Home Privacy Policy

Privacy Policy

✅ Privacy Policy

Last Updated: April 2026

1. Introduction

Thoraia.com (“we”, “us”, “our”) is an omnichannel communication platform that enables businesses to connect their WhatsApp Business account via the Meta WhatsApp Business Platform and manage incoming messages.

We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data Controller / Processor Roles

  • You (the customer/business) act as the Data Controller
  • Thoraia.com acts as a Data Processor
  • Meta (WhatsApp Business Platform) is an independent third-party processor/controller for messaging infrastructure

We only process data on your behalf.

3. Data We Collect

3.1 Account Data

  • Name
  • Email address
  • Company/business information
  • Authentication credentials (encrypted)

3.2 WhatsApp Business Data (via Meta API)

  • Incoming messages from end users
  • Customer phone numbers
  • Message content (text, images, documents)
  • Timestamps and delivery status

⚠️ Important:You can only respond to incoming messages. We do not support initiating conversations outside Meta’s WhatsApp rules.

3.3 Technical Data

  • IP address
  • Device and browser information
  • Logs for security and system monitoring

4. Legal Basis for Processing (GDPR Article 6)

We process data under the following legal bases:

  • Contract necessity – to provide the Thoraia.com service
  • Legitimate interest – for platform security and performance
  • Legal obligation – compliance with applicable laws
  • Consent (Meta/WhatsApp) – where required for messaging integration

5. How We Use Data

We use data strictly to:

  • Provide messaging inbox functionality
  • Display WhatsApp conversations
  • Route incoming messages to your account
  • Ensure system security and fraud prevention
  • Maintain service reliability

We do NOT:

  • Sell personal data
  • Use data for advertising
  • Profile users for marketing purposes

6. Data Sharing

We only share data with:

  • Meta Platforms Inc. (WhatsApp Business API)
  • Cloud hosting providers within EU or GDPR-compliant regions
  • Legal authorities when required by law

All third parties are bound by data protection obligations.

7. International Data Transfers

Some WhatsApp-related processing may involve transfers outside the EU.These transfers are protected using:

  • Standard Contractual Clauses (SCCs)
  • Meta’s GDPR compliance framework

8. Data Retention

  • Data is stored only as long as your account is active
  • Messages are retained for operational purposes
  • Deleted accounts are permanently removed within 30 days
  • Backup logs may persist temporarily for security compliance

9. Data Subject Rights (GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing

To exercise rights:???? [email protected]

We respond within 30 days (GDPR requirement).

10. Data Deletion Policy

You may request:

  • Full account deletion
  • WhatsApp integration removal
  • Message history deletion

Once verified:

  • Data is permanently erased
  • System backups are purged within retention cycle

11. Security Measures

We implement:

  • End-to-end HTTPS encryption
  • Role-based access control
  • Secure API authentication with Meta
  • Encrypted database storage
  • Audit logging

12. WhatsApp / Meta Compliance

Thoraia.com fully complies with:

  • Meta WhatsApp Business Messaging Policy
  • WhatsApp template restrictions
  • Anti-spam enforcement rules

We only enable:

  • User-initiated conversations
  • Replies to inbound messages

13. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page.