Privacy Policy

This Privacy Policy applies to information that we collect through the Service, our website, and any related communications. It does not apply to third-party services that you may interact with through the Service, including WhatsApp / Meta. Those services are governed by their own privacy policies, which you should review independently.

Account information you provide: display name, email address, phone number, and password (stored as a salted hash by our authentication provider).

Connection metadata: WhatsApp numbers you connect, connection status, warming statistics, scoring data, pool memberships, and operational logs.

Message content: messages generated, sent, or received by your connected numbers through the Service. This may include the content of automated warming conversations and any messages exchanged with third parties.

Billing information: subscription status, plan, invoices, credit-ledger entries, and failed-payment events. Where a payment processor is integrated, we receive limited transaction metadata; full payment-card data is handled by the processor and never stored on our systems.

Technical information: IP address, browser user-agent, device identifiers, session identifiers, and timestamps. Some of this is collected automatically by our authentication and hosting providers.

Behavioral and marketing data: pages and screens you visit, actions you take, time spent, scroll depth, click events, the source from which you reached our website (referrer URL, UTM parameters, advertising click identifiers), and similar information collected automatically as you interact with our website and Service. This data may be collected by our analytics, advertising, retargeting, and conversion-tracking partners (see Section 4).

Communications: any messages you send to support, feedback you submit, and our responses.

We use the information we collect to: (a) provide, operate, and maintain the Service; (b) process payments and manage subscriptions; (c) authenticate users and secure accounts; (d) detect, investigate, and prevent fraud, abuse, and security incidents; (e) communicate with you about service updates, billing, and support; (f) improve the Service and develop new features; (g) measure the performance of our website and marketing campaigns, analyze usage and user behavior, build audiences, and deliver, target, retarget, and personalize our advertising on our own properties and on third-party platforms (including social networks and advertising networks); (h) send you marketing communications about our Service and related offerings (subject to your right to opt out at any time); (i) comply with legal obligations and respond to lawful requests.

We do not sell your personal information in exchange for monetary consideration. To the extent that the use of analytics, advertising, retargeting, or conversion-tracking technologies described in this Policy constitutes a "sale" or "share" of personal information under certain laws (such as the California Consumer Privacy Act), you may opt out using the controls described in Section 9 and Section 7.

We share information with third-party service providers who process data on our behalf, under contractual obligations of confidentiality and data protection. The categories of providers are:

Authentication and database (Supabase) — stores user accounts, profiles, connection metadata, billing records, and message logs.

WhatsApp gateway (third-party Evolution API instance, self-hosted by WampUp) — relays messages between the Service and the WhatsApp network. This gateway is unofficial and is not operated by WhatsApp Inc. or Meta Platforms Inc.

Proxy network (BrightData and similar ISP-proxy providers) — routes traffic between the gateway and the WhatsApp network using residential or ISP IP addresses.

AI providers (third-party large-language-model APIs) — generate the text of warming conversations. Message content sent to these providers is subject to their own data-handling policies.

Email provider — delivers transactional and marketing emails (such as verification, billing notices, product updates, and promotional offers). Marketing emails include an unsubscribe link.

Payment processor (where applicable) — processes subscription payments. We do not see or store your full payment-card number.

Analytics, advertising, and conversion-tracking providers — including but not limited to Google Analytics, Meta (Facebook) Pixel, and similar measurement, advertising, retargeting, and attribution platforms — receive information about your visits to and interactions with our website and Service in order to help us measure traffic and marketing effectiveness, build and target audiences, deliver advertising on third-party platforms (including social networks), and attribute conversions. The information collected may include IP address, device and browser characteristics, identifiers (including advertising identifiers), pages visited, actions taken, referral source, and approximate location. Some of these providers may use this information for their own purposes in accordance with their own privacy policies.

These providers may be located outside Israel, including in the European Union and the United States. We rely on contractual safeguards (data-processing agreements and, where applicable, Standard Contractual Clauses) to protect your data during such transfers.

IMPORTANT. The Service operates by sending and receiving messages through your WhatsApp account using an unofficial gateway. By using the Service, you authorize WampUp to act on your behalf in this manner.

When messages travel through the WhatsApp network, they are processed by WhatsApp Inc., Meta Platforms Inc., and their affiliated entities according to their own privacy policies and infrastructure. WampUp has no control over how Meta collects, stores, retains, profiles, or analyzes such data, and WampUp is not responsible for those activities.

The phone numbers, contact lists, message content, and metadata associated with your WhatsApp account may be visible to Meta. You should review the WhatsApp Privacy Policy and the Meta Privacy Policy to understand what those companies do with your data.

Active accounts: we retain account and operational data for as long as your subscription is active.

Closed accounts: after you close your account, we retain your account data for up to seven (7) years to comply with Israeli tax and accounting obligations. After this period, the data is deleted or anonymized.

Logs and technical data: typically retained for up to twelve (12) months.

Analytics and aggregated metrics: typically retained for up to twenty-four (24) months.

We may retain data for longer where required by law, where necessary to defend or pursue legal claims, or where the data has been anonymized so that it can no longer be associated with you.

Under the Israeli Protection of Privacy Law, you have the right to access personal information about you held by us, to request correction of inaccurate information, and, in certain circumstances, to request deletion. To exercise these rights, contact us at the email listed below. We may need to verify your identity before responding.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that grants additional rights (such as those under GDPR), you may also have the right to: receive a portable copy of your data; object to or restrict certain processing; withdraw consent; and lodge a complaint with the relevant supervisory authority.

Some rights are subject to legal exceptions — for example, we may not be able to delete data that we are required by law to retain.

Your data may be processed in jurisdictions outside the State of Israel, including the European Union and the United States, by our service providers. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and adequacy decisions.

The Service uses essential cookies and browser local storage to maintain your authenticated session, remember your language and direction preferences, and provide core functionality. These are required for the Service to work and cannot be disabled without breaking the Service.

In addition, our website and Service may use analytics, advertising, retargeting, and conversion-tracking technologies — including cookies, web beacons, pixels (such as the Meta / Facebook Pixel and similar pixels operated by other advertising networks and social platforms), and software development kits — provided by third parties. These technologies help us measure how visitors find and use our website, evaluate the performance of our marketing campaigns, build and target audiences, deliver advertising on third-party platforms, attribute conversions, and improve our products. The information collected may include identifiers (including advertising identifiers), IP address, browser and device characteristics, pages visited, actions taken, referral source, and approximate location. We may combine this information with other information we hold about you.

Where applicable law requires prior consent (for example, the EU ePrivacy Directive and the GDPR), non-essential analytics, advertising, and tracking technologies will be loaded only after we obtain your consent through a cookie banner or equivalent mechanism. You may change or withdraw your consent at any time using the same mechanism.

You can also control these technologies through your browser settings, your device-level advertising controls, and the opt-out tools provided by the relevant advertising networks (for example, Google's Ads Settings, Meta's Ad Preferences, the Network Advertising Initiative opt-out at optout.networkadvertising.org, and the Digital Advertising Alliance opt-out at optout.aboutads.info). Disabling these technologies will not affect your ability to use the Service.

We use commercially reasonable technical and organizational measures to protect your information, including TLS encryption in transit, salted password hashing, role-based access control, and database row-level security.

No method of transmission or storage is perfectly secure. In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required by law, affected users without undue delay (and in any event within 72 hours where GDPR applies).

The Service is not directed to, and not intended for, individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us so we can delete it.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. Material changes will be communicated to you by email or through the Service before they take effect.