WazzCon

Privacy Policy

Last updated: 2026-05-06

1. Who we are

WazzCon (operated by Athena Metrics) is a multi-tenant SaaS for managing customer messaging across WhatsApp, Instagram DM, Telegram, and a web chat widget. Each operator (organization) connects their own messaging channels via their own credentials (Bring Your Own App model).

2. What data we collect

  • Operator account data: name, email, password hash, organization details, optional locale/timezone/title.
  • Connected channel credentials: API keys, access tokens, app secrets, webhook verify tokens. Stored AES-256-GCM encrypted at rest; never displayed back in the UI.
  • Conversation data: inbound and outbound messages, contact identifiers (phone number, IGSID, Telegram user ID), profile names/avatars, message timestamps, read/delivery receipts.
  • AI module artifacts: sentiment scores, conversation summaries, automated reply drafts. Generated by AI providers (e.g. Google Gemini) configured by the operator; message bodies are sent to the provider only when the relevant module is enabled.

3. How we use it

  • To deliver the messaging service (route inbound to UI, dispatch outbound).
  • To compute optional analytics (No-Churn sentiment alerts, Voice of Customer).
  • To trigger optional AI-assisted features (AI Agent replies, conversation summaries) — operator opts in per module.
  • We do not sell data, share it with advertisers, or use it to train external models.

4. Third-party processors

  • Meta Platforms (WhatsApp Cloud API, Instagram Graph API, Messenger): operator's own Meta App handles their channel — WazzCon proxies requests using the operator's credentials.
  • AI providers (Google Gemini, OpenAI, Anthropic): message bodies sent only when the operator enables AI modules and only with the operator's own provider key.
  • Hosting: project-managed cloud infrastructure (region: EU). Database, object storage, queue.

5. Data retention & deletion

  • Conversation data is retained while the connected channel instance exists.
  • Operators can delete an instance at any time from the panel — new inbound is rejected; historical messages remain in the DB for audit and may be hard-deleted by org admins on request.
  • Account closure (organization deletion) triggers cascade delete of all related data within 30 days.

6. Security

TLS in transit. Sensitive fields (tokens, secrets, message bodies, profile push names, customer signals) AES-256-GCM encrypted at rest. Multi-tenant isolation enforced at every data-access path; cross-org reads/writes are not possible.

7. Contact

For data subject requests (access, correction, deletion) or privacy questions, contact: info@athenametrics.com