Privacy Policy

Last Updated: 09 May 2026

Website: https://wasooli.online

Company: AZLOGICS.DEV (SMC-Pvt) Ltd

Wasooli.Online ("we", "our", "us") respects and protects the privacy of all merchants and their customers. This Privacy Policy explains how we collect, store, secure, and use the data that merchants provide to us while using our services.


1. What Data We Collect

1.1 Data Provided by Merchants

Merchants upload and manage customer information on our system. This may include:

  • Customer names
  • WhatsApp numbers, phone numbers
  • Email addresses
  • Area/locality details
  • Billing and payment history
  • Membership, subscription, or supply-related information

We do not collect customer data directly.

All customer information is provided by the merchant only.


2. Merchant Data Security & Isolation

Wasooli.Online treats each merchant's business and customer information as confidential. Underpinning that is a storage and application design where each merchant's datasets live in strongly scoped logical partitions—implemented so that, architecturally, each merchant's data behaves as if it were held in a virtually separate database instance: distinct namespaces, tenant-bound identifiers, and isolation boundaries at the persistence layer. Routine processing paths are structured so workloads for one merchant do not co-mingle with another's records at rest or in normal operations.

Under our operational policy:

  • We do not merge, pool, or repurpose one merchant's billing, customer, or messaging records with another's for ordinary service delivery.
  • Role-based access, authorization rules, and monitoring are applied so application and operational activity remain aligned with the correct merchant scope—not undifferentiated cross-merchant queries for day-to-day service.
  • Where engineering or support access is ever needed, it follows our strict internal procedures (see access and confidentiality sections below)—elevated, justified access—not informal cross-partition use.

In short: confidentiality is backed by logical isolation modeled like dedicated database instances, plus organizational safeguards appropriate to the service we provide. Technical readers will recognize this as a deliberate separation of datasets and control plane—not a single flat shared datastore without tenant-scoped boundaries.


3. Who Can Access the Data

3.1 Internal Company Access

Only authorized backend systems can access encrypted data for service functionality.

No staff member can view:

  • Customer personal details
  • Merchant WhatsApp messages
  • Sensitive business information

We enforce strict internal access control.

3.2 Third-Party Hosting Providers

We host our systems on secure third-party infrastructure providers.

They operate under strict compliance policies and cannot use, view, or share any data stored on the servers.

3.3 Government, regulatory, and legal requirements

We may disclose limited information—including merchant or platform-related records—when we reasonably believe we are required or permitted to do so under applicable law in Pakistan. Examples of situations that may arise include (but are not limited to):

  • Courts: valid court orders, summonses, or other judicial processes we are legally obligated to comply with.
  • Law enforcement: lawful requests from agencies acting within statutory authority, subject to authentication and legal review where appropriate.
  • Tax and regulatory authorities: lawful information requests from federal or provincial bodies (for example, revenue or tax authorities) where applicable statutes apply to our operations or to information we hold—similar to other regulated businesses.

Where feasible, we assess each request for a proper legal basis and aim to limit disclosure to what is reasonably necessary under the circumstances. Nothing in this section limits disclosures that applicable law expressly permits or requires.

Apart from essential service providers described in this policy (such as secure hosting infrastructure in section 3.2), we do not sell merchant or customer data or share it with unrelated private companies for marketing, resale, or unrelated commercial use. Merchants remain responsible for their own legal, tax, and compliance obligations; consider independent professional advice where needed.


4. Data Security

We use advanced security practices including:

  • Merchant-scoped separation for stored data and routine processing
  • Encrypted databases
  • Encrypted communication (HTTPS/TLS)
  • Secure session keys
  • Access logging & intrusion detection
  • Firewalls and server-level protection
  • Role-based access control (RBAC)

Your customer information remains protected at all levels.

4.1 OTP authentication & sign-in

Wasooli.Online supports OTP-based login (one-time passwords delivered via SMS or verified channels) for merchant and authorised staff access. OTP codes are never stored in plaintext after validation and are processed only through secured authentication services.

  • OTPs are short-lived and invalidated after use or expiry to reduce replay risk.
  • We do not use OTP data for marketing or share it with unrelated third parties.
  • Failed attempts and unusual access patterns may trigger additional verification consistent with our fraud-prevention posture.

Combining OTP verification with tenant isolation and RBAC materially reduces unauthorised access to merchant consoles and sensitive operations.


5. Payment Handling Policy

5.1 State Bank of Pakistan (SBP) Compliance

Wasooli.Online processes all digital payments exclusively through channels licensed and regulated by the State Bank of Pakistan (SBP). We operate in full compliance with SBP's Payment Systems (Oversight) Regulations and the National Payment Systems Strategy.

Our payment infrastructure is built on:

  • 1BILL (OneLink) — Pakistan's national inter-bank bill payment aggregator, regulated by SBP. Customers can pay merchant bills from any bank's internet/mobile banking, ATMs, or 1Link-connected payment apps.
  • Raast — SBP's instant payment system enabling real-time fund transfers. Wasooli.Online supports Raast-enabled bill collections where applicable, allowing customers to pay instantly from any participating bank account.
  • OneLink / 1Link Network — Pakistan's shared payment network connecting 30+ banks. Transactions are processed securely through the 1Link switch.

5.2 What We Store vs. What We Don't

We store:

  • Unique Billing ID assigned to each customer bill
  • Payment status (Paid / Unpaid / Partial)
  • Payment timestamp and transaction reference (where provided by the gateway)
  • Amount billed and amount paid

We do NOT store:

  • Debit or credit card numbers
  • Bank account numbers or IBANs
  • Bank login credentials, PINs, or OTPs
  • Full payment card data of any kind

All sensitive financial data is handled entirely by 1Link / OneLink and SBP-regulated partner banks. Wasooli.Online never has access to, nor processes, any raw banking credentials.

5.3 How Billing IDs Work

Each customer is assigned a unique Billing ID by Wasooli.Online. This ID is used exclusively to:

  • Identify the customer's bill in the 1BILL system
  • Enable payment lookup from any bank channel
  • Record payment status updates back to the merchant dashboard

A Billing ID only allows the payer to pay their specific bill — it cannot be used to access, transfer, or view any other financial information.

5.4 Merchant Payouts & Reconciliation

Merchant payouts are handled directly between the merchant and their designated bank account through the 1Link/SBP settlement process. Wasooli.Online does not hold, pool, or manage merchant funds. We only record and display payment confirmation data received from the payment gateway.

For payment disputes, refunds, or reconciliation queries, merchants should contact their designated bank or reach us at [email protected].


6. WhatsApp Official API & Messaging Policy

6.1 WhatsApp Business API Integration

Wasooli.Online integrates with the WhatsApp Business Platform provided by Meta Platforms, Inc. This integration enables merchants to send automated, business-initiated messages to their customers through verified WhatsApp Business Accounts.

All messaging through our platform complies with:

  • Meta's WhatsApp Business Policy — every category of message (including utility flows and any marketing or promotional sends Meta permits) must follow Meta's current rules, approved templates, and permitted use cases.
  • Meta's Messaging Guidelines — we only use approved message templates for business-initiated communications.
  • Customer Consent — merchants are responsible for ensuring their customers have opted in to receive WhatsApp communications.

6.2 Types of Messages Sent

Automated billing and reminder flows on Wasooli.Online are utility messages: they are sent through our platform on behalf of the merchant using Wasooli.Online tooling (templates and schedules you configure), not anonymous bulk blasting.

Through the Wasooli.Online platform, merchants may send:

  • Monthly bill generation notifications
  • Payment due date reminders
  • Payment received confirmations
  • Overdue payment follow-ups
  • Merchant-initiated custom messages to individual customers
  • Billing ID and payment link sharing

Those automated utilities are transactional in nature and tied to the merchant–customer billing relationship. Promotional or marketing messages are only appropriate where the merchant has lawful consent from their own customers or contacts, and only when the content, category, and templates comply with Meta's official WhatsApp policies (including Business Policy, Commerce Policy where applicable, and Messaging Guidelines as updated from time to time).

Wasooli.Online does not permit spam, abusive messaging, bulk unsolicited outreach without a proper basis under WhatsApp rules, or any sends that violate Meta's policies or applicable law. Merchants are responsible for consent, accurate use of approved templates, and honouring opt-outs.

6.3 Opt-Out & Message Frequency

Customers who wish to stop receiving WhatsApp messages from a merchant can:

  • Reply "STOP" to any automated message to opt out from automated reminders
  • Contact the merchant directly to request removal from their billing system
  • Contact us at [email protected] with their number and the merchant's name

Message frequency depends on the merchant's billing cycle (typically monthly) and payment status. Overdue reminders are sent at merchant-configured intervals.

6.4 What We Store

To show full chat history to the merchant inside the dashboard, we securely store:

  • Outgoing system messages (automated reminders)
  • Outgoing merchant-initiated messages
  • Incoming customer replies to those messages

These message logs are stored using secure, merchant-isolated storage consistent with our data separation policy and are accessible only by the merchant who owns the WhatsApp connection.

6.5 Who Can Access WhatsApp Data

  • The merchant who owns the WhatsApp Business account connected to Wasooli.Online
  • Authorized system engineers, only if required for debugging or maintenance, and strictly under:
    • Legally binding NDAs compliant with Pakistani law
    • Internal access-control monitoring
    • Confidentiality and data protection protocols

Engineers are prohibited from using, sharing, copying, or disclosing any WhatsApp-related information for any purpose other than necessary technical support.

6.6 Security Measures for WhatsApp Data

  • Encrypted database storage
  • Secure session key protection
  • Access logs and monitoring
  • Role-based access control
  • Merchant-scoped boundaries for stored information and access
  • Firewall and intrusion-prevention systems

6.7 What We Do NOT Do

  • We do not access messages outside our system's chat window
  • We do not read or view media unless it is part of the system chat
  • We do not sell, rent, or share any WhatsApp data with any third party
  • Routine billing, reminders, and merchant-initiated traffic are sent for merchants via their connected WhatsApp Business accounts. Wasooli.Online-initiated marketing or informational programmes sent through that same linked connection are described in section 8 and are not anonymous bulk spam; they operate under Meta's rules, our terms, and the authorisation that applies when you link your Business number to Wasooli.Online.
  • We do not permit spam, abusive messaging, or other misuse of the service that violates Meta's policies or our acceptable-use expectations (see section 6.2 for permitted message types and merchant responsibilities).

6.8 WhatsApp Data Deletion Policy

Merchants may request deletion of their WhatsApp-related data (including message logs and session records) at any time.

To request deletion, please contact us at [email protected].

Once verified, we will permanently delete all WhatsApp-related data associated with your account from our database, unless retention is required by law.


7. How We Use Data

We use merchant-provided data only to:

  • Send automated WhatsApp reminders and notifications
  • Generate bills and invoices
  • Track and record payment statuses
  • Process payments via 1BILL, Raast, and OneLink
  • Provide analytics and reports to the merchant
  • Enable dashboard functionality
  • Improve service performance
  • Provide technical support

We do not sell, rent, or hand over identifiable merchant or customer lists to other merchants or to unaffiliated third parties for their own resale or unrelated commercial exploitation. Section 8 describes stricter boundaries between merchants (including competitors in the same trade) and how Wasooli.Online may run its own marketing campaigns.


8. Merchant data boundaries & Wasooli.Online marketing

8.1 We do not sell merchant or customer lists — full stop

Wasooli.Online does not sell, rent, license, or broker merchant business data or customer contact / billing records to any other merchant or unrelated company as a commercial product—under any ordinary business arrangement. That holds whether the buyer is in the same category (for example, gym to gym, water supplier to water supplier) or in a different category (for example, a restaurant asking to purchase access to a gym's member list, or a clothing brand seeking another merchant's customer file). We are not a marketplace for audience data.

Essential subprocessors (such as secure hosting or payment rails) may process data solely to provide the service, as described elsewhere in this policy—they do not receive your lists to resell or reuse for their own marketing.

8.2 No paid campaigns against another merchant's audience

We strictly protect merchants from abuse of the platform. Wasooli.Online does not accept payment or instructions to run marketing that targets another merchant's customer base for a direct competitor in the same line of business—using data held because those customers bill through a different merchant on Wasooli.Online.

For example: if two gyms operate in the same area, Gym A cannot pay Wasooli.Online to deliver ads or messages aimed at Gym B's members identified via our systems. That kind of arrangement misuses another merchant's relationship with their customers, can be unlawful, and is something we do not offer.

8.3 Wasooli.Online's own cross-category marketing

Separately from merchant-to-merchant sales, Wasooli.Online (AZLOGICS.DEV) may run its own informational or promotional programmes—under Wasooli.Online or related official branding—about the platform, approved partners, or general consumer categories that are not framed as poaching one merchant's customers for a rival in the same vertical. Examples of the kind of cross-topic outreach we may run at a platform level include offers or awareness related to food and dining, apparel, education, or household services, using lawful audience approaches (such as broad segments or geography) rather than selling one merchant's identifiable list to another.

Marketing and utility messages sent through WhatsApp or similar channels follow Meta's policies, applicable law, and the rules described in section 6 (including approved templates and categories where required). Where you have connected a WhatsApp Business number to Wasooli.Online under our terms, Wasooli.Online may send Wasooli.Online-initiated marketing and informational messages through that linked connection when Meta's requirements are satisfied— without requiring separate consent from you for each individual Wasooli.Online campaign; your agreement to use the platform and link your Business account covers authorisation for these sends at a platform level. End recipients remain subject to Meta's opt-in, template, and consent rules where they apply.

Where promotional communications from Wasooli.Online are optional under law or our terms, we provide a reasonable way to opt out of Wasooli.Online marketing content where required, without turning off core billing and utility features unless separately agreed.


9. Data Retention & Deletion

We keep merchant and customer data:

  • As long as the merchant's account is active
  • Or until deletion is requested

Upon account closure:

  • All merchant data is permanently deleted
  • Backups auto-purge within 7–30 days depending on server cycle

You may request full data deletion anytime by emailing [email protected].


10. Cookies & Tracking

We use cookies only for:

  • Secure login
  • Session management
  • Fraud prevention
  • Basic analytics

We do not use invasive tracking or advertising cookies.


11. Children's Data

Merchants are responsible for ensuring that uploaded data complies with local regulations.

We do not knowingly process data from children under 13.


12. Changes to This Policy

We may update this policy from time to time.

Changes will be posted on this page with an updated "Last Updated" date. Continued use of the platform constitutes acceptance of the updated policy.


13. Contact Information

For any privacy concerns, data deletion requests, or payment disputes:

Powered by AZLOGICS.DEV (SMC-Pvt) Ltd

Wasooli.Online Office, 105, Jamia Islamia road

Rahim Yar Khan

WhatsApp: +92 315-7777653

Email: [email protected]

Website: https://wasooli.online