Privacy Policy — WellZapp

Version 2026-07-01 · how we handle data on the platform.

Convenience translation: this English version is provided for convenience only. In case of any conflict or discrepancy, the Portuguese version prevails and is the legally binding text.
Roles (LGPD): with respect to your account data, WellZapp is the controller. With respect to third-party data you enter (leads, contacts, lists, messages), you are the controller and WellZapp is the processor — we process that data only to provide the service to you.

1. Data we process

CategoryExamplesBasis
Registration/accountemail, password (hash), plan, rolecontract performance
Usage/technicalIP, user-agent, access logs, audit trail, session cookieslegitimate interest/security
Consentaccepted Terms/Privacy version, date, IP, user-agentlegal obligation/proof of acceptance
Customer contentleads, contacts, lists, groups, templates, messages, mediayou are the controller

2. How we protect it (without promising what we don't do)

Your account is protected by authentication, hashed passwords (bcrypt — we do not store plaintext passwords and the team cannot see them), per-account isolation, access controls and optional MFA. We keep backups. We do not claim end-to-end encryption or absolute security — we pursue reasonable security practices.

3. We do not sell your data

WellZapp does not sell, rent or trade your data or your leads. We do not use the content of your contacts for our own marketing purposes.

4. Our team's access

We only access your account data when necessary for requested support, security, maintenance, auditing or legal obligation. Such access is restricted and logged.

5. Sub-processors

6. Retention and deletion

We keep data while the account exists and for as long as required by legal obligations. Audit logs have limited retention. You may request deletion of your account and data through support; minimal records may be kept where legally required.

7. Your rights (LGPD)

You may request access, correction, portability, information about use, and deletion of your data, as well as withdraw consent. For third-party data you entered, you are responsible for answering data subjects — we assist as processor.

8. Incidents

In the event of a relevant security incident, we will adopt containment measures and notify affected parties/authorities where required by law.

9. Contact

Privacy questions: through the support channel indicated in the panel.