خدماتك

Wesal

Customer communication platform for Arabic businesses

Start free

Privacy Policy

Englishالعربية

Privacy Policy

This Privacy Policy explains how Wesal handles personal data across our website, public support channels, merchant onboarding, and messaging operations.

English is the default version of this page. Arabic is available with ?lang=ar.

Effective date / Last updated: 2026-04-18

Brand

Wesal (خدماتك)

Legal entity

SADEQ HUSSEIN SALEH ALOTUMI

صادق حسين صالح العتمي

1. Company legal identity

This Privacy Policy is issued by SADEQ HUSSEIN SALEH ALOTUMI, operating under the trade name Wesal ("we", "us", "our"), a business based in Sana'a, Yemen. We are the data controller for all personal data collected through https://wesal.one and our services where we determine the purposes and means of processing.

2. Data we collect

  • Account information, including name, email address, phone number, and business name.
  • Business information, including business address, licensing or tax information when provided for onboarding or compliance.
  • WhatsApp Business Account data, including phone numbers, display names, message templates, and conversation history.
  • Customer messages routed through the platform on behalf of onboarded merchants.
  • Usage and analytics data, including page usage, feature usage, and operational metrics.
  • Technical data, including IP address, browser information, and device identifiers.

3. How we use data

  • To provide WhatsApp messaging services to onboarded merchants.
  • To route customer messages between merchants and their end-customers.
  • To manage WhatsApp Business Account assets such as templates, phone numbers, display names, and quality-related settings.
  • For authentication, security, fraud prevention, and account protection.
  • To comply with legal, audit, tax, and regulatory obligations.
  • To improve our services and maintain platform quality.

4. Legal basis for processing (GDPR)

  • Contractual necessity under GDPR Article 6(1)(b).
  • Legitimate interests under GDPR Article 6(1)(f).
  • Consent where applicable under GDPR Article 6(1)(a).
  • Legal obligation under GDPR Article 6(1)(c).

5. Third-party data sharing

We share data only where necessary to operate the service, comply with law, or protect rights and safety.

  • Meta Platforms, Inc. and WhatsApp LLC as providers of the WhatsApp Business Cloud API and related platform services.
  • Vercel as a hosting and deployment provider acting as a processor.
  • Neon as a database infrastructure provider acting as a processor.
  • Other infrastructure, email, analytics, communications, and security providers acting under appropriate contractual or operational controls.
  • We do not share data with advertisers, data brokers, unrelated third parties, or for marketing or profiling beyond operating the platform.

6. Compliance framework

We comply with the Meta Platform Terms (https://developers.facebook.com/terms/) and the WhatsApp Business Solution Terms (https://www.whatsapp.com/legal/business-solution-terms). Our handling of Platform Data is restricted to providing services to onboarded business customers only.

7. Data retention

  • Active account data is retained while the account remains active.
  • Message history is retained for up to 12 months after message delivery unless a shorter period is configured or law requires a longer period.
  • Account data after closure is deleted within 30 days of verified closure or verified deletion request.
  • Protected backups are purged within 90 days according to backup rotation cycles.
  • Legal, tax, financial, anti-fraud, and audit records may be retained for as long as required by applicable law.

8. User rights (GDPR/CCPA)

  • You may request access to personal data we control.
  • You may request correction of inaccurate data.
  • You may request deletion subject to legal retention obligations.
  • You may request portability where applicable law provides that right.
  • You may object to certain processing or request restriction where applicable law provides that right.
  • You may withdraw consent where processing depends on consent.

9. Data deletion instructions

You may request complete deletion of your data by visiting https://wesal.one/data-deletion, emailing admin@wesal.one with the subject 'Data Deletion Request', or revoking access through Facebook Settings -> Apps and Websites when applicable.

Our Data Deletion Callback URL is https://wesal.one/api/data-deletion. We complete deletion within 30 days of a verified request unless law requires otherwise.

10. International data transfers

Where data is transferred across borders, we use Standard Contractual Clauses (SCCs), equivalent contractual commitments, or other lawful safeguards appropriate to the transfer and the applicable law.

11. Children's data

Our service is intended for business use and is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children in violation of applicable law. If we learn that we collected personal data from a minor, we will delete it promptly.

12. Security measures

  • HTTPS/TLS encryption in transit.
  • Encryption at rest where supported by our infrastructure providers.
  • Tenant-isolated data architecture and access boundaries.
  • Role-based access controls.
  • Regular security reviews.
  • Secure authentication and operational access controls.

13. Effective date and updates

Effective date: 2026-04-18. Last updated: 2026-04-18.

We may update this Privacy Policy from time to time. Material changes may be notified by email or dashboard notice before they take effect.

Contact and identity details

For privacy, legal, or public-contact requests relating to Wesal, use the official business identity details below.

Official address

Next to Al-Mogtama'a Faculty, Sarif, Shuaob, Sana'a, Yemen

بجوار كلية المجتمع، صرف، شعوب، صنعاء، اليمن

Contact channels

admin@wesal.one+967 775 324 950
WhatsApp