Privacy Policy

We collect the following categories of information:

• Account data — your phone number, name, email (optional), business name and business type, supplied at sign-up or in your profile.
• Customer contact data — names and phone numbers of your customers that you upload or add to send reminders to. You are the data controller for this data; we process it solely on your behalf.
• Reminder content — the message text, scheduled time, and recurrence rule of each reminder you create.
• Delivery metadata — WhatsApp delivery status (sent / delivered / read / failed) returned by Meta's WhatsApp Cloud API.
• Inbound messages — when one of your customers replies to a reminder, the reply text and any media (images, voice notes, documents) are stored against the corresponding conversation so you can read it in your inbox. Media is fetched from Meta and proxied through our authenticated server; it is never publicly accessible.
• Device & usage data — device type, OS version, app version, crash logs, and basic analytics events.
• Payment data — handled by our payment processor (Razorpay / Stripe); we store only the transaction ID, amount, and status.
• Meta / WhatsApp Business Account data — see Section 3 below.

• To create and authenticate your account (OTP via WhatsApp).
• To send the reminders you have scheduled to your customers.
• To bill you for paid plans and add-on credits, and to provide receipts.
• To improve the Service via aggregated, anonymous analytics.
• To comply with legal obligations including the Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023 (DPDPA).

We do not use your data, your customers' data, or any data obtained from Meta to train machine-learning models, build advertising profiles, or enrich third-party data sets.

PingDaily is an authorized Tech Provider on Meta's WhatsApp Business Platform. To send messages from your own WhatsApp Business number, you can connect your WhatsApp Business Account (WABA) to PingDaily through Meta's Embedded Signup flow.

3.1 What we receive from Meta during Embedded Signup. When you complete the Meta-hosted popup, Meta returns the following to PingDaily:

• A short-lived authorization code, which our server exchanges for a long-lived business access token scoped only to the WhatsApp Business Account you authorized.
• The WhatsApp Business Account ID and Phone Number ID you selected.
• Account metadata read from Meta's Graph API, including display phone number, verified business name, business entity name, time zone, account review status, phone status, phone quality rating, messaging tier, and platform type. These are shown to you on the WhatsApp settings page so you can confirm the connection.

3.2 What we do NOT receive. We never see your Facebook password, your personal Facebook profile, your friends list, your pages, your ad accounts, or any other Facebook data outside the specific WABA you authorize. The token Meta issues cannot read or modify any other business or personal data on your Facebook account.

3.3 How we use the access token. We use the token solely to: (a) subscribe our application to your WABA's webhook so we can receive delivery status and inbound replies, (b) register your phone number for the WhatsApp Cloud API, (c) send the reminder messages you schedule, and (d) periodically re-fetch the metadata above so the dashboard stays accurate.

3.4 Where the token is stored. The token is stored encrypted at rest in our primary database, accessible only to the PingDaily application servers. It is never exposed to your browser, the mobile app, or any third party.

3.5 Disconnecting / revoking access. You can disconnect your WABA at any time from Settings → WhatsApp → Disconnect in the dashboard. This immediately deletes the access token and all associated metadata from our database. You can additionally revoke PingDaily's access at the Meta source by visiting business.facebook.com → Settings → Business Integrations.

3.6 Message data flow. When you send a reminder, the message text and recipient phone number are transmitted to Meta Platforms, Inc. for delivery via the WhatsApp Cloud API. Meta processes this data under its own WhatsApp Business Messaging Policy and WhatsApp Privacy Policy. We do not sell or share your or your customers' data with Meta for advertising purposes.

We do not sell your personal data. We share data only with:

• Sub-processors needed to operate the Service — Meta Platforms, Inc. (WhatsApp message delivery and inbound webhook), our cloud hosting provider (Railway), our payment processors (Razorpay, Stripe), and our SMS / email transactional providers.
• Law enforcement, where compelled by valid legal process under Indian law.
• A successor entity in the event of a merger, acquisition or asset sale, subject to confidentiality.

• Account data — retained while your account is active and for up to 90 days after deletion to support billing audits.
• Reminder content & delivery logs — retained for 12 months.
• Inbound message content & media — retained for 90 days from receipt, then deleted.
• Customer contact data — deleted within 7 days of you deleting it from the app.
• Meta access tokens & WABA metadata — deleted immediately upon disconnect; otherwise retained for the life of your account.

• Right to access a copy of your data.
• Right to correction or erasure.
• Right to grievance redressal — see our Grievance Officer below.
• Right to nominate, in case of incapacity or death.
• Right to withdraw consent at any time.

To exercise any of these rights, email privacy@pingdaily.app. You can also delete your account in-app from Settings → Account → Delete my account, or follow the instructions at /account/delete.

We use TLS 1.2+ in transit, encryption at rest for the database (including all Meta access tokens), scrypt-hashed authentication tokens, and least-privilege access controls. Inbound media fetched from Meta is served only through authenticated proxy endpoints scoped to the owning user. No system is 100% secure; we will notify affected users of any material breach within 72 hours as required by DPDPA.

The Service is not directed to persons under 18. We do not knowingly collect data from children.

Data is primarily processed in India. Some sub-processors (notably Meta Platforms, Inc.) process data outside India in line with applicable law and their published data-transfer mechanisms.

We will update this policy from time to time. Material changes will be notified in-app and via email at least 7 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Name: Grievance Officer, PingDaily
Company: EPAGESTORE TECHNO-LAB PVT. LTD.
Email: grievance@pingdaily.app
Privacy / data requests: privacy@pingdaily.app

We respond to grievances within 30 days of receipt, as required by Indian law.