| Category | Examples | Basis |
|---|---|---|
| Registration/account | email, password (hash), plan, role | contract performance |
| Usage/technical | IP, user-agent, access logs, audit trail, session cookies | legitimate interest/security |
| Consent | accepted Terms/Privacy version, date, IP, user-agent | legal obligation/proof of acceptance |
| Customer content | leads, contacts, lists, groups, templates, messages, media | you are the controller |
Your account is protected by authentication, hashed passwords (bcrypt — we do not store plaintext passwords and the team cannot see them), per-account isolation, access controls and optional MFA. We keep backups. We do not claim end-to-end encryption or absolute security — we pursue reasonable security practices.
WellZapp does not sell, rent or trade your data or your leads. We do not use the content of your contacts for our own marketing purposes.
We only access your account data when necessary for requested support, security, maintenance, auditing or legal obligation. Such access is restricted and logged.
We keep data while the account exists and for as long as required by legal obligations. Audit logs have limited retention. You may request deletion of your account and data through support; minimal records may be kept where legally required.
You may request access, correction, portability, information about use, and deletion of your data, as well as withdraw consent. For third-party data you entered, you are responsible for answering data subjects — we assist as processor.
In the event of a relevant security incident, we will adopt containment measures and notify affected parties/authorities where required by law.
Privacy questions: through the support channel indicated in the panel.