.3 Government / Legal Requirements

We only share data if required by:

• Pakistani government authorities
• Court orders
• Law enforcement requests

We do not share data with any private third party for any other reason.

4. Data Security

We use advanced security practices including:

• Multi-tenant database isolation
• Encrypted databases
• Encrypted communication (HTTPS/TLS)
• Secure session keys
• Access logging & intrusion detection
• Firewalls and server-level protection
• Role-based access control (RBAC)

Your customer information remains protected at all levels.

5. Payments & Billing Information

Wasooli.Online processes payments only through State Bank–approved channels, including:

• OneLink
• 1BILL
• Raast-enabled bill payments (where applicable)

Important facts:

• We do not collect or store debit/credit card numbers
• We do not store bank login details or PINs
• Billing IDs are unique and only allow end-users to pay their bill
• Only payment status (paid/unpaid) is stored, nothing financial like card numbers

All payment operations are handled securely by OneLink and authorized banking partners.

6. WhatsApp Integration Privacy

Wasooli.Online allows merchants to connect their WhatsApp number to automate communication with their customers, including:

• Payment reminders
• Bill notifications
• Confirmations
• Follow-up messages
• Merchant-initiated custom messages

To provide this feature, the system stores message logs that are:

• Generated only through our platform
• Visible only to the merchant within their own panel

We do not have access to a merchant's personal WhatsApp chats outside of the messages that pass through our platform.

What We Store

To show full chat history to the merchant inside the dashboard, we securely store:

• Outgoing system messages
• Outgoing merchant-initiated messages
• Incoming customer replies to those messages

These message logs are stored:

• In a secure, isolated, multi-tenant database
• Accessible only by the merchant who owns the WhatsApp connection

We do not store any unrelated personal WhatsApp chat history, media, or conversations outside the messages directly exchanged through our system.

Who Can Access WhatsApp Data

• The merchant who owns the WhatsApp account
• Authorized system engineers, only if required for debugging or maintenance, and strictly under:
  • Legally binding NDAs compliant with Pakistani law
  • Internal access-control monitoring
  • Confidentiality and data protection protocols

Engineers are prohibited from using, sharing, copying, or disclosing any WhatsApp-related information for any purpose other than necessary technical support.

Security Measures

To protect WhatsApp data, we use:

• Encrypted database storage
• Secure session key protection
• Access logs and monitoring
• Role-based access control
• Multi-tenant isolation
• Firewall and intrusion-prevention systems

What We Do NOT Do

• We do not access messages outside our system's chat window
• We do not read or view media unless it is part of the system chat
• We do not sell, rent, or share any WhatsApp data with any third party

Your WhatsApp account and associated data remain private, isolated, and fully protected.

WhatsApp Data Deletion Policy

Merchants may request deletion of their WhatsApp-related data (including message logs and session records) at any time.

To request deletion, please contact us at contact@wasooli.online.

Once verified, we will permanently delete all WhatsApp-related data associated with your account from our database, unless retention is required by law.

7. How We Use Data

We use merchant-provided data only to:

• Send automated WhatsApp reminders
• Generate bills and invoices
• Track payments
• Provide analytics to the merchant
• Enable dashboard functionality
• Improve service performance
• Provide technical support

We never sell, rent, or giveaway your data to any third party.

8. Data Retention & Deletion

We keep merchant and customer data:

• As long as the merchant's account is active
• Or until deletion is requested

Upon account closure:

• All merchant data is permanently deleted
• Backups auto-purge within 7–30 days depending on server cycle

You may request full data deletion anytime.

9. Cookies & Tracking

We use cookies only for:

• Secure login
• Session management
• Fraud prevention
• Basic analytics

We do not use invasive tracking or advertising cookies.

10. Children's Data

Merchants are responsible for ensuring that uploaded data complies with local regulations.

We do not knowingly process data from children under 13.

11. Changes to This Policy

We may update this policy from time to time.

Changes will be posted on this page with an updated "Last Updated" date.

12. Contact Information

For any privacy concerns or requests: